ansible
/
xoxys.matrix
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: ansible:main
Branches Tags
ansible:main
ansible:docs
...
pull from: ansible:docs
Branches Tags
ansible:main
ansible:docs

No commits in common. "main" and "docs" have entirely different histories.
main ... docs

19 changed files with 593 additions and 965 deletions
Show Stats Expand all files Collapse all files

155
.drone.jsonnet
View File

@ -1,155 +0,0 @@
local PipelineLinting = {
kind: 'pipeline',
name: 'linting',
platform: {
os: 'linux',
arch: 'amd64',
},
steps: [
{
name: 'ansible-later',
image: 'thegeeklab/ansible-later',
commands: [
'ansible-later',
],
},
{
name: 'python-format',
image: 'python:3.11',
environment: {
PY_COLORS: 1,
},
commands: [
'pip install -qq yapf',
'[ -z "$(find . -type f -name *.py)" ] || (yapf -rd ./)',
],
},
{
name: 'python-flake8',
image: 'python:3.11',
environment: {
PY_COLORS: 1,
},
commands: [
'pip install -qq flake8',
'flake8',
],
},
],
trigger: {
ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
},
};
local PipelineDeployment(scenario='centos7') = {
kind: 'pipeline',
name: 'testing-' + scenario,
platform: {
os: 'linux',
arch: 'amd64',
},
concurrency: {
limit: 1,
},
workspace: {
base: '/drone/src',
path: '${DRONE_REPO_NAME}',
},
steps: [
{
name: 'ansible-molecule',
image: 'thegeeklab/molecule:4',
environment: {
HCLOUD_TOKEN: { from_secret: 'hcloud_token' },
},
commands: [
'molecule test -s ' + scenario,
],
},
],
trigger: {
ref: ['refs/heads/main', 'refs/tags/**'],
},
};
local PipelineDocumentation = {
kind: 'pipeline',
name: 'documentation',
platform: {
os: 'linux',
arch: 'amd64',
},
steps: [
{
name: 'generate',
image: 'thegeeklab/ansible-doctor',
environment: {
ANSIBLE_DOCTOR_LOG_LEVEL: 'INFO',
ANSIBLE_DOCTOR_FORCE_OVERWRITE: true,
ANSIBLE_DOCTOR_EXCLUDE_FILES: 'molecule/',
ANSIBLE_DOCTOR_TEMPLATE: 'hugo-book',
ANSIBLE_DOCTOR_ROLE_NAME: '${DRONE_REPO_NAME#*.}',
ANSIBLE_DOCTOR_OUTPUT_DIR: '_docs/',
},
},
{
name: 'publish',
image: 'plugins/gh-pages',
settings: {
remote_url: 'https://gitea.rknet.org/ansible/${DRONE_REPO_NAME}',
netrc_machine: 'gitea.rknet.org',
username: { from_secret: 'gitea_username' },
password: { from_secret: 'gitea_token' },
pages_directory: '_docs/',
target_branch: 'docs',
},
when: {
ref: ['refs/heads/main'],
},
},
],
depends_on: [
'linting',
],
trigger: {
ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
},
};
local PipelineNotification = {
kind: 'pipeline',
name: 'notification',
platform: {
os: 'linux',
arch: 'amd64',
},
clone: {
disable: true,
},
steps: [
{
name: 'matrix',
image: 'thegeeklab/drone-matrix',
settings: {
homeserver: { from_secret: 'matrix_homeserver' },
roomid: { from_secret: 'matrix_roomid' },
template: 'Status: **{{ .Build.Status }}**<br/> Build: [{{ .Repo.Owner }}/{{ .Repo.Name }}]({{ .Build.Link }}){{ if .Build.Branch }} ({{ .Build.Branch }}){{ end }} by {{ .Commit.Author }}<br/> Message: {{ .Commit.Message.Title }}',
username: { from_secret: 'matrix_username' },
password: { from_secret: 'matrix_password' },
},
},
],
depends_on: [
'documentation',
],
trigger: {
status: ['success', 'failure'],
ref: ['refs/heads/main', 'refs/tags/**'],
},
};
[
PipelineLinting,
PipelineDocumentation,
PipelineNotification,
]

120
.drone.yml
View File

@ -1,120 +0,0 @@
---
kind: pipeline
name: linting
platform:
os: linux
arch: amd64
steps:
- name: ansible-later
image: thegeeklab/ansible-later
commands:
- ansible-later
- name: python-format
image: python:3.11
commands:
- pip install -qq yapf
- "[ -z \"$(find . -type f -name *.py)\" ] || (yapf -rd ./)"
environment:
PY_COLORS: 1
- name: python-flake8
image: python:3.11
commands:
- pip install -qq flake8
- flake8
environment:
PY_COLORS: 1
trigger:
ref:
- refs/heads/main
- refs/tags/**
- refs/pull/**
---
kind: pipeline
name: documentation
platform:
os: linux
arch: amd64
steps:
- name: generate
image: thegeeklab/ansible-doctor
environment:
ANSIBLE_DOCTOR_EXCLUDE_FILES: molecule/
ANSIBLE_DOCTOR_FORCE_OVERWRITE: true
ANSIBLE_DOCTOR_LOG_LEVEL: INFO
ANSIBLE_DOCTOR_OUTPUT_DIR: _docs/
ANSIBLE_DOCTOR_ROLE_NAME: ${DRONE_REPO_NAME#*.}
ANSIBLE_DOCTOR_TEMPLATE: hugo-book
- name: publish
image: plugins/gh-pages
settings:
netrc_machine: gitea.rknet.org
pages_directory: _docs/
password:
from_secret: gitea_token
remote_url: https://gitea.rknet.org/ansible/${DRONE_REPO_NAME}
target_branch: docs
username:
from_secret: gitea_username
when:
ref:
- refs/heads/main
trigger:
ref:
- refs/heads/main
- refs/tags/**
- refs/pull/**
depends_on:
- linting
---
kind: pipeline
name: notification
platform:
os: linux
arch: amd64
clone:
disable: true
steps:
- name: matrix
image: thegeeklab/drone-matrix
settings:
homeserver:
from_secret: matrix_homeserver
password:
from_secret: matrix_password
roomid:
from_secret: matrix_roomid
template: "Status: **{{ .Build.Status }}**<br/> Build: [{{ .Repo.Owner }}/{{ .Repo.Name }}]({{ .Build.Link }}){{ if .Build.Branch }} ({{ .Build.Branch }}){{ end }} by {{ .Commit.Author }}<br/> Message: {{ .Commit.Message.Title }}"
username:
from_secret: matrix_username
trigger:
ref:
- refs/heads/main
- refs/tags/**
status:
- success
- failure
depends_on:
- documentation
---
kind: signature
hmac: 2d807141327f24eac8c6cbe9a09c51209acc102b6ce927a13a968e8bec0bba15
...

13
.gitignore vendored
View File

@ -1,13 +0,0 @@
# ---> Ansible
*.retry
filter/plugins/
library
# ---> Python
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class
# ---> Docs
/_docs

19
.later.yml
View File

@ -1,19 +0,0 @@
---
ansible:
custom_modules:
- iptables_raw
- openssl_pkcs12
- proxmox_kvm
- ucr
- corenetworks_dns
- corenetworks_token
rules:
exclude_files:
- molecule/
- "LICENSE*"
- "**/*.md"
- "**/*.ini"
exclude_filter:
- LINT0009

21
LICENSE
View File

@ -1,21 +0,0 @@
MIT License
Copyright (c) 2022 Robert Kaussow <mail@thegeeklab.de>
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is furnished
to do so, subject to the following conditions:
The above copyright notice and this permission notice (including the next
paragraph) shall be included in all copies or substantial portions of the
Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS
OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

12
README.md
View File

@ -1,12 +0,0 @@
# xoxys.matrix
[![Build Status](https://img.shields.io/drone/build/ansible/xoxys.matrix?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.matrix)
[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
Setup a [matrix-synapse](https://github.com/matrix-org/synapse) chat server. Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP.
You can find the full documentation at [https://galaxy.geekdocs.de](https://galaxy.geekdocs.de/roles/cloud/matrix/).
## License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.

139
defaults/main.yml
View File

@ -1,139 +0,0 @@
---
matrix_version: "1.52.0"
matrix_virtualenv_command: /usr/bin/python3 -m venv
matrix_virtualenv: "{{ matrix_base_dir }}/env"
matrix_user: matrix
matrix_user_home: "/home/{{ matrix_user }}"
matrix_group: "{{ matrix_user }}"
matrix_extra_groups: []
# @var matrix_packages:description: Ensure EPEL repo is available at this server
matrix_packages:
- "@Development tools"
- libtiff-devel
- libjpeg-devel
- libzip-devel
- freetype-devel
- lcms2-devel
- libwebp-devel
- tcl-devel
- tk-devel
- redhat-rpm-config
- libffi-devel
- openssl-devel
matrix_packages_extra: []
matrix_base_dir: "/opt/matrix"
matrix_conf_dir: "{{ matrix_base_dir }}/config"
matrix_data_dir: "{{ matrix_base_dir }}/data"
matrix_log_dir: "{{ matrix_base_dir }}/log"
matrix_log_root_level: INFO
matrix_log_synapse_level: INFO
matrix_log_synapse_sql_level: INFO
matrix_log_ldap_level: INFO
matrix_log_ldap_auth_level: INFO
matrix_restart_policy: "on-failure"
matrix_server_url: example.com
matrix_client_url: https://matrix.example.com
matrix_web_client_location: /path/to/web/root
matrix_filter_timeline_limit: -1
matrix_http_bind_addresses:
- "127.0.0.1"
matrix_http_bind_port: 8008
matrix_https_bind_addresses: []
matrix_https_bind_port: 8448
matrix_ldap_auth_enabled: False
matrix_ldap_auth_server: ldaps://ldap.example.com:636
matrix_ldap_auth_use_starttls: "false"
matrix_ldap_auth_basedn: "ou=users,dc=example,dc=com"
matrix_ldap_auth_uid_attr: "uid"
matrix_ldap_auth_mail_attr: "email"
matrix_ldap_auth_name_attr: "cn"
# matrix_ldap_auth_binddn: uid=myuser,ou=users,dc=example,dc=com # defaults to not set
# matrix_ldap_auth_bind_password: # defaults to not set
# matrix_ldap_auth_filter: (objectClass=posixAccount) # defaults to not set
# @var matrix_db_type:description: Sopported values are `pgsql` and `sqlite`.
matrix_db_type: pgsql
matrix_db_txn_limit: 0
matrix_db_server: localhost
matrix_db_port: 5432
matrix_db_name: matrix
matrix_db_user: pgmatrix
matrix_db_password: secure
matrix_db_ssl_mode: disable
matrix_db_ssl_root_cert: /etc/pki/tls/certs/ca-bundle.trust.crt
matrix_presence_enabled: False
matrix_default_room_version: "6"
matrix_event_cache_size: "100K"
matrix_caches_global_factor: 0.5
matrix_suppress_key_server_warning: False
matrix_url_preview_enabled: False
# List of IP address CIDR ranges that the URL preview spider is denied
# from accessing. You should specify any internal services in your
# network that you do not want synapse to try to connect to, otherwise
# anyone in any Matrix room could cause your synapse to issue arbitrary
# GET requests to your internal services, causing serious security issues.
# matrix_url_preview_ip_blacklist: # defaults to not set
# - '127.0.0.0/8'
# - '10.0.0.0/8'
# - '172.16.0.0/12'
# - '192.168.0.0/16'
# - '100.64.0.0/10'
# - '169.254.0.0/16'
# - '::1/128'
# - 'fe80::/64'
# - 'fc00::/7'
# Optional list of URL matches that the URL preview spider is
# denied from accessing.
# https://docs.python.org/2/library/urlparse.html#urlparse.urlsplit
# matrix_url_preview_url_blacklist:
# - netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'
# - netloc: '^([A-f0-9:]+:+)+[A-f0-9]+$'
matrix_url_preview_max_spider_size: 10M
# @var matrix_rc_login_address:description: >
# Ratelimiting settings for login requests based on the client's IP address.
# @end
# @var matrix_rc_login_address: >
# matrix_rc_login_address:
# per_second: 0.17
# burst_count: 3
# @var
# @var matrix_rc_login_account:description: >
# Ratelimiting settings for login requests based on the account the
# client is attempting to log into.
# @end
# @var matrix_rc_login_account: >
# matrix_rc_login_account:
# per_second: 0.17
# burst_count: 3
# @var
matrix_macaroon_secret_key: "jr;vhMlW=+U8pwBhVE^=6.,M94Gcyg_07Z-nNAsgj4ZZ:ew:HV"
matrix_form_secret: "oFP3m&,r^wJ=Tr#=Ruww5+h0e;-DZqcuVGXV4XgRZIAt~Gv2YF"
# @var matrix_signing_key: $ "_unset_"
matrix_tls_enabled: False
matrix_tls_cert_path: "{{ matrix_base_dir }}/tls/certs/mycert.pem"
matrix_tls_key_path: "{{ matrix_base_dir }}/tls/private/mykey.pem"
matrix_tls_cert_source: mycert.pem
matrix_tls_key_source: mykey.pem

10
handlers/main.yml
View File

@ -1,10 +0,0 @@
---
- name: Restart service
service:
name: matrix
state: restarted
daemon_reload: yes
enabled: yes
listen: __matrix_restart
become: True
become_user: root

593
index.md Normal file
View File

@ -0,0 +1,593 @@
---
title: matrix
type: docs
---
[![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.matrix) [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.matrix?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.matrix) [![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/ansible/xoxys.matrix/src/branch/main/LICENSE)
Setup a [matrix-synapse](https://github.com/matrix-org/synapse) chat server. Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP.
<!--more-->
- [Default Variables](#default-variables)
- [matrix_base_dir](#matrix_base_dir)
- [matrix_caches_global_factor](#matrix_caches_global_factor)
- [matrix_client_url](#matrix_client_url)
- [matrix_conf_dir](#matrix_conf_dir)
- [matrix_data_dir](#matrix_data_dir)
- [matrix_db_name](#matrix_db_name)
- [matrix_db_password](#matrix_db_password)
- [matrix_db_port](#matrix_db_port)
- [matrix_db_server](#matrix_db_server)
- [matrix_db_ssl_mode](#matrix_db_ssl_mode)
- [matrix_db_ssl_root_cert](#matrix_db_ssl_root_cert)
- [matrix_db_txn_limit](#matrix_db_txn_limit)
- [matrix_db_type](#matrix_db_type)
- [matrix_db_user](#matrix_db_user)
- [matrix_default_room_version](#matrix_default_room_version)
- [matrix_event_cache_size](#matrix_event_cache_size)
- [matrix_extra_groups](#matrix_extra_groups)
- [matrix_filter_timeline_limit](#matrix_filter_timeline_limit)
- [matrix_form_secret](#matrix_form_secret)
- [matrix_group](#matrix_group)
- [matrix_http_bind_addresses](#matrix_http_bind_addresses)
- [matrix_http_bind_port](#matrix_http_bind_port)
- [matrix_https_bind_addresses](#matrix_https_bind_addresses)
- [matrix_https_bind_port](#matrix_https_bind_port)
- [matrix_ldap_auth_basedn](#matrix_ldap_auth_basedn)
- [matrix_ldap_auth_enabled](#matrix_ldap_auth_enabled)
- [matrix_ldap_auth_mail_attr](#matrix_ldap_auth_mail_attr)
- [matrix_ldap_auth_name_attr](#matrix_ldap_auth_name_attr)
- [matrix_ldap_auth_server](#matrix_ldap_auth_server)
- [matrix_ldap_auth_uid_attr](#matrix_ldap_auth_uid_attr)
- [matrix_ldap_auth_use_starttls](#matrix_ldap_auth_use_starttls)
- [matrix_log_dir](#matrix_log_dir)
- [matrix_log_ldap_auth_level](#matrix_log_ldap_auth_level)
- [matrix_log_ldap_level](#matrix_log_ldap_level)
- [matrix_log_root_level](#matrix_log_root_level)
- [matrix_log_synapse_level](#matrix_log_synapse_level)
- [matrix_log_synapse_sql_level](#matrix_log_synapse_sql_level)
- [matrix_macaroon_secret_key](#matrix_macaroon_secret_key)
- [matrix_packages](#matrix_packages)
- [matrix_packages_extra](#matrix_packages_extra)
- [matrix_presence_enabled](#matrix_presence_enabled)
- [matrix_rc_login_account](#matrix_rc_login_account)
- [matrix_rc_login_address](#matrix_rc_login_address)
- [matrix_restart_policy](#matrix_restart_policy)
- [matrix_server_url](#matrix_server_url)
- [matrix_signing_key](#matrix_signing_key)
- [matrix_suppress_key_server_warning](#matrix_suppress_key_server_warning)
- [matrix_tls_cert_path](#matrix_tls_cert_path)
- [matrix_tls_cert_source](#matrix_tls_cert_source)
- [matrix_tls_enabled](#matrix_tls_enabled)
- [matrix_tls_key_path](#matrix_tls_key_path)
- [matrix_tls_key_source](#matrix_tls_key_source)
- [matrix_url_preview_enabled](#matrix_url_preview_enabled)
- [matrix_url_preview_max_spider_size](#matrix_url_preview_max_spider_size)
- [matrix_user](#matrix_user)
- [matrix_user_home](#matrix_user_home)
- [matrix_version](#matrix_version)
- [matrix_virtualenv](#matrix_virtualenv)
- [matrix_virtualenv_command](#matrix_virtualenv_command)
- [matrix_web_client_location](#matrix_web_client_location)
- [Discovered Tags](#discovered-tags)
- [Dependencies](#dependencies)
---
## Default Variables
### matrix_base_dir
#### Default value
```YAML
matrix_base_dir: /opt/matrix
```
### matrix_caches_global_factor
#### Default value
```YAML
matrix_caches_global_factor: 0.5
```
### matrix_client_url
#### Default value
```YAML
matrix_client_url: https://matrix.example.com
```
### matrix_conf_dir
#### Default value
```YAML
matrix_conf_dir: '{{ matrix_base_dir }}/config'
```
### matrix_data_dir
#### Default value
```YAML
matrix_data_dir: '{{ matrix_base_dir }}/data'
```
### matrix_db_name
#### Default value
```YAML
matrix_db_name: matrix
```
### matrix_db_password
#### Default value
```YAML
matrix_db_password: secure
```
### matrix_db_port
#### Default value
```YAML
matrix_db_port: 5432
```
### matrix_db_server
#### Default value
```YAML
matrix_db_server: localhost
```
### matrix_db_ssl_mode
#### Default value
```YAML
matrix_db_ssl_mode: disable
```
### matrix_db_ssl_root_cert
#### Default value
```YAML
matrix_db_ssl_root_cert: /etc/pki/tls/certs/ca-bundle.trust.crt
```
### matrix_db_txn_limit
#### Default value
```YAML
matrix_db_txn_limit: 0
```
### matrix_db_type
Sopported values are `pgsql` and `sqlite`.
#### Default value
```YAML
matrix_db_type: pgsql
```
### matrix_db_user
#### Default value
```YAML
matrix_db_user: pgmatrix
```
### matrix_default_room_version
#### Default value
```YAML
matrix_default_room_version: '6'
```
### matrix_event_cache_size
#### Default value
```YAML
matrix_event_cache_size: 100K
```
### matrix_extra_groups
#### Default value
```YAML
matrix_extra_groups: []
```
### matrix_filter_timeline_limit
#### Default value
```YAML
matrix_filter_timeline_limit: -1
```
### matrix_form_secret
#### Default value
```YAML
matrix_form_secret: oFP3m&,r^wJ=Tr#=Ruww5+h0e;-DZqcuVGXV4XgRZIAt~Gv2YF
```
### matrix_group
#### Default value
```YAML
matrix_group: '{{ matrix_user }}'
```
### matrix_http_bind_addresses
#### Default value
```YAML
matrix_http_bind_addresses:
- 127.0.0.1
```
### matrix_http_bind_port
#### Default value
```YAML
matrix_http_bind_port: 8008
```
### matrix_https_bind_addresses
#### Default value
```YAML
matrix_https_bind_addresses: []
```
### matrix_https_bind_port
#### Default value
```YAML
matrix_https_bind_port: 8448
```
### matrix_ldap_auth_basedn
#### Default value
```YAML
matrix_ldap_auth_basedn: ou=users,dc=example,dc=com
```
### matrix_ldap_auth_enabled
#### Default value
```YAML
matrix_ldap_auth_enabled: false
```
### matrix_ldap_auth_mail_attr
#### Default value
```YAML
matrix_ldap_auth_mail_attr: email
```
### matrix_ldap_auth_name_attr
#### Default value
```YAML
matrix_ldap_auth_name_attr: cn
```
### matrix_ldap_auth_server
#### Default value
```YAML
matrix_ldap_auth_server: ldaps://ldap.example.com:636
```
### matrix_ldap_auth_uid_attr
#### Default value
```YAML
matrix_ldap_auth_uid_attr: uid
```
### matrix_ldap_auth_use_starttls
#### Default value
```YAML
matrix_ldap_auth_use_starttls: 'false'
```
### matrix_log_dir
#### Default value
```YAML
matrix_log_dir: '{{ matrix_base_dir }}/log'
```
### matrix_log_ldap_auth_level
#### Default value
```YAML
matrix_log_ldap_auth_level: INFO
```
### matrix_log_ldap_level
#### Default value
```YAML
matrix_log_ldap_level: INFO
```
### matrix_log_root_level
#### Default value
```YAML
matrix_log_root_level: INFO
```
### matrix_log_synapse_level
#### Default value
```YAML
matrix_log_synapse_level: INFO
```
### matrix_log_synapse_sql_level
#### Default value
```YAML
matrix_log_synapse_sql_level: INFO
```
### matrix_macaroon_secret_key
#### Default value
```YAML
matrix_macaroon_secret_key: jr;vhMlW=+U8pwBhVE^=6.,M94Gcyg_07Z-nNAsgj4ZZ:ew:HV
```
### matrix_packages
Ensure EPEL repo is available at this server
#### Default value
```YAML
matrix_packages:
- '@Development tools'
- libtiff-devel
- libjpeg-devel
- libzip-devel
- freetype-devel
- lcms2-devel
- libwebp-devel
- tcl-devel
- tk-devel
- redhat-rpm-config
- libffi-devel
- openssl-devel
```
### matrix_packages_extra
#### Default value
```YAML
matrix_packages_extra: []
```
### matrix_presence_enabled
#### Default value
```YAML
matrix_presence_enabled: false
```
### matrix_rc_login_account
Ratelimiting settings for login requests based on the account the client is attempting to log into.
#### Default value
```YAML
matrix_rc_login_account:
per_second: 0.17
burst_count: 3
```
### matrix_rc_login_address
Ratelimiting settings for login requests based on the client's IP address.
#### Default value
```YAML
matrix_rc_login_address:
per_second: 0.17
burst_count: 3
```
### matrix_restart_policy
#### Default value
```YAML
matrix_restart_policy: on-failure
```
### matrix_server_url
#### Default value
```YAML
matrix_server_url: example.com
```
### matrix_signing_key
#### Default value
```YAML
matrix_signing_key: _unset_
```
### matrix_suppress_key_server_warning
#### Default value
```YAML
matrix_suppress_key_server_warning: false
```
### matrix_tls_cert_path
#### Default value
```YAML
matrix_tls_cert_path: '{{ matrix_base_dir }}/tls/certs/mycert.pem'
```
### matrix_tls_cert_source
#### Default value
```YAML
matrix_tls_cert_source: mycert.pem
```
### matrix_tls_enabled
#### Default value
```YAML
matrix_tls_enabled: false
```
### matrix_tls_key_path
#### Default value
```YAML
matrix_tls_key_path: '{{ matrix_base_dir }}/tls/private/mykey.pem'
```
### matrix_tls_key_source
#### Default value
```YAML
matrix_tls_key_source: mykey.pem
```
### matrix_url_preview_enabled
#### Default value
```YAML
matrix_url_preview_enabled: false
```
### matrix_url_preview_max_spider_size
#### Default value
```YAML
matrix_url_preview_max_spider_size: 10M
```
### matrix_user
#### Default value
```YAML
matrix_user: matrix
```
### matrix_user_home
#### Default value
```YAML
matrix_user_home: /home/{{ matrix_user }}
```
### matrix_version
#### Default value
```YAML
matrix_version: 1.52.0
```
### matrix_virtualenv
#### Default value
```YAML
matrix_virtualenv: '{{ matrix_base_dir }}/env'
```
### matrix_virtualenv_command
#### Default value
```YAML
matrix_virtualenv_command: /usr/bin/python3 -m venv
```
### matrix_web_client_location
#### Default value
```YAML
matrix_web_client_location: /path/to/web/root
```
## Discovered Tags
tls_renewal
: &nbsp;
## Dependencies
None.

29
meta/main.yml
View File

@ -1,29 +0,0 @@
# Standards: 0.2
---
galaxy_info:
# @meta author:value: [Robert Kaussow](https://gitea.rknet.org/xoxys)
author: Robert Kaussow <mail@thegeeklab.de>
namespace: xoxys
role_name: matrix
# @meta description: >
# [![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.matrix)
# [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.matrix?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.matrix)
# [![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/ansible/xoxys.matrix/src/branch/main/LICENSE)
#
# Setup a [matrix-synapse](https://github.com/matrix-org/synapse) chat server. Matrix is an
# ambitious new ecosystem for open federated Instant Messaging and VoIP.
# @end
description: Setup a matrix-synapse chat server
license: MIT
min_ansible_version: 2.10
platforms:
- name: EL
versions:
- 7
galaxy_tags:
- matrix
- synapse
- chat
dependencies: []
collections:
- community.general

12
setup.cfg
View File

@ -1,12 +0,0 @@
[flake8]
ignore = D100, D101, D102, D103, D105, D107, E402, W503
max-line-length = 99
inline-quotes = double
exclude = .git,.tox,__pycache__,build,dist,tests,*.pyc,*.egg-info,.cache,.eggs,env*
[yapf]
based_on_style = google
column_limit = 99
dedent_closing_brackets = true
coalesce_brackets = true
split_before_logical_operator = true

76
tasks/install.yml
View File

@ -1,76 +0,0 @@
---
- name: Prepare base folders
file:
path: "{{ item }}"
state: directory
owner: "{{ matrix_user }}"
group: "{{ matrix_user }}"
mode: 0750
loop:
- "{{ matrix_base_dir }}"
- "{{ matrix_conf_dir }}"
- "{{ matrix_data_dir }}"
- "{{ matrix_log_dir }}"
become: True
become_user: root
- block:
- name: Upgrade python dependencies
pip:
name: "{{ item }}"
virtualenv: "{{ matrix_virtualenv }}"
virtualenv_command: "{{ matrix_virtualenv_command }}"
extra_args: --upgrade
loop:
- pip
- setuptools
- name: Install Synapse in virtualenv
pip:
name: matrix-synapse[all]
version: "{{ matrix_version }}"
virtualenv: "{{ matrix_virtualenv }}"
virtualenv_command: "{{ matrix_virtualenv_command }}"
notify: __matrix_restart
- name: Install ldap3 auth provider
pip:
name: "matrix-synapse-ldap3"
virtualenv: "{{ matrix_virtualenv }}"
virtualenv_command: "{{ matrix_virtualenv_command }}"
when: matrix_ldap_auth_enabled | bool
- name: Deploy existing signing key
copy:
content: "{{ matrix_signing_key }}"
dest: "{{ matrix_conf_dir }}/{{ matrix_server_url }}.signing.key"
mode: 0600
when: matrix_signing_key is defined
- name: Create new signing key if not provided
shell: '{{ matrix_virtualenv }}/bin/python -c "from signedjson import key; file = open(''{{ matrix_conf_dir }}/{{ matrix_server_url }}.signing.key'',''w''); key.write_signing_keys(file, [key.generate_signing_key(''first'')]); file.close()"'
args:
creates: "{{ matrix_conf_dir }}/{{ matrix_server_url }}.signing.key"
notify: __matrix_restart
- name: Deploy global config files
template:
src: "opt/matrix/config/{{ item }}.j2"
dest: "{{ matrix_conf_dir }}/{{ item }}"
mode: 0600
loop:
- "homeserver.yml"
- "logging.config"
notify: __matrix_restart
become: True
become_user: "{{ matrix_user }}"
- block:
- name: Deploy systemd unit file
template:
src: "etc/systemd/system/matrix.service.j2"
dest: "/etc/systemd/system/matrix.service"
mode: 0644
notify: __matrix_restart
become: True
become_user: root

7
tasks/main.yml
View File

@ -1,7 +0,0 @@
---
- include_tasks: prepare.yml
- include_tasks: install.yml
- import_tasks: tls.yml
when: matrix_tls_enabled | bool
tags: tls_renewal
- include_tasks: post_tasks.yml

9
tasks/post_tasks.yml
View File

@ -1,9 +0,0 @@
---
- name: Ensure matrix service is up and running
service:
state: started
daemon_reload: yes
enabled: yes
name: matrix
become: True
become_user: root

22
tasks/prepare.yml
View File

@ -1,22 +0,0 @@
---
- block:
- name: Create group '{{ matrix_group }}'
group:
name: "{{ matrix_group }}"
state: present
- name: Create user '{{ matrix_user }}'
user:
comment: matrix
name: "{{ matrix_user }}"
home: "{{ matrix_user_home }}"
group: "{{ matrix_group }}"
groups: "{{ matrix_extra_groups | join(',') }}"
- name: Install dependencies
package:
name: "{{ item }}"
state: present
loop: "{{ matrix_packages_extra + matrix_packages }}"
become: True
become_user: root

33
tasks/tls.yml
View File

@ -1,33 +0,0 @@
---
- block:
- name: Create tls folder structure
file:
path: "{{ item }}"
state: directory
owner: "{{ matrix_user }}"
group: "{{ matrix_group }}"
recurse: True
loop:
- "{{ matrix_tls_cert_path | dirname }}"
- "{{ matrix_tls_key_path | dirname }}"
become: True
become_user: root
- block:
- name: Copy certs and private key
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
loop:
- src: "{{ matrix_tls_key_source }}"
dest: "{{ matrix_tls_key_path }}"
mode: "0600"
- src: "{{ matrix_tls_cert_source }}"
dest: "{{ matrix_tls_cert_path }}"
mode: "0650"
loop_control:
label: "{{ item.dest }}"
notify: __matrix_restart
become: True
become_user: "{{ matrix_user }}"

18
templates/etc/systemd/system/matrix.service.j2
View File

@ -1,18 +0,0 @@
#jinja2: lstrip_blocks: True
{{ ansible_managed | comment }}
[Unit]
Description=Synapse Matrix homeserver
[Service]
Type=simple
Restart={{ matrix_restart_policy }}
User={{ matrix_user }}
Group={{ matrix_group }}
WorkingDirectory={{ matrix_base_dir }}
ExecStart={{ matrix_base_dir }}/env/bin/python -m synapse.app.homeserver --config-path={{ matrix_conf_dir }}/homeserver.yml
SyslogIdentifier=matrix-synapse
[Install]
WantedBy=multi-user.target

223
templates/opt/matrix/config/homeserver.yml.j2
View File

@ -1,223 +0,0 @@
#jinja2: lstrip_blocks: True
{{ ansible_managed | comment }}
## Server ##
server_name: "{{ matrix_server_url }}"
pid_file: /var/run/homeserver.pid
public_baseurl: "{{ matrix_client_url }}"
presence:
enabled: {{ matrix_presence_enabled | bool | lower }}
require_auth_for_profile_requests: false
allow_public_rooms_without_auth: true
allow_public_rooms_over_federation: true
matrix_default_room_version: "{{ matrix_default_room_version }}"
filter_timeline_limit: {{ matrix_filter_timeline_limit }}
block_non_admin_invites: false
enable_search: true
listeners:
{% if matrix_https_bind_addresses is defined and matrix_https_bind_addresses | length > 0 %}
- type: http
port: {{ matrix_https_bind_port }}
bind_addresses:
{{ matrix_https_bind_addresses | to_nice_yaml | indent(6) }}
{% if matrix_tls_enabled %}
tls: true
{% endif %}
x_forwarded: false
resources:
- names: [client, federation]
compress: false
{% endif %}
{% if matrix_http_bind_addresses is defined and matrix_http_bind_addresses | length > 0 %}
- type: http
port: {{ matrix_http_bind_port }}
tls: false
bind_addresses:
{{ matrix_http_bind_addresses | to_nice_yaml | indent(6) }}
x_forwarded: true
resources:
- names: [client, federation]
compress: false
{% endif %}
{% if matrix_tls_enabled %}
## TLS ##
tls_certificate_path: "{{ matrix_tls_cert_path }}"
tls_private_key_path: "{{ matrix_tls_key_path }}"
federation_verify_certificates: true
federation_client_minimum_tls_version: 1.2
federation_certificate_verification_whitelist: []
{% endif %}
## Caching ##
event_cache_size: "{{ matrix_event_cache_size }}"
caches:
global_factor: {{ matrix_caches_global_factor }}
## Database ##
database:
{% if matrix_db_type == "pgsql" %}
name: psycopg2
txn_limit: {{ matrix_db_txn_limit }}
args:
user: {{ matrix_db_user }}
password: {{ matrix_db_password }}
dbname: {{ matrix_db_name }}
host: {{ matrix_db_server }}
port: {{ matrix_db_port }}
sslmode: {{ matrix_db_ssl_mode }}
sslrootcert: {{ matrix_db_ssl_root_cert }}
cp_min: 5
cp_max: 10
{% else %}
name: "sqlite3"
args:
database: "{{ matrix_data_dir }}/homeserver.db"
{% endif %}
## Logging ##
# A yaml python logging config file
log_config: "{{ matrix_conf_dir }}/logging.config"
## Ratelimiting ##
rc_message:
per_second: 0.2
burst_count: 10
rc_registration:
per_second: 0.17
burst_count: 3
rc_login:
address:
per_second: {{ matrix_rc_login_address.per_second | default(0.17) }}
burst_count: {{ matrix_rc_login_address.burst_count | default(3) }}
account:
per_second: {{ matrix_rc_login_account.per_second | default(0.17) }}
burst_count: {{ matrix_rc_login_account.burst_count | default(3) }}
failed_attempts:
per_second: 0.17
burst_count: 3
rc_federation:
window_size: 1000
sleep_limit: 10
sleep_delay: 500
reject_limit: 50
concurrent: 3
## Media Store ##
media_store_path: "{{ matrix_data_dir }}/media_store"
max_upload_size: 10M
max_image_pixels: 32M
dynamic_thumbnails: false
thumbnail_sizes:
- width: 32
height: 32
method: crop
- width: 96
height: 96
method: crop
- width: 320
height: 240
method: scale
- width: 640
height: 480
method: scale
- width: 800
height: 600
method: scale
url_preview_enabled: {{ 'true' if matrix_url_preview_enabled else 'false' }}
{% if matrix_url_preview_ip_blacklist is defined %}
url_preview_ip_range_blacklist:
{{ matrix_url_preview_ip_blacklist | to_nice_yaml | indent(2) }}
{% endif %}
{% if matrix_url_preview_url_blacklist is defined %}
url_preview_url_blacklist:
{{ matrix_url_preview_url_blacklist | to_nice_yaml | indent(2) }}
{% endif %}
max_spider_size: "{{ matrix_url_preview_max_spider_size }}"
## Captcha ##
enable_registration_captcha: false
## Registration ##
enable_registration: false
bcrypt_rounds: 12
allow_guest_access: false
default_identity_server: https://matrix.org
## Metrics ###
enable_metrics: false
report_stats: false
## API Configuration ##
macaroon_secret_key: "{{ matrix_macaroon_secret_key }}"
form_secret: "{{ matrix_form_secret }}"
## Signing Keys ##
signing_key_path: "{{ matrix_conf_dir }}/{{ matrix_server_url }}.signing.key"
key_refresh_interval: 1d
suppress_key_server_warning: {{ matrix_suppress_key_server_warning | bool | lower }}
trusted_key_servers:
- server_name: "matrix.org"
password_config:
enabled: true
{% if matrix_ldap_auth_enabled %}
password_providers:
- module: "ldap_auth_provider.LdapAuthProvider"
config:
enabled: true
uri: "{{ matrix_ldap_auth_server }}"
start_tls: "{{ matrix_ldap_auth_use_starttls }}"
base: "{{ matrix_ldap_auth_basedn }}"
attributes:
uid: "{{ matrix_ldap_auth_uid_attr }}"
mail: "{{ matrix_ldap_auth_mail_attr }}"
name: "{{ matrix_ldap_auth_name_attr }}"
{% if matrix_ldap_auth_binddn is defined %}
bind_dn: "{{ matrix_ldap_auth_binddn }}"
{% endif %}
{% if matrix_ldap_auth_bind_password is defined %}
bind_password: "{{ matrix_ldap_auth_bind_password }}"
{% endif %}
{% if matrix_ldap_auth_filter is defined %}
filter: "{{ matrix_ldap_auth_filter }}"
{% endif %}
{% endif %}
## Rooms ##
enable_group_creation: false
enable_room_list_search: true
alias_creation_rules:
- user_id: "*"
alias: "*"
room_id: "*"
action: allow
room_list_publication_rules:
- user_id: "*"
alias: "*"
room_id: "*"
action: allow
## Opentracing ##
opentracing:
enabled: false

47
templates/opt/matrix/config/logging.config.j2
View File

@ -1,47 +0,0 @@
#jinja2: lstrip_blocks: True
{{ ansible_managed | comment }}
version: 1
formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
filters:
context:
(): synapse.util.logcontext.LoggingContextFilter
request: ""
handlers:
file:
class: logging.handlers.RotatingFileHandler
formatter: precise
filename: {{ matrix_log_dir }}/homeserver.log
maxBytes: 104857600
backupCount: 10
filters: [context]
encoding: utf8
console:
class: logging.StreamHandler
formatter: precise
filters: [context]
loggers:
synapse:
level: {{ matrix_log_synapse_level }}
synapse.storage.SQL:
# beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens.
level: {{ matrix_log_synapse_sql_level }}
{% if matrix_ldap_auth_enabled %}
ldap3:
level: {{ matrix_log_ldap_level }}
ldap_auth_provider:
level: {{ matrix_log_ldap_auth_level }}
{% endif %}
root:
level: {{ matrix_log_root_level }}
handlers: [file, console]