ansible/xoxys.matrix
1
0
Fork 0
Code Issues Pull Requests Releases Activity

initial commit

Browse Source
This commit is contained in:
Robert Kaussow 2019-01-18 14:52:23 +01:00
parent 59158e48e0
commit dfe1c69729
13 changed files with 423 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
.drone.yml Normal file
View File

@ -0,0 +1,22 @@
---
kind: pipeline
name: default
steps:
- name: ansible-latest
image: python:2.7
pull: always
commands:
- pip install ansible ansible-later -q
- git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy
- git ls-files *[^LICENSE,.md] | xargs ansible-later -c ~/policy/config.ini
depends_on: [ clone ]
- name: ansible-master
image: python:2.7
pull: always
commands:
- pip install ansible ansible-later -q
- git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy
- git ls-files *[^LICENSE,.md] | xargs ansible-later -c ~/policy/config.ini
depends_on: [ clone ]

98
defaults/main.yml Normal file
View File

@ -0,0 +1,98 @@
---
matrix_version: 0.34.1.1
matrix_user: matrix
matrix_user_home: "/home/{{ matrix_user }}"
# matrix_uid: # defaults to not set
matrix_group: "{{ matrix_user }}"
# matrix_gid: # defaults to not set
matrix_extra_groups: []
# Ensure EPEL repo is available at this server
matrix_dependencies:
- "@Development tools"
- libtiff-devel
- libjpeg-devel
- libzip-devel
- freetype-devel
- lcms2-devel
- libwebp-devel
- tcl-devel
- tk-devel
- redhat-rpm-config
- python-virtualenv
- libffi-devel
- openssl-devel
- postgresql-devel
- libpqxx-devel.x86_64
# Create separate LVM storage for matrix
matrix_lvm_enabled: False
# This variables are only necessary if matrix_lvm_enabled is 'True'
# Set physical volumes to use in LVM
# matrix_lvm_pvs: # ['/dev/sdb', '/dev/sdc']
# matrix_lvm_vg: # "vg_matrix"
# matrix_lvm_lv: # "lv_matrix"
# matrix_lvm_fstype: # ext4
# matrix_lvm_size: # "50G"
matrix_base_dir: "/opt/matrix"
matrix_conf_dir: "{{ matrix_base_dir }}/config"
matrix_base_url: http://localhost
matrix_bind_ip: 127.0.0.1
matrix_bind_port: 3000
matrix_postgres_enabled: False
matrix_postgres_tls_enabled: False
matrix_postgres_server: postgres.example.com
matrix_postgres_port: 5432
matrix_postgres_superuser: postgres
matrix_postgres_password: secure
matrix_postgres_db:
name: matrix
lc_collate: en_US.UTF-8
lc_ctype: en_US.UTF-8'
encoding: UTF-8
template: template0
login_host: localhost
login_user: "{{ matrix_postgres_superuser }}"
login_password: "{{ matrix_postgres_password }}"
# login_unix_socket: # defaults to not set
port: "{{ matrix_postgres_port }}"
# owner: # defaults to not set
state: present
matrix_postgres_user:
name: pgmatrix
password: matrix
encrypted: 'yes'
# priv: # defaults to not set
# role_attr_flags: # defaults to not set
db: "{{ matrix_postgres_db.name }}"
login_host: localhost
login_user: "{{ matrix_postgres_superuser }}"
login_password: "{{ matrix_postgres_password }}"
# login_unix_socket: # defaults to not set
port: "{{ matrix_postgres_port }}"
state: present
matrix_iptables_enabled: False
matrix_open_ports:
- name: allow_matrix_web
rules: |
-A INPUT -m state --state NEW -p tcp --dport {{ matrix_bind_port }} -j ACCEPT
state: present
matrix_tls_cert_source: mycert.pem
matrix_tls_key_source: mykey.pem
matrix_nginx_vhost_enabled: False
matrix_nginx_server: localhost
matrix_nginx_vhost_dir: /etc/nginx/sites-available
matrix_nginx_vhost_symlink: /etc/nginx/sites-enabled
matrix_nginx_iptables_enabled: False
matrix_nginx_tls_enabled: False
matrix_nginx_tls_cert_file: matrix-cert.pem
matrix_nginx_tls_key_file: matrix-key.pem

19
handlers/main.yml Normal file
View File

@ -0,0 +1,19 @@
---
- name: Restart rocketchat service
systemd:
name: rocketchat
state: restarted
daemon_reload: yes
enabled: yes
listen: __rocketchat_restart
become: True
become_user: root
- name: Reload nginx
systemd:
state: reloaded
name: nginx
listen: __nginx_reload
delegate_to: "{{ rocketchat_nginx_server }}"
become: True
become_user: root

13
meta/main.yml Normal file
View File

@ -0,0 +1,13 @@
# Standards: 0.1
---
galaxy_info:
author: Robert Kaussow
description:
license: Robert Kaussow
min_ansible_version: 2.6
platforms:
- name: EL
versions:
- 7
galaxy_tags:
dependencies: []

61
tasks/install.yml Normal file
View File

@ -0,0 +1,61 @@
---
- name: Prepare base folders
file:
path: "{{ item }}"
state: directory
owner: "{{ matrix_user }}"
group: "{{ matrix_user }}"
mode: 0750
loop:
- "{{ matrix_base_dir }}"
- "{{ matrix_conf_dir }}"
become: True
become_user: root
- block:
- name: Upgrade python dependencies
pip:
name: "{{ item }}"
virtualenv: "{{ matrix_base_dir }}/env"
virtualenv_command: virtualenv
extra_args: --upgrade
loop:
- pip
- setuptools
- psycopg2
- name: Install with pip and virtualenv
pip:
name: synapse
version: "{{ matrix_version }}"
virtualenv: "{{ matrix_base_dir }}/env"
virtualenv_command: virtualenv
- name: Copy global config files
template:
src: "opt/matrix/config/homeserver.yml.j2"
dest: "{{ matrix_conf_dir }}/homeserver.yml"
notify: __matrix_restart
become: True
become_user: "{{ matrix_user }}"
- block:
- name: Copy systemd unit file
template:
src: "etc/systemd/system/matrix.service.j2"
dest: "/etc/systemd/system/matrix.service"
notify: __matrix_restart
- name: Open ports in iptables
iptables_raw:
name: "{{ item.name }}"
rules: "{{ item.rules }}"
state: "{{ item.state }}"
weight: "{{ item.weight | default(omit) }}"
table: "{{ item.table | default(omit) }}"
with_items: "{{ matrix_open_ports }}"
loop_control:
label: "{{ item.name }}"
when: matrix_iptables_enabled
become: True
become_user: root

8
tasks/main.yml Normal file
View File

@ -0,0 +1,8 @@
---
- include_tasks: prepare.yml
- import_tasks: storage.yml
when: matrix_lvm_enabled
- include_tasks: install.yml
- import_tasks: nginx.yml
when: matrix_nginx_vhost_enabled
- include_tasks: post_tasks.yml

48
tasks/nginx.yml Normal file
View File

@ -0,0 +1,48 @@
---
- block:
- name: Copy certs and private key to nginx proxy
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
with_items:
- { src: "{{ matrix_tls_key_source }}", dest: '/etc/pki/tls/private/{{ matrix_nginx_tls_key_file }}', mode: '0600' }
- { src: "{{ matrix_tls_cert_source }}", dest: '/etc/pki/tls/certs/{{ matrix_nginx_tls_cert_file }}', mode: '0750' }
loop_control:
label: "{{ item.dest }}"
notify: __nginx_reload
delegate_to: "{{ matrix_nginx_server }}"
when: matrix_nginx_tls_enabled
become: True
become_user: root
tags: tls_renewal
- block:
- name: Add vhost configuration file
template:
src: nginx/vhost.j2
dest: "{{ matrix_nginx_vhost_dir }}/matrix"
owner: root
group: root
mode: 0640
notify: __nginx_reload
- name: Enable matrix vhost
file:
src: "{{ matrix_nginx_vhost_dir }}/matrix"
dest: "{{ matrix_nginx_vhost_symlink }}/matrix"
owner: root
group: root
state: link
notify: __nginx_reload
when: matrix_nginx_vhost_symlink is defined
- name: Open ports in iptables
iptables_raw:
name: allow_matrix_nginx_proxy
state: present
rules: '-A OUTPUT -m state --state NEW -p tcp -d {{ matrix_bind_ip }} --dport {{ matrix_bind_port }} -j ACCEPT'
when: matrix_nginx_iptables_enabled
delegate_to: "{{ matrix_nginx_server }}"
become: True
become_user: root

9
tasks/post_tasks.yml Normal file
View File

@ -0,0 +1,9 @@
---
- name: Ensure matrix service is up and running
systemd:
state: started
daemon_reload: yes
enabled: yes
name: matrix
become: True
become_user: root

60
tasks/prepare.yml Normal file
View File

@ -0,0 +1,60 @@
---
- block:
- name: Create group '{{ matrix_group }}'
group:
name: "{{ matrix_group }}"
state: present
gid: "{{ matrix_gid | default(omit) }}"
- name: Create user '{{ matrix_user }}'
user:
comment: matrix
name: "{{ matrix_user }}"
home: "{{ matrix_user_home }}"
uid: "{{ matrix_uid | default(omit) }}"
group: "{{ matrix_group }}"
groups: "{{ matrix_extra_groups | join(',') }}"
- name: Install dependencies
package:
name: "{{ item }}"
state: present
loop: "{{ matrix_dependencies }}"
become: True
become_user: root
- block:
- name: Setup postgres db '{{ matrix_postgres_db.name }}'
postgresql_db:
name: "{{ matrix_postgres_db.name }}"
lc_collate: "{{ matrix_postgres_db.lc_collate | default('en_US.UTF-8') }}"
lc_ctype: "{{ matrix_postgres_db.lc_ctype | default('en_US.UTF-8') }}"
encoding: "{{ matrix_postgres_db.encoding | default('UTF-8') }}"
template: "{{ matrix_postgres_db.template | default('template0') }}"
login_host: "{{ matrix_postgres_db.login_host | default('localhost') }}"
login_password: "{{ matrix_postgres_db.login_password | default(omit) }}"
login_user: "{{ matrix_postgres_db.login_user | default(postgresql_user) }}"
login_unix_socket: "{{ matrix_postgres_db.login_unix_socket | default(omit) }}"
port: "{{ matrix_postgres_db.port | default(omit) }}"
owner: "{{ matrix_postgres_db.owner | default(omit) }}"
state: "{{ matrix_postgres_db.state | default('present') }}"
no_log: True
when: matrix_postgres_db is defined
- name: Setup postgres user '{{ matrix_postgres_user.name }}'
postgresql_user:
name: "{{ matrix_postgres_user.name }}"
password: "{{ 'md5' + (matrix_postgres_user.password + matrix_postgres_user.name) | hash('md5') }}"
encrypted: "{{ matrix_postgres_user.encrypted | default('yes') }}"
priv: "{{ matrix_postgres_user.priv | default(omit) }}"
role_attr_flags: "{{ matrix_postgres_user.role_attr_flags | default(omit) }}"
db: "{{ matrix_postgres_user.db | default(omit) }}"
login_host: "{{ matrix_postgres_user.login_host | default('localhost') }}"
login_password: "{{ matrix_postgres_user.login_password | default(omit) }}"
login_user: "{{ matrix_postgres_user.login_user | default(omit) }}"
login_unix_socket: "{{ matrix_postgres_user.login_unix_socket | default(omit) }}"
port: "{{ matrix_postgres_user.port | default(omit) }}"
state: "{{ matrix_postgres_user.state | default('present') }}"
no_log: True
when: matrix_postgres_user is defined
delegate_to: "{{ matrix_postgres_server }}"

27
tasks/storage.yml Normal file
View File

@ -0,0 +1,27 @@
---
- block:
- name: Create volume group '{{ matrix_lvm_vg }}'
lvg:
vg: "{{ matrix_lvm_vg }}"
pvs: "{{ matrix_lvm_pvs | join(',') }}"
- name: Create logical volume '{{ matrix_lvm_lv }}'
lvol:
vg: "{{ matrix_lvm_vg }}"
lv: "{{ matrix_lvm_lv }}"
size: "{{ matrix_lvm_size }}"
- name: Create filesystem for '/dev/mapper/{{ matrix_lvm_vg }}-{{ matrix_lvm_lv }}'
filesystem:
fstype: "{{ matrix_lvm_fstype }}"
dev: "/dev/mapper/{{ matrix_lvm_vg }}-{{ matrix_lvm_lv }}"
resizefs: True
- name: Mount volume to '{{ matrix_base_dir }}'
mount:
path: "{{ matrix_base_dir }}"
src: "/dev/mapper/{{ matrix_lvm_vg }}-{{ matrix_lvm_lv }}"
fstype: "{{ matrix_lvm_fstype }}"
state: mounted
become: True
become_user: root

19
templates/etc/systemd/system/matrix.service.j2 Normal file
View File

@ -0,0 +1,19 @@
#jinja2: lstrip_blocks: True
## {{ ansible_managed }}
[Unit]
Description=Matrix Synapse service
After=network.target
[Service]
Type=forking
WorkingDirectory=/opt/synapse/
ExecStart=/opt/synapse/bin/synctl start
ExecStop=/opt/synapse/bin/synctl stop
ExecReload=/opt/synapse/bin/synctl restart
Restart=always
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=synapse
[Install]
WantedBy=multi-user.target

38
templates/nginx/vhost.j2 Normal file
View File

@ -0,0 +1,38 @@
#jinja2: lstrip_blocks: True
# {{ ansible_managed }}
upstream backend_matrix {
server {{ matrix_bind_ip }}:{{ matrix_bind_port }};
}
server {
listen 80;
server_name {{ matrix_base_url | urlsplit('hostname') }};
client_max_body_size 200M;
{% if matrix_nginx_tls_enabled %}
return 301 https://$server_name$request_uri;
{% else %}
location / {
proxy_pass http://backend_matrix;
proxy_set_header X-Forwarded-For $remote_addr;
}
{% endif %}
}
{% if matrix_nginx_tls_enabled %}
server {
listen 443 ssl;
server_name {{ matrix_base_url | urlsplit('hostname') }};
client_max_body_size 200M;
location / {
proxy_pass http://backend_matrix;
proxy_set_header X-Forwarded-For $remote_addr;
}
ssl_certificate /etc/pki/tls/certs/{{ matrix_nginx_tls_cert_file }};
ssl_certificate_key /etc/pki/tls/private/{{ matrix_nginx_tls_key_file }};
}
{% endif %}

1
templates/opt/matrix/config/homeserver.yml.j2 Normal file
View File

@ -0,0 +1 @@
---