finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Move roles/matrix* to roles/custom/matrix*

Browse Source 
This paves the way for installing other roles into `roles/galaxy` using `ansible-galaxy`,
similar to how it's done in:

- https://github.com/spantaleev/gitea-docker-ansible-deploy
- https://github.com/spantaleev/nextcloud-docker-ansible-deploy

In the near future, we'll be removing a lot of the shared role code from here
and using upstream roles for it. Some of the core `matrix-*` roles have
already been extracted out into other reusable roles:

- https://github.com/devture/com.devture.ansible.role.postgres
- https://github.com/devture/com.devture.ansible.role.systemd_docker_base
- https://github.com/devture/com.devture.ansible.role.timesync
- https://github.com/devture/com.devture.ansible.role.vars_preserver
- https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages
- https://github.com/devture/com.devture.ansible.role.playbook_help

We just need to migrate to those.
This commit is contained in:
Slavi Pantaleev
2022-11-03 09:11:29 +02:00
parent 6c131138ad
commit 410a915a8a
722 changed files with 148 additions and 145 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup.yml Normal file
View File

@ -0,0 +1,7 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_install.yml"
when: matrix_synapse_ext_encryption_disabler_enabled | bool
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_uninstall.yml"
when: "not matrix_synapse_ext_encryption_disabler_enabled | bool"

41
roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup_install.yml Normal file
View File

@ -0,0 +1,41 @@
---
- name: Download matrix_encryption_disabler
ansible.builtin.get_url:
url: "{{ matrix_synapse_ext_encryption_disabler_download_url }}"
dest: "{{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py"
force: true
mode: 0440
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
register: result
retries: "{{ matrix_geturl_retries_count }}"
delay: "{{ matrix_geturl_retries_delay }}"
until: result is not failed
- ansible.builtin.set_fact:
matrix_synapse_modules: |
{{
matrix_synapse_modules | default([])
+
[
{
"module": "matrix_e2ee_filter.EncryptedRoomFilter",
"config": matrix_synapse_ext_encryption_config
}
]
}}
matrix_synapse_container_extra_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
+
["--mount type=bind,src={{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py,dst={{ matrix_synapse_in_container_python_packages_path }}/matrix_e2ee_filter.py,ro"]
}}
matrix_synapse_additional_loggers: >
{{
matrix_synapse_additional_loggers
+
[{'name': 'matrix_e2ee_filter', 'level': 'INFO'}]
}}

6
roles/custom/matrix-synapse/tasks/ext/encryption-disabler/setup_uninstall.yml Normal file
View File

@ -0,0 +1,6 @@
---
- name: Ensure matrix_encryption_disabler doesn't exist
ansible.builtin.file:
path: "{{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py"
state: absent

12
roles/custom/matrix-synapse/tasks/ext/ldap-auth/setup.yml Normal file
View File

@ -0,0 +1,12 @@
---
- ansible.builtin.set_fact:
matrix_synapse_password_providers_enabled: true
matrix_synapse_additional_loggers: >
{{
matrix_synapse_additional_loggers
+
[{'name': 'ldap_auth_provider', 'level': 'INFO'}]
}}
when: matrix_synapse_ext_password_provider_ldap_enabled | bool

7
roles/custom/matrix-synapse/tasks/ext/mjolnir-antispam/setup.yml Normal file
View File

@ -0,0 +1,7 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup_install.yml"
when: matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled | bool
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup_uninstall.yml"
when: "not matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled | bool"

56
roles/custom/matrix-synapse/tasks/ext/mjolnir-antispam/setup_install.yml Normal file
View File

@ -0,0 +1,56 @@
---
- name: Ensure git installed (RedHat)
ansible.builtin.yum:
name:
- git
state: present
update_cache: false
when: "ansible_os_family == 'RedHat'"
- name: Ensure git installed (Debian)
ansible.builtin.apt:
name:
- git
state: present
update_cache: false
when: "ansible_os_family == 'Debian'"
- name: Ensure git installed (Archlinux)
community.general.pacman:
name:
- git
state: present
update_cache: false
when: "ansible_distribution == 'Archlinux'"
- name: Clone mjolnir-antispam git repository
ansible.builtin.git:
repo: "{{ matrix_synapse_ext_spam_checker_mjolnir_antispam_git_repository_url }}"
version: "{{ matrix_synapse_ext_spam_checker_mjolnir_antispam_git_version }}"
dest: "{{ matrix_synapse_ext_path }}/mjolnir"
become: true
become_user: "{{ matrix_user_username }}"
- ansible.builtin.set_fact:
matrix_synapse_spam_checker: >
{{
matrix_synapse_spam_checker
+
[{
"module": "mjolnir.AntiSpam",
"config": {
"block_invites": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_invites,
"block_messages": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_messages,
"block_usernames": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_block_usernames,
"ban_lists": matrix_synapse_ext_spam_checker_mjolnir_antispam_config_ban_lists,
}
}]
}}
matrix_synapse_container_extra_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
+
["--mount type=bind,src={{ matrix_synapse_ext_path }}/mjolnir/synapse_antispam/mjolnir,dst={{ matrix_synapse_in_container_python_packages_path }}/mjolnir,ro"]
}}

6
roles/custom/matrix-synapse/tasks/ext/mjolnir-antispam/setup_uninstall.yml Normal file
View File

@ -0,0 +1,6 @@
---
- name: Ensure mjolnir-antispam doesn't exist
ansible.builtin.file:
path: "{{ matrix_synapse_ext_path }}/mjolnir"
state: absent

7
roles/custom/matrix-synapse/tasks/ext/rest-auth/setup.yml Normal file
View File

@ -0,0 +1,7 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup_install.yml"
when: matrix_synapse_ext_password_provider_rest_auth_enabled | bool
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup_uninstall.yml"
when: "not matrix_synapse_ext_password_provider_rest_auth_enabled | bool"

36
roles/custom/matrix-synapse/tasks/ext/rest-auth/setup_install.yml Normal file
View File

@ -0,0 +1,36 @@
---
- name: Fail if REST Auth endpoint not configured
ansible.builtin.fail:
msg: "You have enabled the REST Auth password provider, but have not configured its endpoint in the `matrix_synapse_ext_password_provider_rest_auth_endpoint` variable. Consult the documentation."
when: "matrix_synapse_ext_password_provider_rest_auth_endpoint == ''"
- name: Download matrix-synapse-rest-auth
ansible.builtin.get_url:
url: "{{ matrix_synapse_ext_password_provider_rest_auth_download_url }}"
dest: "{{ matrix_synapse_ext_path }}/rest_auth_provider.py"
force: true
mode: 0440
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
register: result
retries: "{{ matrix_geturl_retries_count }}"
delay: "{{ matrix_geturl_retries_delay }}"
until: result is not failed
- ansible.builtin.set_fact:
matrix_synapse_password_providers_enabled: true
matrix_synapse_container_extra_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
+
["--mount type=bind,src={{ matrix_synapse_ext_path }}/rest_auth_provider.py,dst={{ matrix_synapse_in_container_python_packages_path }}/rest_auth_provider.py,ro"]
}}
matrix_synapse_additional_loggers: >
{{
matrix_synapse_additional_loggers
+
[{'name': 'rest_auth_provider', 'level': 'INFO'}]
}}

6
roles/custom/matrix-synapse/tasks/ext/rest-auth/setup_uninstall.yml Normal file
View File

@ -0,0 +1,6 @@
---
- name: Ensure matrix-synapse-rest-auth doesn't exist
ansible.builtin.file:
path: "{{ matrix_synapse_ext_path }}/rest_auth_provider.py"
state: absent

5
roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/init.yml Normal file
View File

@ -0,0 +1,5 @@
---
- ansible.builtin.set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse-s3-storage-provider-migrate.timer'] }}"
when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool

10
roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup.yml Normal file
View File

@ -0,0 +1,10 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/validate_config.yml"
when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/setup_install.yml"
when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/setup_uninstall.yml"
when: not matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool

52
roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_install.yml Normal file
View File

@ -0,0 +1,52 @@
---
# We install this into Synapse by making `matrix_synapse_ext_synapse_s3_storage_provider_enabled` influence other variables:
# - `matrix_synapse_media_storage_providers` (via `matrix_synapse_media_storage_providers_auto`)
# - `matrix_synapse_container_image_customizations_enabled`
# - `matrix_synapse_container_image_customizations_s3_storage_provider_installation_enabled`
#
# Below are additional tasks for setting up various helper scripts, etc.
- name: Ensure s3-storage-provider env file installed
ansible.builtin.template:
src: "{{ role_path }}/templates/synapse/ext/s3-storage-provider/env.j2"
dest: "{{ matrix_synapse_ext_s3_storage_provider_path }}/env"
mode: 0640
- name: Ensure s3-storage-provider data path exists
ansible.builtin.file:
path: "{{ matrix_synapse_ext_s3_storage_provider_path }}/data"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
- name: Ensure s3-storage-provider database.yaml file installed
ansible.builtin.template:
src: "{{ role_path }}/templates/synapse/ext/s3-storage-provider/database.yaml.j2"
dest: "{{ matrix_synapse_ext_s3_storage_provider_path }}/data/database.yaml"
mode: 0640
- name: Ensure s3-storage-provider scripts installed
ansible.builtin.template:
src: "{{ role_path }}/templates/synapse/ext/s3-storage-provider/usr-local-bin/{{ item }}.j2"
dest: "{{ matrix_local_bin_path }}/{{ item }}"
mode: 0750
with_items:
- matrix-synapse-s3-storage-provider-shell
- matrix-synapse-s3-storage-provider-migrate
- name: Ensure matrix-synapse-s3-storage-provider-migrate.service and timer are installed
ansible.builtin.template:
src: "{{ role_path }}/templates/synapse/ext/s3-storage-provider/systemd/{{ item }}.j2"
dest: "{{ matrix_systemd_path }}/{{ item }}"
mode: 0640
with_items:
- matrix-synapse-s3-storage-provider-migrate.service
- matrix-synapse-s3-storage-provider-migrate.timer
register: matrix_synapse_s3_storage_provider_systemd_service_result
- name: Ensure systemd reloaded after matrix-synapse-s3-storage-provider-migrate.service installation
ansible.builtin.service:
daemon_reload: true
when: matrix_synapse_s3_storage_provider_systemd_service_result.changed | bool

24
roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/setup_uninstall.yml Normal file
View File

@ -0,0 +1,24 @@
---
- name: Ensure matrix-synapse-s3-storage-provider-migrate.service and timer don't exist
ansible.builtin.file:
path: "{{ matrix_systemd_path }}/{{ item }}"
state: absent
with_items:
- matrix-synapse-s3-storage-provider-migrate.timer
- matrix-synapse-s3-storage-provider-migrate.service
register: matrix_synapse_s3_storage_provider_migrate_sevice_removal
- name: Ensure systemd reloaded after matrix-synapse-s3-storage-provider-migrate.service removal
ansible.builtin.service:
daemon_reload: true
when: matrix_synapse_s3_storage_provider_migrate_sevice_removal.changed | bool
- name: Ensure s3-storage-provider files don't exist
ansible.builtin.file:
path: "{{ item }}"
state: absent
with_items:
- "{{ matrix_local_bin_path }}/matrix-synapse-s3-storage-provider-shell"
- "{{ matrix_local_bin_path }}/matrix-synapse-s3-storage-provider-migrate"
- "{{ matrix_synapse_ext_s3_storage_provider_path }}"

18
roles/custom/matrix-synapse/tasks/ext/s3-storage-provider/validate_config.yml Normal file
View File

@ -0,0 +1,18 @@
---
- name: Fail if required s3-storage-provider settings not defined
ansible.builtin.fail:
msg: >-
You need to define a required configuration setting (`{{ item }}`) for using s3-storage-provider.
when: "vars[item] == ''"
with_items:
- "matrix_synapse_ext_synapse_s3_storage_provider_config_bucket"
- "matrix_synapse_ext_synapse_s3_storage_provider_config_region_name"
- "matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id"
- "matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key"
- name: Fail if required matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url looks invalid
ansible.builtin.fail:
msg: >-
`matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url` needs to look like a URL (`http://` or `https://` prefix).
when: "matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url != '' and not matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url.startswith('http')"

15
roles/custom/matrix-synapse/tasks/ext/setup.yml Normal file
View File

@ -0,0 +1,15 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup.yml"
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup.yml"
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup.yml"
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/ldap-auth/setup.yml"
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup.yml"
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup.yml"
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/setup.yml"

7
roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml Normal file
View File

@ -0,0 +1,7 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup_install.yml"
when: matrix_synapse_ext_password_provider_shared_secret_auth_enabled | bool
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup_uninstall.yml"
when: "not matrix_synapse_ext_password_provider_shared_secret_auth_enabled | bool"

51
roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml Normal file
View File

@ -0,0 +1,51 @@
---
- name: Fail if Shared Secret Auth secret not set
ansible.builtin.fail:
msg: "Shared Secret Auth is enabled, but no secret has been set in matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret"
when: "matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret == ''"
- name: Fail if no Shared Secret Auth login types enabled
ansible.builtin.fail:
msg: "Shared Secret Auth is enabled, but none of the login types are"
when: "not (matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled or matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled)"
- name: Download matrix-synapse-shared-secret-auth
ansible.builtin.get_url:
url: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_download_url }}"
dest: "{{ matrix_synapse_ext_path }}/shared_secret_authenticator.py"
force: true
mode: 0440
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
register: result
retries: "{{ matrix_geturl_retries_count }}"
delay: "{{ matrix_geturl_retries_delay }}"
until: result is not failed
- ansible.builtin.set_fact:
matrix_synapse_modules: |
{{
matrix_synapse_modules | default([])
+
[
{
"module": "shared_secret_authenticator.SharedSecretAuthProvider",
"config": matrix_synapse_ext_password_provider_shared_secret_config
}
]
}}
matrix_synapse_container_extra_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
+
["--mount type=bind,src={{ matrix_synapse_ext_path }}/shared_secret_authenticator.py,dst={{ matrix_synapse_in_container_python_packages_path }}/shared_secret_authenticator.py,ro"]
}}
matrix_synapse_additional_loggers: >
{{
matrix_synapse_additional_loggers
+
[{'name': 'shared_secret_authenticator', 'level': 'INFO'}]
}}

6
roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup_uninstall.yml Normal file
View File

@ -0,0 +1,6 @@
---
- name: Ensure matrix-synapse-shared-secret-auth doesn't exist
ansible.builtin.file:
path: "{{ matrix_synapse_ext_path }}/shared_secret_authenticator.py"
state: absent

7
roles/custom/matrix-synapse/tasks/ext/synapse-simple-antispam/setup.yml Normal file
View File

@ -0,0 +1,7 @@
---
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup_install.yml"
when: matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled | bool
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup_uninstall.yml"
when: "not matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled | bool"

58
roles/custom/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_install.yml Normal file
View File

@ -0,0 +1,58 @@
---
- name: Fail if Synapse Simple Antispam blocked homeservers is not set
ansible.builtin.fail:
msg: "Synapse Simple Antispam is enabled, but no blocked homeservers have been set in matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers"
when: "matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers | length == 0"
- name: Ensure git installed (RedHat)
ansible.builtin.yum:
name:
- git
state: present
update_cache: false
when: "ansible_os_family == 'RedHat'"
- name: Ensure git installed (Debian)
ansible.builtin.apt:
name:
- git
state: present
update_cache: false
when: "ansible_os_family == 'Debian'"
- name: Ensure git installed (Archlinux)
community.general.pacman:
name:
- git
state: present
update_cache: false
when: "ansible_distribution == 'Archlinux'"
- name: Clone synapse-simple-antispam git repository
ansible.builtin.git:
repo: "{{ matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_repository_url }}"
version: "{{ matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_version }}"
dest: "{{ matrix_synapse_ext_path }}/synapse-simple-antispam"
become: true
become_user: "{{ matrix_user_username }}"
- ansible.builtin.set_fact:
matrix_synapse_modules: >
{{
matrix_synapse_modules
+
[{
"module": "synapse_simple_antispam.AntiSpamInvites",
"config": {
"blocked_homeservers": matrix_synapse_ext_spam_checker_synapse_simple_antispam_config_blocked_homeservers
}
}]
}}
matrix_synapse_container_extra_arguments: >
{{
matrix_synapse_container_extra_arguments | default([])
+
["--mount type=bind,src={{ matrix_synapse_ext_path }}/synapse-simple-antispam/synapse_simple_antispam,dst={{ matrix_synapse_in_container_python_packages_path }}/synapse_simple_antispam,ro"]
}}

6
roles/custom/matrix-synapse/tasks/ext/synapse-simple-antispam/setup_uninstall.yml Normal file
View File

@ -0,0 +1,6 @@
---
- name: Ensure synapse-simple-antispam doesn't exist
ansible.builtin.file:
path: "{{ matrix_synapse_ext_path }}/synapse-simple-antispam"
state: absent