Merge pull request #893 from GoMatrixHosting/master

matrix-awx - the GoMatrixHosting v0.3.0 initial PR
This commit is contained in:
Slavi Pantaleev 2021-03-16 08:40:15 +02:00 committed by GitHub
commit 011e95c1d2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
30 changed files with 1961 additions and 1 deletions

View File

@ -0,0 +1,43 @@
# Configuring AWX System (optional)
An AWX setup for managing multiple Matrix servers.
This section is used in an AWX system that can create and manage multiple [Matrix](http://matrix.org/) servers. You can issue members an AWX login to their own 'organisation', which they can use to manage/configure 1 to N servers.
Members can be assigned a server from Digitalocean, or they can connect their own on-premises server. This script is free to use in a commercial context with the 'MemberPress Plus' and 'WP Oauth Sever' addons. It can also be run in a non-commercial context.
The AWX system is arranged into 'members' each with their own 'subscriptions'. After creating a subscription the user enters the 'provision stage' where they defined the URLs they will use, the servers location and whether or not there's already a website at the base domain. They then proceed onto the 'deploy stage' where they can configure their Matrix server.
Ideally this system can manage the updates, configuration, backups and monitoring on it's own. It is an extension of the popular deploy script [spantaleev/matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy).
Warning: This project is currently alpha quality and should only be run by the brave.
## Other Required Playbooks
The following repositories allow you to copy and use this setup:
[Create AWX System](https://gitlab.com/GoMatrixHosting/create-awx-system) - Creates and configures the AWX system for you.
[Ansible Create Delete Subscription Membership](https://gitlab.com/GoMatrixHosting/ansible-create-delete-subscription-membership) - Used by the AWX system to create memberships and subscriptions.
[Ansible Provision Server](https://gitlab.com/GoMatrixHosting/ansible-provision-server) - Used by AWX members to perform initial configuration of their DigitalOcean or On-Premises server.
## Testing Fork For This Playbook
Updates to this section are trailed here:
[GoMatrixHosting Matrix Docker Ansible Deploy](https://gitlab.com/GoMatrixHosting/gomatrixhosting-matrix-docker-ansible-deploy)
## Does I need an AWX setup to use this? How do I configure it?
Yes, you'll need to configure an AWX instance, the [Create AWX System](https://gitlab.com/GoMatrixHosting/create-awx-system) repository makes it easy to do. Just follow the steps listed in '/docs/Installation.md' of that repository.
## Does I need a front-end WordPress site? And a DigitalOcean account?
You do not need a front-end WordPress site or any of the mentioned WordPress plugins to use this setup. It can be run on it's own in a non-commercial context.
You also don't need a DigitalOcean account, but this will limit you to only being able to connect 'On-Premises' servers.

View File

@ -29,6 +29,22 @@ matrix_homeserver_container_url: "{{ 'http://matrix-nginx-proxy:12080' if matrix
######################################################################
######################################################################
#
# matrix-awx
#
######################################################################
matrix_nginx_proxy_data_path: "{{ '/chroot/website' if (matrix_awx_enabled and not matrix_nginx_proxy_base_domain_homepage_enabled) else (matrix_nginx_proxy_base_path + '/data') }}"
matrix_nginx_proxy_data_path_in_container: "{{ '/nginx-data/matrix-domain' if (matrix_awx_enabled and not matrix_nginx_proxy_base_domain_homepage_enabled) else '/nginx-data' }}"
######################################################################
#
# /matrix-awx
#
######################################################################
######################################################################
#
# matrix-bridge-appservice-discord

View File

@ -0,0 +1,2 @@
matrix_awx_enabled: false

View File

@ -0,0 +1,19 @@
{
"name": "Backup Server",
"description": "",
"spec": [
{
"question_name": "Enable Backup",
"question_description": "Set if remote backup is enabled or not. If enabled a daily backup of your server will be sent to the backup server located in {{ backup_server_location }}.",
"required": true,
"min": null,
"max": null,
"default": "{{ matrix_awx_backup_enabled | string | lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_awx_backup_enabled",
"type": "multiplechoice"
}
]
}

View File

@ -0,0 +1,88 @@
{
"name": "Configure Matrix Corporal",
"description": "",
"spec": [
{
"question_name": "Enable Corporal",
"question_description": "Controls if Matrix Corporal is enabled at all. If you're unsure if you need Matrix Corporal or not, you most likely don't.",
"required": true,
"min": null,
"max": null,
"default": "{{ matrix_corporal_enabled|string|lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_corporal_enabled",
"type": "multiplechoice"
},
{
"question_name": "Corporal Policy Provider",
"question_description": "Controls what provider policy is used with Matrix Corporal.",
"required": true,
"min": null,
"max": null,
"default": "{{ matrix_corporal_policy_provider_mode }}",
"choices": "Simple Static File\nHTTP Pull Mode (API Enabled)\nHTTP Push Mode (API Enabled)",
"new_question": true,
"variable": "matrix_corporal_policy_provider_mode",
"type": "multiplechoice"
},
{
"question_name": "Simple Static File Configuration",
"question_description": "The configuration file for Matrix Corporal, only needed if 'Simple Static File' provider is selected, any configuration entered here will be saved and applied.",
"required": false,
"min": 0,
"max": 65536,
"default": "",
"new_question": true,
"variable": "matrix_corporal_simple_static_config",
"type": "textarea"
},
{
"question_name": "HTTP Pull Mode URI",
"question_description": "The network address to remotely fetch the configuration from. Only needed if 'HTTP Pull Mode (API Enabled)' provider is selected.",
"required": false,
"min": 0,
"max": 4096,
"default": "{{ matrix_corporal_pull_mode_uri }}",
"new_question": true,
"variable": "matrix_corporal_pull_mode_uri",
"type": "text"
},
{
"question_name": "HTTP Pull Mode Authentication Token",
"question_description": "An authentication token for pulling the Corporal configuration from a network location. Only needed if 'HTTP Pull Mode (API Enabled)' provider is selected. WARNING: You must set a strong and unique password here.",
"required": false,
"min": 0,
"max": 256,
"default": "{{ matrix_corporal_pull_mode_token }}",
"choices": "",
"new_question": true,
"variable": "matrix_corporal_pull_mode_token",
"type": "password"
},
{
"question_name": "Corporal API Authentication Token",
"question_description": "An authentication token for interfacing with Corporals API. Only needed to be set if 'HTTP Pull Mode (API Enabled)' or 'HTTP Push Mode (API Enabled)' provider is selected. WARNING: You must set a strong and unique password here.",
"required": false,
"min": 0,
"max": 256,
"default": "{{ matrix_corporal_http_api_auth_token }}",
"choices": "",
"new_question": true,
"variable": "matrix_corporal_http_api_auth_token",
"type": "password"
},
{
"question_name": "Raise Synapse Ratelimits",
"question_description": "For Matrix Corporal to work you will need to temporarily raise the rate limits for logins, please return this value to 'Normal' after you're done using Corporal.",
"required": false,
"min": null,
"max": null,
"default": "{{ matrix_corporal_raise_ratelimits }}",
"choices": "Normal\nRaised",
"new_question": true,
"variable": "matrix_corporal_raise_ratelimits",
"type": "multiplechoice"
}
]
}

View File

@ -0,0 +1,78 @@
{
"name": "",
"description": "",
"spec": [
{
"question_name": "Enable Element-Web",
"question_description": "Set if Element web client is enabled or not.",
"required": true,
"min": null,
"max": null,
"default": "{{ matrix_client_element_enabled }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_client_element_enabled",
"type": "multiplechoice"
},
{
"question_name": "Set Branding for Web Client",
"question_description": "Sets the 'branding' seen in the tab and on the welcome page to a custom value.",
"required": false,
"min": 0,
"max": 256,
"default": "{{ matrix_client_element_brand }}",
"choices": "",
"new_question": true,
"variable": "matrix_client_element_brand",
"type": "text"
},
{
"question_name": "Set Theme for Web Client",
"question_description": "Sets the default theme for the web client, can be changed later by individual users.",
"required": false,
"min": null,
"max": null,
"default": "{{ matrix_client_element_default_theme }}",
"choices": "light\ndark",
"new_question": true,
"variable": "matrix_client_element_default_theme",
"type": "multiplechoice"
},
{
"question_name": "Set Welcome Page Background",
"question_description": "URL to Wallpaper, shown in background of the welcome page. Must be a 'https' link, otherwise it won't be set.",
"required": false,
"min": 0,
"max": 1024,
"default": "{{ matrix_client_element_branding_welcomeBackgroundUrl }}",
"choices": "",
"new_question": true,
"variable": "matrix_client_element_branding_welcomeBackgroundUrl",
"type": "text"
},
{
"question_name": "Show Registration Button",
"question_description": "If you show the registration button on the welcome page.",
"required": false,
"min": null,
"max": null,
"default": "{{ matrix_client_element_registration_enabled }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_client_element_registration_enabled",
"type": "multiplechoice"
},
{
"question_name": "Set Element Subdomain",
"question_description": "Sets the subdomain of the Element web-client, you should only specify the subdomain, not the base domain you've already set. (Eg: 'element' for element.example.org) Note that if you change this value you'll need to reconfigure your DNS.",
"required": false,
"min": 0,
"max": 2048,
"default": "{{ element_subdomain }}",
"choices": "",
"new_question": true,
"variable": "element_subdomain",
"type": "text"
}
]
}

View File

@ -0,0 +1,31 @@
{
"name": "",
"description": "",
"spec": [
{
"question_name": "Enable Jitsi",
"question_description": "Set if Jitsi is enabled or not. If disabled your server will use the https://jitsi.riot.im server. If you're on a smaller server disabling this might increase the performance of your Matrix service.",
"required": false,
"min": null,
"max": null,
"default": "{{ matrix_jitsi_enabled }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_jitsi_enabled",
"type": "multiplechoice"
},
{
"question_name": "Set Default Language",
"question_description": "2 digit 639-1 language code to adjust the language of the web client. For a list of possible codes see: https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes",
"required": false,
"min": 0,
"max": 2,
"default": "{{ matrix_jitsi_web_config_defaultLanguage }}",
"choices": "",
"new_question": true,
"variable": "matrix_jitsi_web_config_defaultLanguage",
"type": "text"
}
]
}

View File

@ -0,0 +1,41 @@
{
"name": "",
"description": "",
"spec": [
{
"question_name": "Enable ma1sd",
"question_description": "Set if ma1sd is enabled or not. If disabled your server will loose identity functionality (not recommended).",
"required": false,
"min": null,
"max": null,
"default": "{{ matrix_ma1sd_enabled|string|lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_ma1sd_enabled",
"type": "multiplechoice"
},
{
"question_name": "ma1sd Authentication Mode",
"question_description": "Set the source of user account authentication credentials with the ma1sd.",
"required": false,
"min": null,
"max": null,
"default": "{{ ext_matrix_ma1sd_auth_store }}",
"choices": "Synapse Internal\nLDAP/AD",
"new_question": true,
"variable": "ext_matrix_ma1sd_auth_store",
"type": "multiplechoice"
},
{
"question_name": "LDAP/AD Configuration",
"question_description": "Settings for connecting LDAP/AD to the ma1sd service. (ignored if using Synapse Internal, see https://github.com/ma1uta/ma1sd/blob/master/docs/stores/README.md )",
"required": false,
"min": 0,
"max": 65536,
"default": {{ ext_matrix_ma1sd_configuration_extension_yaml | to_json }},
"new_question": true,
"variable": "ext_matrix_ma1sd_configuration_extension_yaml",
"type": "textarea"
}
]
}

View File

@ -0,0 +1,198 @@
{
"name": "Configure Synapse",
"description": "",
"spec": [
{
"question_name": "Enable Public Registration",
"question_description": "Controls whether people with access to the homeserver can register by themselves.",
"required": false,
"min": null,
"max": null,
"default": "{{ matrix_synapse_enable_registration|string|lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_synapse_enable_registration",
"type": "multiplechoice"
},
{
"question_name": "Enable Federation",
"question_description": "Controls whether Synapse will federate at all. Disable this to completely isolate your server from the rest of the Matrix network.",
"required": false,
"min": null,
"max": null,
"default": "{{ matrix_synapse_federation_enabled|string|lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_synapse_federation_enabled",
"type": "multiplechoice"
},
{
"question_name": "Allow Public Rooms Over Federation",
"question_description": "Controls whether remote servers can fetch this server's public rooms directory via federation. For private servers, you'll most likely want to forbid this.",
"required": false,
"min": null,
"max": null,
"default": "{{ matrix_synapse_allow_public_rooms_over_federation|string|lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_synapse_allow_public_rooms_over_federation",
"type": "multiplechoice"
},
{
"question_name": "Enable Community Creation",
"question_description": "Allows regular users (who aren't server admins) to create 'communities', which are basically groups of rooms.",
"required": false,
"min": null,
"max": null,
"default": "{{ matrix_synapse_enable_group_creation|string|lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_synapse_enable_group_creation",
"type": "multiplechoice"
},
{
"question_name": "Enable Synapse Presence",
"question_description": "Controls whether presence is enabled. This shows who's online and reading your posts. Disabling it will increase both performance and user privacy.",
"required": false,
"min": null,
"max": null,
"default": "{{ matrix_synapse_use_presence|string|lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_synapse_use_presence",
"type": "multiplechoice"
},
{
"question_name": "Enable URL Previews",
"question_description": "Controls whether URL previews should be generated. This will cause a request from Synapse to URLs shared by users.",
"required": false,
"min": null,
"max": null,
"default": "{{ matrix_synapse_url_preview_enabled|string|lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_synapse_url_preview_enabled",
"type": "multiplechoice"
},
{
"question_name": "Enable Guest Access",
"question_description": "Controls whether 'guest accounts' can access rooms without registering. Guest users do not count towards your servers user limit.",
"required": false,
"min": null,
"max": null,
"default": "{{ matrix_synapse_allow_guest_access|string|lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_synapse_allow_guest_access",
"type": "multiplechoice"
},
{
"question_name": "Registration Requires Email",
"question_description": "Controls whether an email address is required to register on the server.",
"required": false,
"min": null,
"max": null,
"default": "{{ ext_registrations_require_3pid|string|lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "ext_registrations_require_3pid",
"type": "multiplechoice"
},
{
"question_name": "Registration Shared Secret",
"question_description": "A secret that allows registration of standard or admin accounts by anyone who has the shared secret, even if registration is otherwise disabled. WARNING: You must set a strong and unique password here.",
"required": false,
"min": 0,
"max": 256,
"default": "",
"choices": "",
"new_question": true,
"variable": "matrix_synapse_registration_shared_secret",
"type": "password"
},
{
"question_name": "Synapse Max Upload Size",
"question_description": "Sets the maximum size for uploaded files in MB.",
"required": false,
"min": 0,
"max": 3,
"default": "{{ matrix_synapse_max_upload_size_mb }}",
"choices": "",
"new_question": true,
"variable": "matrix_synapse_max_upload_size_mb",
"type": "text"
},
{
"question_name": "URL Preview Languages",
"question_description": "Sets the languages that URL previews will be generated in. Entries are a 2-3 letter IETF language tag, they must be seperated with newlines. For example: 'fr' https://en.wikipedia.org/wiki/IETF_language_tag",
"required": false,
"min": 0,
"max": 65536,
"default": {{ ext_url_preview_accept_language_default|to_json }},
"choices": "",
"new_question": true,
"variable": "ext_url_preview_accept_language_raw",
"type": "textarea"
},
{
"question_name": "Federation Whitelist",
"question_description": "Here you can list the URLs of other Matrix homeservers and Synapse will only federate with those homeservers. Entries must be seperated with newlines and must not have a 'https://' prefix. For example: 'matrix.example.org'",
"required": false,
"min": 0,
"max": 65536,
"default": {{ ext_federation_whitelist_raw|to_json }},
"choices": "",
"new_question": true,
"variable": "ext_federation_whitelist_raw",
"type": "textarea"
},
{
"question_name": "Synapse Auto-Join Rooms",
"question_description": "Sets the 'auto-join' rooms, where new users will be automatically invited to, these rooms must already exist. Entries must be room addresses that are separated with newlines. For example: '#announcements:example.org'",
"required": false,
"min": 0,
"max": 65536,
"default": {{ matrix_synapse_auto_join_rooms_raw|to_json }},
"choices": "",
"new_question": true,
"variable": "matrix_synapse_auto_join_rooms_raw",
"type": "textarea"
},
{
"question_name": "Enable ReCaptcha on Registration",
"question_description": "Enables Googles ReCaptcha verification for registering an account, recommended for public servers.",
"required": false,
"min": null,
"max": null,
"default": "{{ ext_enable_registration_captcha|string|lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "ext_enable_registration_captcha",
"type": "multiplechoice"
},
{
"question_name": "Recaptcha Public Key",
"question_description": "Sets the Google ReCaptcha public key for this website.",
"required": false,
"min": 0,
"max": 40,
"default": "{{ ext_recaptcha_public_key }}",
"choices": "",
"new_question": true,
"variable": "ext_recaptcha_public_key",
"type": "text"
},
{
"question_name": "Recaptcha Private Key",
"question_description": "Sets the Google ReCaptcha private key for this website.",
"required": false,
"min": 0,
"max": 40,
"default": "{{ ext_recaptcha_private_key }}",
"choices": "",
"new_question": true,
"variable": "ext_recaptcha_private_key",
"type": "text"
}
]
}

View File

@ -0,0 +1,18 @@
{
"name": "Configure Synapse Admin",
"description": "Configure 'Synapse Admin', a moderation tool to help you manage your server.",
"spec": [
{
"question_name": "Enable Synapse Admin",
"question_description": "Set if Synapse Admin is enabled or not. If enabled you can access it at https://matrix.{{ matrix_domain }}/synapse-admin.",
"required": false,
"min": null,
"max": null,
"default": "{{ matrix_synapse_admin_enabled|string|lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_synapse_admin_enabled",
"type": "multiplechoice"
}
]
}

View File

@ -0,0 +1,54 @@
{
"name": "Configure Website Access Backup",
"description": "Configure base domain website settings and access the services backup.",
"spec": [
{
"question_name": "Customise Base Domain Website",
"question_description": "Set if you want to adjust the base domain website using SFTP.",
"required": true,
"min": null,
"max": null,
"default": "{{ customise_base_domain_website | string | lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "customise_base_domain_website",
"type": "multiplechoice"
},
{
"question_name": "SFTP Authorisation Method",
"question_description": "Set whether you want to disable SFTP, use a password to connect to SFTP or connect with a more secure SSH key.",
"required": true,
"min": null,
"max": null,
"default": "{{ sftp_auth_method | string }}",
"choices": "Disabled\nPassword\nSSH Key",
"new_question": true,
"variable": "sftp_auth_method",
"type": "multiplechoice"
},
{
"question_name": "SFTP Password",
"question_description": "Sets the password of the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'Password' method is selected. WARNING: You must set a strong and unique password here.",
"required": false,
"min": 0,
"max": 64,
"default": "{{ sftp_password }}",
"choices": "",
"new_question": true,
"variable": "sftp_password",
"type": "password"
},
{
"question_name": "SFTP Public SSH Key (More Secure)",
"question_description": "Sets the public SSH key used to access the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'SSH Key' method is selected.",
"required": false,
"min": 0,
"max": 16384,
"default": "{{ sftp_public_key }}",
"choices": "",
"new_question": true,
"variable": "sftp_public_key",
"type": "text"
}
]
}

View File

@ -0,0 +1,69 @@
- name: Record Backup Server variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# AWX Settings'
with_dict:
'matrix_awx_backup_enabled': '{{ matrix_awx_backup_enabled }}'
- name: Copy new 'matrix_vars.yml' to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
dest: '/matrix/awx/matrix_vars.yml'
mode: '0660'
- name: Save new 'Backup Server' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: 'roles/matrix-awx/surveys/backup_server.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json'
- name: Copy new 'Backup Server' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json'
dest: '/matrix/awx/backup_server.json'
mode: '0660'
- name: Collect AWX admin token the hard way!
delegate_to: 127.0.0.1
shell: |
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
register: tower_token
no_log: True
- name: Recreate 'Backup Server' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 0 - Backup Server"
description: "Performs a backup of the entire service to a remote location."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "backup-server"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json') }}"
become_enabled: yes
state: present
verbosity: 1
tower_host: "https://{{ tower_host }}"
tower_oauthtoken: "{{ tower_token.stdout }}"
validate_certs: yes
- name: Perform the borg backup
command: borgmatic
when: matrix_awx_backup_enabled|bool
- name: Set boolean value to exit playbook
set_fact:
end_playbook: true
- name: End playbook if this task list is called.
meta: end_play
when: end_playbook is defined and end_playbook|bool

View File

@ -0,0 +1,31 @@
#
# Create user and define if they are admin
#
# /usr/local/bin/matrix-synapse-register-user <your_username> <your_password> <admin access: 0 or 1>
#
- name: Set admin bool to zero
set_fact:
admin_bool: 0
when: admin_access == 'false'
- name: Examine if server admin set
set_fact:
admin_bool: 1
when: admin_access == 'true'
- name: Set boolean value to exit playbook
set_fact:
end_playbook: true
- name: Create user account
command: |
/usr/local/bin/matrix-synapse-register-user {{ new_username | quote }} {{ new_password | quote }} {{ admin_bool }}
register: cmd
- name: Result
debug: msg="{{ cmd.stdout }}"
- name: End playbook if this task list is called.
meta: end_play
when: end_playbook is defined and end_playbook|bool

View File

@ -0,0 +1,230 @@
- name: Enable index.html creation if user doesn't wish to customise base domain
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Base Domain Settings'
with_dict:
'matrix_nginx_proxy_base_domain_homepage_enabled': 'true'
when: customise_base_domain_website|bool == false
- name: Disable index.html creation to allow multi-file site if user does wish to customise base domain
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Base Domain Settings'
with_dict:
'matrix_nginx_proxy_base_domain_homepage_enabled': 'false'
when: customise_base_domain_website|bool == true
- name: Record custom 'Customise Website + Access Export' variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Custom Settings'
with_dict:
'customise_base_domain_website': '{{ customise_base_domain_website }}'
'sftp_auth_method': '"{{ sftp_auth_method }}"'
'sftp_password': '"{{ sftp_password }}"'
'sftp_public_key': '"{{ sftp_public_key }}"'
- name: Copy new 'matrix_vars.yml' to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
dest: '/matrix/awx/matrix_vars.yml'
mode: '0660'
- name: Reload vars in matrix_vars.yml
include_vars:
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
no_log: True
- name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: './roles/matrix-awx/surveys/configure_website_access_export.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json'
- name: Copy new 'Customise Website + Access Export' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json'
dest: '/matrix/awx/configure_website_access_export.json'
mode: '0660'
- name: Collect AWX admin token the hard way!
delegate_to: 127.0.0.1
shell: |
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
register: tower_token
no_log: True
- name: Recreate 'Customise Base Domain Export' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 1 - Configure Website + Access Export"
description: "Configure base domain website settings and access the servers export."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "start,setup-nginx-proxy"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json') }}"
become_enabled: yes
state: present
verbosity: 1
tower_host: "https://{{ tower_host }}"
tower_oauthtoken: "{{ tower_token.stdout }}"
validate_certs: yes
- name: Ensure group "sftp" exists
group:
name: sftp
state: present
- name: If user doesn't define a sftp_password, create a disabled 'sftp' account
user:
name: sftp
comment: SFTP user to set custom web files and access servers export
shell: /bin/false
home: /home/sftp
group: sftp
password: '*'
update_password: always
when: sftp_password|length == 0
- name: If user defines sftp_password, enable account and set password on 'stfp' account
user:
name: sftp
comment: SFTP user to set custom web files and access servers export
shell: /bin/false
home: /home/sftp
group: sftp
password: "{{ sftp_password | password_hash('sha512') }}"
update_password: always
when: sftp_password|length > 0
- name: adding existing user 'sftp' to group matrix
user:
name: sftp
groups: matrix
append: yes
- name: Create the ro /chroot directory with sticky bit if it doesn't exist. (/chroot/website has matrix:matrix permissions and is mounted to nginx container)
file:
path: /chroot
state: directory
owner: root
group: root
mode: '1755'
- name: Ensure /chroot/website location exists.
file:
path: /chroot/website
state: directory
owner: matrix
group: matrix
mode: '0574'
- name: Ensure /chroot/export location exists
file:
path: /chroot/export
state: directory
owner: sftp
group: sftp
mode: '0700'
- name: Ensure /home/sftp/.ssh location exists
file:
path: /home/sftp/.ssh
state: directory
owner: sftp
group: sftp
mode: '0700'
- name: Ensure /home/sftp/authorized_keys exists
file:
path: /home/sftp/.ssh/authorized_keys
state: touch
owner: sftp
group: sftp
mode: '0644'
- name: Clear authorized_keys file
shell: echo "" > /home/sftp/.ssh/authorized_keys
- name: Insert public SSH key into authorized_keys file
lineinfile:
path: /home/sftp/.ssh/authorized_keys
line: "{{ sftp_public_key }}"
owner: sftp
group: sftp
mode: '0644'
when: (sftp_public_key | length > 0) and (sftp_auth_method == "SSH Key")
- name: Alter SSH Subsystem State 1
lineinfile:
path: /etc/ssh/sshd_config
line: "Subsystem sftp /usr/lib/openssh/sftp-server"
state: absent
- name: Alter SSH Subsystem State 2
lineinfile:
path: /etc/ssh/sshd_config
insertafter: "^# override default of no subsystems"
line: "Subsystem sftp internal-sftp"
- name: Add SSH Match User section for disabled auth
blockinfile:
path: /etc/ssh/sshd_config
state: absent
block: |
Match User sftp
ChrootDirectory /chroot
PermitTunnel no
X11Forwarding no
AllowTcpForwarding no
PasswordAuthentication yes
AuthorizedKeysFile /home/sftp/.ssh/authorized_keys
when: sftp_auth_method == "Disabled"
- name: Add SSH Match User section for password auth
blockinfile:
path: /etc/ssh/sshd_config
state: present
block: |
Match User sftp
ChrootDirectory /chroot
PermitTunnel no
X11Forwarding no
AllowTcpForwarding no
PasswordAuthentication yes
when: sftp_auth_method == "Password"
- name: Add SSH Match User section for publickey auth
blockinfile:
path: /etc/ssh/sshd_config
state: present
block: |
Match User sftp
ChrootDirectory /chroot
PermitTunnel no
X11Forwarding no
AllowTcpForwarding no
AuthorizedKeysFile /home/sftp/.ssh/authorized_keys
when: sftp_auth_method == "SSH Key"
- name: Restart service ssh.service
service:
name: ssh.service
state: restarted

View File

@ -0,0 +1,23 @@
- name: Ensure /matrix/awx is empty
shell: rm -r /matrix/awx/*
ignore_errors: yes
- name: Ensure /matrix/synapse is empty
shell: rm -r /matrix/synapse/*
ignore_errors: yes
- name: Extract from /chroot/export
shell: tar -xvzf /chroot/export/matrix.tar.gz -C /matrix/
- name: Ensure correct ownership of /matrix/awx
shell: chown -R matrix:matrix /matrix/awx
- name: Ensure correct ownership of /matrix/synapse
shell: chown -R matrix:matrix /matrix/synapse
- name: Fetch matrix_vars.yml file to AWX
fetch:
src: /matrix/awx/matrix_vars.yml
dest: /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/
flat: yes

View File

@ -0,0 +1,10 @@
- name: Include vars in organisation.yml
include_vars:
file: '/var/lib/awx/projects/clients/{{ member_id }}/organisation.yml'
no_log: True
- name: Include vars in hosting_vars.yml
include_vars:
file: '/var/lib/awx/projects/hosting/hosting_vars.yml'
no_log: True

View File

@ -0,0 +1,6 @@
- name: Include vars in matrix_vars.yml
include_vars:
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
no_log: True

79
roles/matrix-awx/tasks/main.yml Executable file
View File

@ -0,0 +1,79 @@
# Load initial hosting and organisation variables from AWX volume
- import_tasks: "{{ role_path }}/tasks/load_hosting_and_org_variables.yml"
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- always
# Perform a backup of the server
- import_tasks: "{{ role_path }}/tasks/backup_server.yml"
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- backup-server
# Create a user account if called
- import_tasks: "{{ role_path }}/tasks/create_user.yml"
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- create-user
# Perform extra self-check functions
- import_tasks: "{{ role_path }}/tasks/self_check.yml"
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- self-check
# Import configs, media repo from /chroot/backup import
- import_tasks: "{{ role_path }}/tasks/import_awx.yml"
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- import-awx
# Configure SFTP so user can upload a static website or access the servers export
- import_tasks: "{{ role_path }}/tasks/customise_website_access_export.yml"
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- setup-nginx-proxy
# Additional playbook to set the variable file during Element configuration
- import_tasks: "{{ role_path }}/tasks/set_variables_element.yml"
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- setup-client-element
# Additional playbook to set the variable file during Synapse configuration
- import_tasks: "{{ role_path }}/tasks/set_variables_synapse.yml"
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- setup-synapse
# Additional playbook to set the variable file during Jitsi configuration
- import_tasks: "{{ role_path }}/tasks/set_variables_jitsi.yml"
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- setup-jitsi
# Additional playbook to set the variable file during Ma1sd configuration
- import_tasks: "{{ role_path }}/tasks/set_variables_ma1sd.yml"
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- setup-ma1sd
# Additional playbook to set the variable file during Corporal configuration
- import_tasks: "{{ role_path }}/tasks/set_variables_corporal.yml"
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- setup-corporal
# Additional playbook to set the variable file during Synapse Admin configuration
- import_tasks: "{{ role_path }}/tasks/set_variables_synapse_admin.yml"
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- setup-all
# Load newly formed matrix variables from tower volume
- import_tasks: "{{ role_path }}/tasks/load_matrix_variables.yml"
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- always

View File

@ -0,0 +1,94 @@
- name: Install prerequisite apt packages on target
apt:
name:
- sysstat
state: present
- name: Install prerequisite yum packages on AWX
delegate_to: 127.0.0.1
yum:
name:
- bind-utils
state: present
- name: Install prerequisite pip packages on AWX
delegate_to: 127.0.0.1
pip:
name:
- dnspython
state: present
- name: Calculate CPU usage statistics
shell: iostat -c
register: cpu_usage_stat
no_log: True
- name: Print CPU usage statistics
debug:
msg: "{{ cpu_usage_stat.stdout.split('\n') }}"
when: cpu_usage_stat is defined
- name: Calculate RAM usage statistics
shell: free -mh
register: ram_usage_stat
no_log: True
- name: Print RAM usage statistics
debug:
msg: "{{ ram_usage_stat.stdout.split('\n') }}"
when: ram_usage_stat is defined
- name: Calculate free disk space
shell: df -h
register: disk_space_stat
no_log: True
- name: Print free disk space
debug:
msg: "{{ disk_space_stat.stdout.split('\n') }}"
when: disk_space_stat is defined
- name: Calculate size of Synapse database
shell: du -sh /matrix/postgres/data
register: db_size_stat
no_log: True
- name: Print size of Synapse database
debug:
msg: "{{ db_size_stat.stdout.split('\n') }}"
when: db_size_stat is defined
- name: Calculate size of local media repository
shell: du -sh /matrix/synapse/storage/media-store/local*
register: local_media_size_stat
ignore_errors: yes
no_log: True
- name: Print size of local media repository
debug:
msg: "{{ local_media_size_stat.stdout.split('\n') }}"
when: local_media_size_stat is defined
- name: Calculate size of remote media repository
shell: du -sh /matrix/synapse/storage/media-store/remote*
register: remote_media_size_stat
ignore_errors: yes
no_log: True
- name: Print size of remote media repository
debug:
msg: "{{ remote_media_size_stat.stdout.split('\n') }}"
when: remote_media_size_stat is defined
- name: Calculate docker container statistics
shell: docker stats --all --no-stream
register: docker_stats
ignore_errors: yes
no_log: True
- name: Print docker container statistics
debug:
msg: "{{ docker_stats.stdout.split('\n') }}"
when: docker_stats is defined

View File

@ -0,0 +1,254 @@
- name: Record Corporal Enabled/Disabled variable
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Corporal Settings'
with_dict:
'matrix_corporal_enabled': '{{ matrix_corporal_enabled }}'
- name: Enable Shared Secret Auth if Corporal enabled
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Shared Secret Auth Settings'
with_dict:
'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'true'
when: matrix_corporal_enabled|bool
- name: Disable Shared Secret Auth if Corporal disabled
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Shared Secret Auth Settings'
with_dict:
'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'false'
when: not matrix_corporal_enabled|bool
- name: Enable Rest Auth Endpoint if Corporal enabled
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Synapse Extension'
with_dict:
'matrix_synapse_ext_password_provider_rest_auth_enabled': 'true'
when: matrix_corporal_enabled|bool
- name: Disable Rest Auth Endpoint if Corporal disabled
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Synapse Extension'
with_dict:
'matrix_synapse_ext_password_provider_rest_auth_enabled': 'false'
when: not matrix_corporal_enabled|bool
- name: Disable Corporal API if Simple Static File mode selected
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Corporal Settings'
with_dict:
'matrix_corporal_http_api_enabled': 'false'
when: (matrix_corporal_policy_provider_mode == "Simple Static File") or (not matrix_corporal_enabled|bool)
- name: Enable Corporal API if Push/Pull mode delected
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Corporal Settings'
with_dict:
'matrix_corporal_http_api_enabled': 'true'
when: (matrix_corporal_policy_provider_mode != "Simple Static File") and (matrix_corporal_enabled|bool)
- name: Record Corporal API Access Token if it's defined
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Corporal Settings'
with_dict:
'matrix_corporal_http_api_auth_token': '{{ matrix_corporal_http_api_auth_token }}'
when: matrix_corporal_http_api_auth_token|length > 0
- name: Record 'Simple Static File' configuration variables in matrix_vars.yml
delegate_to: 127.0.0.1
blockinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
insertafter: "# Corporal Policy Provider Settings"
block: |
matrix_corporal_policy_provider_config: |
{
"Type": "static_file",
"Path": "/etc/matrix-corporal/corporal-policy.json"
}
when: matrix_corporal_policy_provider_mode == "Simple Static File"
- name: Touch the /matrix/corporal/ directory
file:
path: "/matrix/corporal/"
state: directory
owner: matrix
group: matrix
mode: '750'
- name: Touch the /matrix/corporal/config/ directory
file:
path: "/matrix/corporal/config/"
state: directory
owner: matrix
group: matrix
mode: '750'
- name: Touch the /matrix/corporal/cache/ directory
file:
path: "/matrix/corporal/cache/"
state: directory
owner: matrix
group: matrix
mode: '750'
- name: Touch the corporal-policy.json file to ensure it exists
file:
path: "/matrix/corporal/config/corporal-policy.json"
state: touch
owner: matrix
group: matrix
mode: '660'
- name: Touch the last-policy.json file to ensure it exists
file:
path: "/matrix/corporal/config/last-policy.json"
state: touch
owner: matrix
group: matrix
mode: '660'
- name: Record 'Simple Static File' configuration content in corporal-policy.json
copy:
content: "{{ matrix_corporal_simple_static_config | string }}"
dest: "/matrix/corporal/config/corporal-policy.json"
owner: matrix
group: matrix
mode: '660'
when: (matrix_corporal_policy_provider_mode == "Simple Static File") and (matrix_corporal_simple_static_config|length > 0)
- name: Record 'HTTP Pull Mode' configuration variables in matrix_vars.yml
delegate_to: 127.0.0.1
blockinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
insertafter: "# Corporal Policy Provider Settings"
block: |
matrix_corporal_policy_provider_config: |
{
"Type": "http",
"Uri": "{{ matrix_corporal_pull_mode_uri }}",
"AuthorizationBearerToken": "{{ matrix_corporal_pull_mode_token }}",
"CachePath": "/var/cache/matrix-corporal/last-policy.json",
"ReloadIntervalSeconds": 1800,
"TimeoutMilliseconds": 30000
}
when: (matrix_corporal_policy_provider_mode == "HTTP Pull Mode (API Enabled)") and (matrix_corporal_pull_mode_uri|length > 0) and (matrix_corporal_pull_mode_token|length > 0)
- name: Record 'HTTP Push Mode' configuration variables in matrix_vars.yml
delegate_to: 127.0.0.1
blockinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
insertafter: "# Corporal Policy Provider Settings"
block: |
matrix_corporal_policy_provider_config: |
{
"Type": "last_seen_store_policy",
"CachePath": "/var/cache/matrix-corporal/last-policy.json"
}
when: (matrix_corporal_policy_provider_mode == "HTTP Push Mode (API Enabled)")
- name: Lower RateLimit if set to 'Normal'
delegate_to: 127.0.0.1
replace:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: ' address:\n per_second: 50\n burst_count: 300\n account:\n per_second: 0.17\n burst_count: 300'
replace: ' address:\n per_second: 0.17\n burst_count: 3\n account:\n per_second: 0.17\n burst_count: 3'
when: matrix_corporal_raise_ratelimits == "Normal"
- name: Raise RateLimit if set to 'Raised'
delegate_to: 127.0.0.1
replace:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: ' address:\n per_second: 0.17\n burst_count: 3\n account:\n per_second: 0.17\n burst_count: 3'
replace: ' address:\n per_second: 50\n burst_count: 300\n account:\n per_second: 0.17\n burst_count: 300'
when: matrix_corporal_raise_ratelimits == "Raised"
- name: Copy new 'matrix_vars.yml' to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
dest: '/matrix/awx/matrix_vars.yml'
mode: '0664'
- name: Save new 'Configure Corporal' survey.json to the AWX tower
delegate_to: 127.0.0.1
template:
src: 'roles/matrix-awx/surveys/configure_corporal.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json'
- name: Copy new 'Configure Corporal' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json'
dest: '/matrix/awx/configure_corporal.json'
mode: '0660'
- debug:
msg: "matrix_corporal_matrix_homeserver_api_endpoint: {{ matrix_corporal_matrix_homeserver_api_endpoint }}"
- debug:
msg: "matrix_corporal_matrix_auth_shared_secret: {{ matrix_corporal_matrix_auth_shared_secret }}"
- debug:
msg: "matrix_corporal_http_gateway_internal_rest_auth_enabled: {{ matrix_corporal_http_gateway_internal_rest_auth_enabled }}"
- debug:
msg: "matrix_corporal_matrix_registration_shared_secret: {{ matrix_corporal_matrix_registration_shared_secret }}"
- name: Collect AWX admin token the hard way!
delegate_to: 127.0.0.1
shell: |
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
register: tower_token
no_log: True
- name: Recreate 'Configure Corporal (Advanced)' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 1 - Configure Corporal (Advanced)"
description: "Configure Matrix Corporal, a tool that manages your Matrix server according to a configuration policy."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "start,setup-corporal"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json') }}"
become_enabled: yes
state: present
verbosity: 1
tower_host: "https://{{ tower_host }}"
tower_oauthtoken: "{{ tower_token.stdout }}"
validate_certs: yes

View File

@ -0,0 +1,77 @@
- name: Record Element-Web variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Element Settings'
with_dict:
'matrix_client_element_enabled': '{{ matrix_client_element_enabled }}'
'matrix_client_element_jitsi_preferredDomain': '{{ matrix_client_element_jitsi_preferredDomain }}'
'matrix_client_element_brand': '{{ matrix_client_element_brand }}'
'matrix_client_element_default_theme': '{{ matrix_client_element_default_theme }}'
'matrix_client_element_registration_enabled': '{{ matrix_client_element_registration_enabled }}'
'matrix_server_fqn_element': "{{ element_subdomain }}.{{ matrix_domain }}"
- name: Set fact for 'https' string
set_fact:
https_string: "https"
- name: Record Element-Web Background variable locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Element Settings'
with_dict:
'matrix_client_element_branding_welcomeBackgroundUrl': '{{ matrix_client_element_branding_welcomeBackgroundUrl }}'
when: (https_string in matrix_client_element_branding_welcomeBackgroundUrl) and ( matrix_client_element_branding_welcomeBackgroundUrl|length > 0 )
- name: Copy new 'matrix_vars.yml' to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
dest: '/matrix/awx/matrix_vars.yml'
mode: '0660'
- name: Save new 'Configure Element' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: 'roles/matrix-awx/surveys/configure_element.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json'
- name: Copy new 'Configure Element' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json'
dest: '/matrix/awx/configure_element.json'
mode: '0660'
- name: Collect AWX admin token the hard way!
delegate_to: 127.0.0.1
shell: |
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
register: tower_token
no_log: True
- name: Recreate 'Configure Element' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 1 - Configure Element"
description: "Configure Element client via survey."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "start,setup-client-element"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json') }}"
become_enabled: yes
state: present
verbosity: 1
tower_host: "https://{{ tower_host }}"
tower_oauthtoken: "{{ tower_token.stdout }}"
validate_certs: yes

View File

@ -0,0 +1,58 @@
- name: Record Jitsi variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Jitsi Settings'
with_dict:
'matrix_jitsi_enabled': '{{ matrix_jitsi_enabled }}'
'matrix_jitsi_web_config_defaultLanguage': '{{ matrix_jitsi_web_config_defaultLanguage }}'
- name: Copy new 'matrix_vars.yml' to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
dest: '/matrix/awx/matrix_vars.yml'
mode: '0660'
- name: Save new 'Configure Jitsi' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: 'roles/matrix-awx/surveys/configure_jitsi.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json'
- name: Copy new 'Configure Jitsi' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json'
dest: '/matrix/awx/configure_jitsi.json'
mode: '0660'
- name: Collect AWX admin token the hard way!
delegate_to: 127.0.0.1
shell: |
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
register: tower_token
no_log: True
- name: Recreate 'Configure Jitsi' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 1 - Configure Jitsi"
description: "Configure Jitsi conferencing settings."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "start,setup-jitsi"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json') }}"
become_enabled: yes
state: present
verbosity: 1
tower_host: "https://{{ tower_host }}"
tower_oauthtoken: "{{ tower_token.stdout }}"
validate_certs: yes

View File

@ -0,0 +1,130 @@
- name: Record ma1sd variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# ma1sd Settings'
with_dict:
'matrix_ma1sd_enabled': '{{ matrix_ma1sd_enabled }}'
- name: Disable REST auth (matrix-corporal/ma1sd) if using internal auth
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Synapse Extension'
with_dict:
'matrix_synapse_ext_password_provider_rest_auth_enabled': 'false'
when: ext_matrix_ma1sd_auth_store == 'Synapse Internal'
- name: Enable REST auth if using external LDAP/AD with ma1sd
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Synapse Extension'
with_dict:
'matrix_synapse_ext_password_provider_rest_auth_enabled': 'true'
'matrix_synapse_ext_password_provider_rest_auth_endpoint': 'http://matrix-ma1sd:8090'
when: ext_matrix_ma1sd_auth_store == 'LDAP/AD'
- name: Strip header from ma1sd configuration extension if using internal auth
set_fact:
ext_matrix_ma1sd_configuration_extension_yaml_parsed: "{{ ext_matrix_ma1sd_configuration_extension_yaml.splitlines() | reject('search', '^matrix_client_element_configuration_extension_json:') | list }}"
when: ext_matrix_ma1sd_auth_store == 'LDAP/AD'
- name: Remove entire ma1sd configuration extension
delegate_to: 127.0.0.1
replace:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: '^.*\n'
after: '# Start ma1sd Extension'
before: '# End ma1sd Extension'
- name: Replace conjoined ma1sd configuration extension limiters
delegate_to: 127.0.0.1
replace:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: '^# Start ma1sd Extension# End ma1sd Extension'
replace: '# Start ma1sd Extension\n# End ma1sd Extension'
- name: Insert ma1sd configuration extension header if using external LDAP/AD with ma1sd
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
line: "matrix_ma1sd_configuration_extension_yaml: |"
insertafter: '# Start ma1sd Extension'
when: ext_matrix_ma1sd_auth_store == 'LDAP/AD'
- name: Set ma1sd configuration extension if using external LDAP/AD with ma1sd
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
insertbefore: '# End ma1sd Extension'
line: '{{ item }}'
with_items: "{{ ext_matrix_ma1sd_configuration_extension_yaml_parsed }}"
when: ext_matrix_ma1sd_auth_store == 'LDAP/AD'
- name: Record ma1sd Custom variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertbefore: '# Custom Settings'
with_dict:
'ext_matrix_ma1sd_auth_store': '{{ ext_matrix_ma1sd_auth_store }}'
'ext_matrix_ma1sd_configuration_extension_yaml': '{{ ext_matrix_ma1sd_configuration_extension_yaml.splitlines() | to_json }}'
- name: Copy new 'matrix_vars.yml' to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
dest: '/matrix/awx/matrix_vars.yml'
mode: '0660'
- name: Save new 'Configure ma1sd' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: 'roles/matrix-awx/surveys/configure_ma1sd.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json'
- name: Copy new 'Configure ma1sd' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json'
dest: '/matrix/awx/configure_ma1sd.json'
mode: '0660'
- name: Collect AWX admin token the hard way!
delegate_to: 127.0.0.1
shell: |
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
register: tower_token
no_log: True
- name: Recreate 'Configure ma1sd (Advanced)' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 1 - Configure ma1sd (Advanced)"
description: "Configure Jitsi conferencing settings."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "start,setup-ma1sd"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json') }}"
become_enabled: yes
state: present
verbosity: 1
tower_host: "https://{{ tower_host }}"
tower_oauthtoken: "{{ tower_token.stdout }}"
validate_certs: yes
# ^ This playbook isn't executing so the survey isn't being updated! :P

View File

@ -0,0 +1,223 @@
- name: Record Synapse variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Synapse Settings'
with_dict:
'matrix_synapse_allow_public_rooms_over_federation': '{{ matrix_synapse_allow_public_rooms_over_federation }}'
'matrix_synapse_enable_registration': '{{ matrix_synapse_enable_registration }}'
'matrix_synapse_federation_enabled': '{{ matrix_synapse_federation_enabled }}'
'matrix_synapse_enable_group_creation': '{{ matrix_synapse_enable_group_creation }}'
'matrix_synapse_use_presence': '{{ matrix_synapse_use_presence }}'
'matrix_synapse_max_upload_size_mb': '{{ matrix_synapse_max_upload_size_mb }}'
'matrix_synapse_url_preview_enabled': '{{ matrix_synapse_url_preview_enabled }}'
'matrix_synapse_allow_guest_access': '{{ matrix_synapse_allow_guest_access }}'
- name: Empty Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if raw inputs empty
delegate_to: 127.0.0.1
replace:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "^matrix_synapse_auto_join_rooms: .*$"
replace: "matrix_synapse_auto_join_rooms: []"
when: matrix_synapse_auto_join_rooms_raw|length == 0
- name: If the raw inputs is not empty start constructing parsed auto_join_rooms list
set_fact:
matrix_synapse_auto_join_rooms_array: |-
{{ matrix_synapse_auto_join_rooms_raw.splitlines() | to_json }}
when: matrix_synapse_auto_join_rooms_raw|length > 0
- name: Record Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if it's not blank
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Synapse Settings'
with_dict:
"matrix_synapse_auto_join_rooms": "{{ matrix_synapse_auto_join_rooms_array }}"
when: matrix_synapse_auto_join_rooms_raw|length > 0
- name: Record Synapse Shared Secret if it's defined
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Synapse Settings'
with_dict:
'matrix_synapse_registration_shared_secret': '{{ matrix_synapse_registration_shared_secret }}'
when: matrix_synapse_registration_shared_secret|length > 0
- name: Record registations_require_3pid extra variable if true
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "{{ item }}:"
line: "{{ item }}"
insertbefore: '# End Synapse Extension'
with_items:
- " registrations_require_3pid:"
- " - email"
when: ext_registrations_require_3pid|bool
- name: Remove registrations_require_3pid extra variable if false
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "{{ item }}:"
line: "{{ item }}"
insertbefore: '# End Synapse Extension'
state: absent
with_items:
- " registrations_require_3pid:"
- " - email"
when: not ext_registrations_require_3pid|bool
- name: Remove URL Languages
delegate_to: 127.0.0.1
replace:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: '^(?!.*\bemail\b) - [a-zA-Z\-]{2,5}\n'
after: ' url_preview_accept_language:'
before: '# End Synapse Extension'
- name: Set URL languages default if raw inputs empty
set_fact:
ext_url_preview_accept_language_default: 'en'
when: ext_url_preview_accept_language_raw|length == 0
- name: Set URL languages default if raw inputs not empty
set_fact:
ext_url_preview_accept_language_default: "{{ ext_url_preview_accept_language_raw }}"
when: ext_url_preview_accept_language_raw|length > 0
- name: Set URL languages if raw inputs empty
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
insertafter: '^ url_preview_accept_language:'
line: " - {{ ext_url_preview_accept_language_default }}"
when: ext_url_preview_accept_language_raw|length == 0
- name: Set URL languages if raw inputs not empty
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
insertafter: '^ url_preview_accept_language:'
line: " - {{ item }}"
with_items: "{{ ext_url_preview_accept_language_raw.splitlines() }}"
when: ext_url_preview_accept_language_raw|length > 0
- name: Remove Federation Whitelisting 1
delegate_to: 127.0.0.1
replace:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: '^ - [a-z0-9]+\.[a-z0-9.]+\n'
after: ' federation_domain_whitelist:'
before: '# End Synapse Extension'
- name: Remove Federation Whitelisting 2
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
line: " federation_domain_whitelist:"
state: absent
- name: Set Federation Whitelisting 1
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
insertafter: '^matrix_synapse_configuration_extension_yaml: \|'
line: " federation_domain_whitelist:"
when: ext_federation_whitelist_raw|length > 0
- name: Set Federation Whitelisting 2
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
insertafter: '^ federation_domain_whitelist:'
line: " - {{ item }}"
with_items: "{{ ext_federation_whitelist_raw.splitlines() }}"
when: ext_federation_whitelist_raw|length > 0
- name: Record Synapse Custom variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertbefore: '# Custom Settings'
with_dict:
'ext_federation_whitelist_raw': '{{ ext_federation_whitelist_raw.splitlines() | to_json }}'
'ext_url_preview_accept_language_default': '{{ ext_url_preview_accept_language_default.splitlines() | to_json }}'
- name: Set ext_recaptcha_public_key to a 'public-key' if undefined
set_fact: ext_recaptcha_public_key="public-key"
when: (ext_recaptcha_public_key is not defined) or (ext_recaptcha_public_key|length == 0)
- name: Set ext_recaptcha_private_key to a 'private-key' if undefined
set_fact: ext_recaptcha_private_key="private-key"
when: (ext_recaptcha_private_key is not defined) or (ext_recaptcha_private_key|length == 0)
- name: Record Synapse Extension variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertbefore: '# End Synapse Extension'
with_dict:
' enable_registration_captcha': '{{ ext_enable_registration_captcha }}'
' recaptcha_public_key': '{{ ext_recaptcha_public_key }}'
' recaptcha_private_key': '{{ ext_recaptcha_private_key }}'
- name: Copy new 'matrix_vars.yml' to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
dest: '/matrix/awx/matrix_vars.yml'
mode: '0660'
- name: Save new 'Configure Synapse' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: 'roles/matrix-awx/surveys/configure_synapse.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//configure_synapse.json'
- name: Copy new 'Configure Synapse' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json'
dest: '/matrix/awx/configure_synapse.json'
mode: '0660'
- name: Collect AWX admin token the hard way!
delegate_to: 127.0.0.1
shell: |
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
register: tower_token
no_log: True
- name: Recreate 'Configure Synapse' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 1 - Configure Synapse"
description: "Configure Synapse (homeserver) settings."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "start,setup-synapse"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json') }}"
become_enabled: yes
state: present
verbosity: 1
tower_host: "https://{{ tower_host }}"
tower_oauthtoken: "{{ tower_token.stdout }}"
validate_certs: yes

View File

@ -0,0 +1,58 @@
- name: Record Synapse Admin variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Synapse Admin Settings'
with_dict:
'matrix_synapse_admin_enabled': '{{ matrix_synapse_admin_enabled }}'
- name: Copy new 'matrix_vars.yml' to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
dest: '/matrix/awx/matrix_vars.yml'
mode: '0660'
- name: Save new 'Configure Synapse Admin' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: 'roles/matrix-awx/surveys/configure_synapse_admin.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json'
- name: Copy new 'Configure Synapse Admin' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json'
dest: '/matrix/awx/configure_synapse_admin.json'
mode: '0660'
- name: Collect AWX admin token the hard way!
delegate_to: 127.0.0.1
shell: |
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
register: tower_token
no_log: True
- name: Recreate 'Configure Synapse Admin' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 1 - Configure Synapse Admin"
description: "Configure 'Synapse Admin', a moderation tool to help you manage your server."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "start,setup-all"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json') }}"
become_enabled: yes
state: present
verbosity: 1
tower_host: "https://{{ tower_host }}"
tower_oauthtoken: "{{ tower_token.stdout }}"
validate_certs: yes

View File

@ -0,0 +1,20 @@
---
- name: Create user account
command: |
/usr/local/bin/matrix-synapse-register-user janitor {{ matrix_awx_janitor_user_password | quote }} 1
register: cmd
when: not matrix_awx_janitor_user_created|bool
no_log: True
- name: Update AWX janitor user created variable
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: 'AWX Settings'
with_dict:
'matrix_awx_janitor_user_created': 'true'
when: not matrix_awx_janitor_user_created|bool

View File

@ -1,3 +1,4 @@
- import_tasks: "{{ role_path }}/tasks/start.yml"
when: run_start|bool
tags:
@ -12,6 +13,13 @@
tags:
- always
- import_tasks: "{{ role_path }}/tasks/awx_post.yml"
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- always
- import_tasks: "{{ role_path }}/tasks/run_docker_prune.yml"
tags:
- run-docker-prune

View File

@ -9,6 +9,7 @@ matrix_nginx_proxy_docker_image_force_pull: "{{ matrix_nginx_proxy_docker_image.
matrix_nginx_proxy_base_path: "{{ matrix_base_data_path }}/nginx-proxy"
matrix_nginx_proxy_data_path: "{{ matrix_nginx_proxy_base_path }}/data"
matrix_nginx_proxy_data_path_in_container: "/nginx-data"
matrix_nginx_proxy_confd_path: "{{ matrix_nginx_proxy_base_path }}/conf.d"
# List of systemd services that matrix-nginx-proxy.service depends on

View File

@ -33,7 +33,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \
-p {{ matrix_nginx_proxy_container_federation_host_bind_port }}:{{ matrix_nginx_proxy_proxy_matrix_federation_port }} \
{% endif %}
--mount type=bind,src={{ matrix_nginx_proxy_base_path }}/nginx.conf,dst=/etc/nginx/nginx.conf,ro \
--mount type=bind,src={{ matrix_nginx_proxy_data_path }},dst=/nginx-data,ro \
--mount type=bind,src={{ matrix_nginx_proxy_data_path }},dst={{ matrix_nginx_proxy_data_path_in_container }},ro \
--mount type=bind,src={{ matrix_nginx_proxy_confd_path }},dst=/etc/nginx/conf.d,ro \
{% if matrix_ssl_retrieval_method != 'none' %}
--mount type=bind,src={{ matrix_ssl_config_dir_path }},dst={{ matrix_ssl_config_dir_path }},ro \

View File

@ -7,6 +7,7 @@
- roles/matrix-synapse/vars/workers.yml
roles:
- matrix-awx
- matrix-base
- matrix-dynamic-dns
- matrix-mailer