Merge branch 'master' into synapse-s3-sse-c
This commit is contained in:
Cody Wyatt Neiman
@ -36,7 +36,7 @@ matrix_synapse_container_image_customizations_dockerfile_body_custom: ''
|
||||
|
||||
matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:{{ matrix_synapse_docker_image_tag }}"
|
||||
matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_container_image_self_build else matrix_container_global_registry_prefix }}"
|
||||
matrix_synapse_version: v1.71.0
|
||||
matrix_synapse_version: v1.74.0
|
||||
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version }}"
|
||||
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
|
||||
|
||||
@ -49,13 +49,19 @@ matrix_synapse_docker_image_customized: "localhost/matrixdotorg/synapse:{{ matri
|
||||
matrix_synapse_docker_image_final: "{{ matrix_synapse_docker_image_customized if matrix_synapse_container_image_customizations_enabled else matrix_synapse_docker_image }} "
|
||||
|
||||
matrix_synapse_base_path: "{{ matrix_base_data_path }}/synapse"
|
||||
|
||||
matrix_synapse_docker_src_files_path: "{{ matrix_synapse_base_path }}/docker-src"
|
||||
matrix_synapse_customized_docker_src_files_path: "{{ matrix_synapse_base_path }}/customized-docker-src"
|
||||
matrix_synapse_config_dir_path: "{{ matrix_synapse_base_path }}/config"
|
||||
matrix_synapse_storage_path: "{{ matrix_synapse_base_path }}/storage"
|
||||
matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store"
|
||||
matrix_synapse_bin_path: "{{ matrix_synapse_base_path }}/bin"
|
||||
|
||||
matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext"
|
||||
matrix_synapse_ext_s3_storage_provider_path: "{{ matrix_synapse_base_path }}/ext/s3-storage-provider"
|
||||
|
||||
matrix_synapse_ext_s3_storage_provider_base_path: "{{ matrix_synapse_base_path }}/ext/s3-storage-provider"
|
||||
matrix_synapse_ext_s3_storage_provider_bin_path: "{{ matrix_synapse_ext_s3_storage_provider_base_path }}/bin"
|
||||
matrix_synapse_ext_s3_storage_provider_data_path: "{{ matrix_synapse_ext_s3_storage_provider_base_path }}/data"
|
||||
|
||||
matrix_synapse_container_client_api_port: 8008
|
||||
|
||||
@ -101,15 +107,15 @@ matrix_synapse_container_manhole_api_host_bind_port: ''
|
||||
# Also see `matrix_synapse_container_arguments`
|
||||
matrix_synapse_container_extra_arguments: []
|
||||
|
||||
# matrix_synapse_container_runtime_injected_arguments is a list of extra arguments to pass to the container.
|
||||
# This list is built during runtime. You're not meant to override this variable.
|
||||
# matrix_synapse_container_extra_arguments_auto is a list of extra arguments to pass to the container.
|
||||
# This list is managed by the playbook. You're not meant to override this variable.
|
||||
# If you'd like to inject your own arguments, see `matrix_synapse_container_extra_arguments`.
|
||||
matrix_synapse_container_runtime_injected_arguments: []
|
||||
matrix_synapse_container_extra_arguments_auto: []
|
||||
|
||||
# matrix_synapse_container_arguments holds the final list of extra arguments to pass to the container.
|
||||
# You're not meant to override this variable.
|
||||
# If you'd like to inject your own arguments, see `matrix_synapse_container_extra_arguments`.
|
||||
matrix_synapse_container_arguments: "{{ matrix_synapse_container_extra_arguments + matrix_synapse_container_runtime_injected_arguments }}"
|
||||
matrix_synapse_container_arguments: "{{ matrix_synapse_container_extra_arguments + matrix_synapse_container_extra_arguments_auto }}"
|
||||
|
||||
# List of systemd services that matrix-synapse.service depends on
|
||||
matrix_synapse_systemd_required_services_list: ['docker.service']
|
||||
@ -371,15 +377,15 @@ matrix_synapse_additional_loggers: []
|
||||
# Also see `matrix_synapse_app_service_config_files_final`
|
||||
matrix_synapse_app_service_config_files: []
|
||||
|
||||
# matrix_synapse_app_service_runtime_injected_config_files is a list of appservice config files.
|
||||
# This list is built during runtime. You're not meant to override this variable.
|
||||
# matrix_synapse_app_service_config_files_auto is a list of appservice config files.
|
||||
# This list is managed by the playbook. You're not meant to override this variable.
|
||||
# If you'd like to inject your own arguments, see `matrix_synapse_app_service_config_files`.
|
||||
matrix_synapse_app_service_runtime_injected_config_files: []
|
||||
matrix_synapse_app_service_config_files_auto: []
|
||||
|
||||
# matrix_synapse_app_service_config_files_final holds the final list of config files to pass to the container.
|
||||
# You're not meant to override this variable.
|
||||
# If you'd like to inject your own arguments, see `matrix_synapse_app_service_config_files`.
|
||||
matrix_synapse_app_service_config_files_final: "{{ matrix_synapse_app_service_config_files + matrix_synapse_app_service_runtime_injected_config_files }}"
|
||||
matrix_synapse_app_service_config_files_final: "{{ matrix_synapse_app_service_config_files + matrix_synapse_app_service_config_files_auto }}"
|
||||
|
||||
# This is set dynamically during execution depending on whether
|
||||
# any password providers have been enabled or not.
|
||||
@ -548,11 +554,6 @@ matrix_synapse_workers_pusher_workers_metrics_range_start: 19200
|
||||
# Adjusting this value manually is generally not necessary.
|
||||
matrix_synapse_federation_pusher_instances: []
|
||||
|
||||
# matrix_synapse_start_pushers controls if the main Synapse process should push out notifications or if it should be left to pusher workers (see `matrix_synapse_federation_pusher_instances`).
|
||||
# This is enabled if workers are disabled, or if they are enabled, but there are no pusher workers.
|
||||
# Adjusting this value manually is generally not necessary.
|
||||
matrix_synapse_start_pushers: "{{ not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'pusher') | list | length == 0) }}"
|
||||
|
||||
# matrix_synapse_workers_federation_sender_workers_count controls the number of federation sender workers to spawn.
|
||||
# See https://matrix-org.github.io/synapse/latest/workers.html#synapseappfederation_sender
|
||||
matrix_synapse_workers_federation_sender_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['federation_sender_workers_count'] }}"
|
||||
@ -563,11 +564,6 @@ matrix_synapse_workers_federation_sender_workers_metrics_range_start: 19400
|
||||
# Adjusting this value manually is generally not necessary.
|
||||
matrix_synapse_federation_sender_instances: []
|
||||
|
||||
# matrix_synapse_send_federation controls if the main Synapse process should send federation traffic or if it should be left to federation_sender workers (see `matrix_synapse_federation_sender_instances`).
|
||||
# This is allowed if workers are disabled, or they are enabled, but there are no federation sender workers.
|
||||
# Adjusting this value manually is generally not necessary.
|
||||
matrix_synapse_send_federation: "{{ not matrix_synapse_workers_enabled or (matrix_synapse_workers_enabled_list | selectattr('type', 'equalto', 'federation_sender') | list | length == 0) }}"
|
||||
|
||||
matrix_synapse_workers_media_repository_workers_count: "{{ matrix_synapse_workers_presets[matrix_synapse_workers_preset]['media_repository_workers_count'] }}"
|
||||
matrix_synapse_workers_media_repository_workers_port_range_start: 18551
|
||||
matrix_synapse_workers_media_repository_workers_metrics_range_start: 19551
|
||||
@ -681,7 +677,7 @@ matrix_synapse_sentry_dsn: ""
|
||||
|
||||
# Postgres database information
|
||||
matrix_synapse_database_txn_limit: 0
|
||||
matrix_synapse_database_host: "matrix-postgres"
|
||||
matrix_synapse_database_host: ''
|
||||
matrix_synapse_database_port: 5432
|
||||
matrix_synapse_database_user: "synapse"
|
||||
matrix_synapse_database_password: ""
|
||||
|
||||
@ -1,7 +0,0 @@
|
||||
---
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_install.yml"
|
||||
when: matrix_synapse_ext_encryption_disabler_enabled | bool
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_uninstall.yml"
|
||||
when: "not matrix_synapse_ext_encryption_disabler_enabled | bool"
|
||||
@ -9,4 +9,3 @@
|
||||
+
|
||||
[{'name': 'ldap_auth_provider', 'level': 'INFO'}]
|
||||
}}
|
||||
when: matrix_synapse_ext_password_provider_ldap_enabled | bool
|
||||
@ -1,7 +0,0 @@
|
||||
---
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup_install.yml"
|
||||
when: matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled | bool
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup_uninstall.yml"
|
||||
when: "not matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled | bool"
|
||||
@ -1,7 +0,0 @@
|
||||
---
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup_install.yml"
|
||||
when: matrix_synapse_ext_password_provider_rest_auth_enabled | bool
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup_uninstall.yml"
|
||||
when: "not matrix_synapse_ext_password_provider_rest_auth_enabled | bool"
|
||||
@ -1,5 +0,0 @@
|
||||
---
|
||||
|
||||
- ansible.builtin.set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse-s3-storage-provider-migrate.timer'] }}"
|
||||
when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool
|
||||
@ -1,10 +0,0 @@
|
||||
---
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/validate_config.yml"
|
||||
when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/setup_install.yml"
|
||||
when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/setup_uninstall.yml"
|
||||
when: not matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool
|
||||
@ -7,34 +7,37 @@
|
||||
#
|
||||
# Below are additional tasks for setting up various helper scripts, etc.
|
||||
|
||||
- name: Ensure s3-storage-provider env file installed
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/templates/synapse/ext/s3-storage-provider/env.j2"
|
||||
dest: "{{ matrix_synapse_ext_s3_storage_provider_path }}/env"
|
||||
mode: 0640
|
||||
|
||||
- name: Ensure s3-storage-provider data path exists
|
||||
- name: Ensure s3-storage-provider paths exists
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_synapse_ext_s3_storage_provider_path }}/data"
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
with_items:
|
||||
- "{{ matrix_synapse_ext_s3_storage_provider_base_path }}"
|
||||
- "{{ matrix_synapse_ext_s3_storage_provider_bin_path }}"
|
||||
|
||||
- name: Ensure s3-storage-provider env file installed
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/templates/synapse/ext/s3-storage-provider/env.j2"
|
||||
dest: "{{ matrix_synapse_ext_s3_storage_provider_base_path }}/env"
|
||||
mode: 0640
|
||||
|
||||
- name: Ensure s3-storage-provider database.yaml file installed
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/templates/synapse/ext/s3-storage-provider/database.yaml.j2"
|
||||
dest: "{{ matrix_synapse_ext_s3_storage_provider_path }}/data/database.yaml"
|
||||
dest: "{{ matrix_synapse_ext_s3_storage_provider_data_path }}/database.yaml"
|
||||
mode: 0640
|
||||
|
||||
- name: Ensure s3-storage-provider scripts installed
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/templates/synapse/ext/s3-storage-provider/usr-local-bin/{{ item }}.j2"
|
||||
dest: "{{ matrix_local_bin_path }}/{{ item }}"
|
||||
src: "{{ role_path }}/templates/synapse/ext/s3-storage-provider/bin/{{ item }}.j2"
|
||||
dest: "{{ matrix_synapse_ext_s3_storage_provider_bin_path }}/{{ item }}"
|
||||
mode: 0750
|
||||
with_items:
|
||||
- matrix-synapse-s3-storage-provider-shell
|
||||
- matrix-synapse-s3-storage-provider-migrate
|
||||
- shell
|
||||
- migrate
|
||||
|
||||
- name: Ensure matrix-synapse-s3-storage-provider-migrate.service and timer are installed
|
||||
ansible.builtin.template:
|
||||
@ -45,8 +48,3 @@
|
||||
- matrix-synapse-s3-storage-provider-migrate.service
|
||||
- matrix-synapse-s3-storage-provider-migrate.timer
|
||||
register: matrix_synapse_s3_storage_provider_systemd_service_result
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-synapse-s3-storage-provider-migrate.service installation
|
||||
ansible.builtin.service:
|
||||
daemon_reload: true
|
||||
when: matrix_synapse_s3_storage_provider_systemd_service_result.changed | bool
|
||||
|
||||
@ -9,16 +9,7 @@
|
||||
- matrix-synapse-s3-storage-provider-migrate.service
|
||||
register: matrix_synapse_s3_storage_provider_migrate_sevice_removal
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-synapse-s3-storage-provider-migrate.service removal
|
||||
ansible.builtin.service:
|
||||
daemon_reload: true
|
||||
when: matrix_synapse_s3_storage_provider_migrate_sevice_removal.changed | bool
|
||||
|
||||
- name: Ensure s3-storage-provider files don't exist
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
path: "{{ matrix_synapse_ext_s3_storage_provider_base_path }}"
|
||||
state: absent
|
||||
with_items:
|
||||
- "{{ matrix_local_bin_path }}/matrix-synapse-s3-storage-provider-shell"
|
||||
- "{{ matrix_local_bin_path }}/matrix-synapse-s3-storage-provider-migrate"
|
||||
- "{{ matrix_synapse_ext_s3_storage_provider_path }}"
|
||||
|
||||
@ -10,9 +10,10 @@
|
||||
- "matrix_synapse_ext_synapse_s3_storage_provider_config_region_name"
|
||||
- "matrix_synapse_ext_synapse_s3_storage_provider_config_access_key_id"
|
||||
- "matrix_synapse_ext_synapse_s3_storage_provider_config_secret_access_key"
|
||||
- "matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url"
|
||||
|
||||
- name: Fail if required matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url looks invalid
|
||||
ansible.builtin.fail:
|
||||
msg: >-
|
||||
`matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url` needs to look like a URL (`http://` or `https://` prefix).
|
||||
when: "matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url != '' and not matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url.startswith('http')"
|
||||
when: "not matrix_synapse_ext_synapse_s3_storage_provider_config_endpoint_url.startswith('http')"
|
||||
|
||||
@ -1,15 +0,0 @@
|
||||
---
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup.yml"
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup.yml"
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup.yml"
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/ldap-auth/setup.yml"
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup.yml"
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup.yml"
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/setup.yml"
|
||||
60
roles/custom/matrix-synapse/tasks/ext/setup_install.yml
Normal file
60
roles/custom/matrix-synapse/tasks/ext/setup_install.yml
Normal file
@ -0,0 +1,60 @@
|
||||
---
|
||||
|
||||
# encryption-disabler
|
||||
- block:
|
||||
- when: matrix_synapse_ext_encryption_disabler_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_install.yml"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-synapse
|
||||
|
||||
# rest-auth
|
||||
- block:
|
||||
- when: matrix_synapse_ext_password_provider_rest_auth_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup_install.yml"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-synapse
|
||||
|
||||
# shared-secret-auth
|
||||
- block:
|
||||
- when: matrix_synapse_ext_password_provider_shared_secret_auth_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup_install.yml"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-synapse
|
||||
|
||||
# ldap-auth
|
||||
- block:
|
||||
- when: matrix_synapse_ext_password_provider_ldap_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/ldap-auth/setup_install.yml"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-synapse
|
||||
|
||||
# synapse-simple-antispam
|
||||
- block:
|
||||
- when: matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup_install.yml"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-synapse
|
||||
|
||||
# mjolnir-antispam
|
||||
- block:
|
||||
- when: matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup_install.yml"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-synapse
|
||||
|
||||
# s3-storage-provider
|
||||
- block:
|
||||
- when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/validate_config.yml"
|
||||
|
||||
- when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/setup_install.yml"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-synapse
|
||||
52
roles/custom/matrix-synapse/tasks/ext/setup_uninstall.yml
Normal file
52
roles/custom/matrix-synapse/tasks/ext/setup_uninstall.yml
Normal file
@ -0,0 +1,52 @@
|
||||
---
|
||||
|
||||
# encryption-disabler
|
||||
- block:
|
||||
- when: not matrix_synapse_ext_encryption_disabler_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/encryption-disabler/setup_uninstall.yml"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-synapse
|
||||
|
||||
# rest-auth
|
||||
- block:
|
||||
- when: not matrix_synapse_ext_password_provider_rest_auth_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup_uninstall.yml"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-synapse
|
||||
|
||||
# shared-secret-auth
|
||||
- block:
|
||||
- when: not matrix_synapse_ext_password_provider_shared_secret_auth_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup_uninstall.yml"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-synapse
|
||||
|
||||
# ldap-auth has no uninstall tasks
|
||||
|
||||
|
||||
# synapse-simple-antispam
|
||||
- block:
|
||||
- when: not matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup_uninstall.yml"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-synapse
|
||||
|
||||
# mjolnir-antispam
|
||||
- block:
|
||||
- when: not matrix_synapse_ext_spam_checker_mjolnir_antispam_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/mjolnir-antispam/setup_uninstall.yml"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-synapse
|
||||
|
||||
# s3-storage-provider
|
||||
- block:
|
||||
- when: not matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/setup_uninstall.yml"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-synapse
|
||||
@ -1,7 +0,0 @@
|
||||
---
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup_install.yml"
|
||||
when: matrix_synapse_ext_password_provider_shared_secret_auth_enabled | bool
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup_uninstall.yml"
|
||||
when: "not matrix_synapse_ext_password_provider_shared_secret_auth_enabled | bool"
|
||||
@ -1,7 +0,0 @@
|
||||
---
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup_install.yml"
|
||||
when: matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled | bool
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/synapse-simple-antispam/setup_uninstall.yml"
|
||||
when: "not matrix_synapse_ext_spam_checker_synapse_simple_antispam_enabled | bool"
|
||||
@ -1,7 +0,0 @@
|
||||
---
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/goofys/setup_install.yml"
|
||||
when: matrix_s3_media_store_enabled | bool
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/goofys/setup_uninstall.yml"
|
||||
when: "not matrix_s3_media_store_enabled | bool"
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
|
||||
- ansible.builtin.import_role:
|
||||
- ansible.builtin.include_role:
|
||||
name: custom/matrix-base
|
||||
tasks_from: ensure_fuse_installed
|
||||
|
||||
@ -43,9 +43,3 @@
|
||||
src: "{{ role_path }}/templates/goofys/systemd/matrix-goofys.service.j2"
|
||||
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-goofys.service"
|
||||
mode: 0644
|
||||
register: matrix_goofys_systemd_service_result
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-goofys.service installation
|
||||
ansible.builtin.service:
|
||||
daemon_reload: true
|
||||
when: "matrix_goofys_systemd_service_result.changed"
|
||||
|
||||
@ -5,32 +5,21 @@
|
||||
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-goofys.service"
|
||||
register: matrix_goofys_service_stat
|
||||
|
||||
- name: Ensure matrix-goofys is stopped
|
||||
ansible.builtin.service:
|
||||
name: matrix-goofys
|
||||
state: stopped
|
||||
enabled: false
|
||||
daemon_reload: true
|
||||
register: stopping_result
|
||||
when: "matrix_goofys_service_stat.stat.exists"
|
||||
- when: matrix_goofys_service_stat.stat.exists | bool
|
||||
block:
|
||||
- name: Ensure matrix-goofys is stopped
|
||||
ansible.builtin.service:
|
||||
name: matrix-goofys
|
||||
state: stopped
|
||||
enabled: false
|
||||
daemon_reload: true
|
||||
|
||||
- name: Ensure matrix-goofys.service doesn't exist
|
||||
ansible.builtin.file:
|
||||
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-goofys.service"
|
||||
state: absent
|
||||
when: "matrix_goofys_service_stat.stat.exists"
|
||||
- name: Ensure matrix-goofys.service doesn't exist
|
||||
ansible.builtin.file:
|
||||
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-goofys.service"
|
||||
state: absent
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-goofys.service removal
|
||||
ansible.builtin.service:
|
||||
daemon_reload: true
|
||||
when: "matrix_goofys_service_stat.stat.exists"
|
||||
|
||||
- name: Ensure goofys environment variables file doesn't exist
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_synapse_config_dir_path }}/env-goofys"
|
||||
state: absent
|
||||
|
||||
- name: Ensure Goofys Docker image doesn't exist
|
||||
community.docker.docker_image:
|
||||
name: "{{ matrix_s3_goofys_docker_image }}"
|
||||
state: absent
|
||||
- name: Ensure goofys environment variables file doesn't exist
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_synapse_config_dir_path }}/env-goofys"
|
||||
state: absent
|
||||
|
||||
@ -1,35 +1,18 @@
|
||||
---
|
||||
# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
|
||||
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
|
||||
- name: Fail if trying to self-build on Ansible < 2.8
|
||||
ansible.builtin.fail:
|
||||
msg: "To self-build the Synapse image, you should use Ansible 2.8 or higher. See docs/ansible.md"
|
||||
when: "ansible_version.major == 2 and ansible_version.minor < 8 and matrix_synapse_container_image_self_build and matrix_synapse_enabled"
|
||||
|
||||
# Unless `matrix_synapse_workers_enabled_list` is explicitly defined,
|
||||
# we'll generate it dynamically.
|
||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/init.yml"
|
||||
when: "matrix_synapse_enabled and matrix_synapse_workers_enabled and matrix_synapse_workers_enabled_list | length == 0"
|
||||
|
||||
- ansible.builtin.set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-synapse.service'] }}"
|
||||
when: matrix_synapse_enabled | bool
|
||||
when: "matrix_synapse_workers_enabled | bool and matrix_synapse_workers_enabled_list | length == 0"
|
||||
|
||||
- name: Ensure workers are injected into various places
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/util/inject_worker.yml"
|
||||
with_items: "{{ matrix_synapse_workers_enabled_list }}"
|
||||
loop_control:
|
||||
loop_var: matrix_synapse_worker_details
|
||||
when: matrix_synapse_enabled | bool and matrix_synapse_workers_enabled | bool
|
||||
when: matrix_synapse_workers_enabled | bool
|
||||
|
||||
- ansible.builtin.set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-goofys.service'] }}"
|
||||
when: matrix_s3_media_store_enabled | bool
|
||||
|
||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/s3-storage-provider/init.yml"
|
||||
when: matrix_synapse_ext_synapse_s3_storage_provider_enabled | bool
|
||||
|
||||
- when: matrix_synapse_enabled | bool and matrix_synapse_metrics_proxying_enabled | bool
|
||||
- when: matrix_synapse_metrics_proxying_enabled | bool
|
||||
block:
|
||||
- name: Fail if matrix-nginx-proxy role already executed
|
||||
ansible.builtin.fail:
|
||||
|
||||
@ -1,57 +1,73 @@
|
||||
---
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
|
||||
- block:
|
||||
- when: matrix_synapse_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/init.yml"
|
||||
tags:
|
||||
- always
|
||||
- setup-all
|
||||
- setup-synapse
|
||||
- install-all
|
||||
- install-synapse
|
||||
- setup-synapse-reverse-proxy-companion
|
||||
- install-synapse-reverse-proxy-companion
|
||||
- start
|
||||
- start-all
|
||||
- start-group
|
||||
- restart
|
||||
- restart-all
|
||||
- restart-group
|
||||
- stop
|
||||
- stop-all
|
||||
- stop-group
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||
when: run_setup | bool and matrix_synapse_enabled | bool
|
||||
- block:
|
||||
- when: matrix_synapse_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||
|
||||
- when: matrix_synapse_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_install.yml"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-synapse
|
||||
- install-all
|
||||
- install-synapse
|
||||
|
||||
- block:
|
||||
- when: not matrix_synapse_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-synapse
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_synapse.yml"
|
||||
when: run_setup | bool
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-synapse
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/import_media_store.yml"
|
||||
when: run_synapse_import_media_store | bool
|
||||
- block:
|
||||
- when: matrix_synapse_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/import_media_store.yml"
|
||||
tags:
|
||||
- import-synapse-media-store
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/register_user.yml"
|
||||
when: run_synapse_register_user | bool and matrix_synapse_enabled | bool
|
||||
- block:
|
||||
- when: matrix_synapse_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/register_user.yml"
|
||||
tags:
|
||||
- register-user
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check_client_api.yml"
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
when: run_self_check | bool
|
||||
tags:
|
||||
- self-check
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check_federation_api.yml"
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
when: run_self_check | bool
|
||||
tags:
|
||||
- self-check
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/update_user_password.yml"
|
||||
when: run_synapse_update_user_password | bool and matrix_synapse_enabled | bool
|
||||
- block:
|
||||
- when: matrix_synapse_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/update_user_password.yml"
|
||||
tags:
|
||||
- update-user-password
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/rust-synapse-compress-state/main.yml"
|
||||
when: run_synapse_rust_synapse_compress_state | bool
|
||||
- block:
|
||||
- when: matrix_synapse_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/rust-synapse-compress-state/main.yml"
|
||||
tags:
|
||||
- rust-synapse-compress-state
|
||||
|
||||
- name: Mark matrix-synapse role as executed
|
||||
ansible.builtin.set_fact:
|
||||
matrix_synapse_role_executed: true
|
||||
- block:
|
||||
- when: matrix_synapse_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check_client_api.yml"
|
||||
|
||||
- when: matrix_synapse_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check_federation_api.yml"
|
||||
tags:
|
||||
- always
|
||||
- self-check
|
||||
|
||||
@ -28,6 +28,7 @@
|
||||
when: "start_result.changed"
|
||||
|
||||
- name: Register user
|
||||
ansible.builtin.command: "{{ matrix_local_bin_path }}/matrix-synapse-register-user {{ username | quote }} {{ password | quote }} {{ '1' if admin == 'yes' else '0' }}"
|
||||
ansible.builtin.command:
|
||||
cmd: "{{ matrix_synapse_bin_path }}/register-user {{ username | quote }} {{ password | quote }} {{ '1' if admin == 'yes' else '0' }}"
|
||||
register: matrix_synapse_register_user_result
|
||||
changed_when: matrix_synapse_register_user_result.rc == 0
|
||||
|
||||
@ -31,15 +31,15 @@
|
||||
ansible.builtin.set_fact:
|
||||
matrix_synapse_rust_synapse_compress_state_psql_import_command: >-
|
||||
{{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-rust-synapse-compress-state-psql-import
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||
--user={{ devture_postgres_uid }}:{{ devture_postgres_gid }}
|
||||
--cap-drop=ALL
|
||||
--network={{ matrix_docker_network }}
|
||||
--env-file={{ matrix_postgres_base_path }}/env-postgres-psql
|
||||
--network={{ devture_postgres_container_network }}
|
||||
--env-file={{ devture_postgres_base_path }}/env-postgres-psql
|
||||
--mount type=bind,src={{ matrix_synapse_rust_synapse_compress_state_base_path }},dst=/work,ro
|
||||
--entrypoint=/bin/sh
|
||||
{{ matrix_postgres_docker_image_latest }}
|
||||
{{ devture_postgres_container_image_latest }}
|
||||
-c "cat /work/state-compressor.sql |
|
||||
psql -v ON_ERROR_STOP=1 -h matrix-postgres -d {{ matrix_synapse_database_database }}"
|
||||
psql -v ON_ERROR_STOP=1 -h {{ devture_postgres_connection_hostname }} -d {{ matrix_synapse_database_database }}"
|
||||
|
||||
- name: Import compression SQL into Postgres
|
||||
ansible.builtin.command: "{{ matrix_synapse_rust_synapse_compress_state_psql_import_command }}"
|
||||
|
||||
@ -3,8 +3,8 @@
|
||||
|
||||
- name: Fail if Postgres not enabled
|
||||
ansible.builtin.fail:
|
||||
msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot use rust-synapse-compress-state."
|
||||
when: "not matrix_postgres_enabled | bool"
|
||||
msg: "Postgres via the com.devture.ansible.role.postgres role is not enabled (`devture_postgres_enabled`). Cannot use rust-synapse-compress-state."
|
||||
when: "not devture_postgres_enabled | bool"
|
||||
|
||||
|
||||
# Defaults
|
||||
@ -53,17 +53,11 @@
|
||||
delay: "{{ devture_playbook_help_container_retries_delay }}"
|
||||
until: result is not failed
|
||||
|
||||
- name: Generate rust-synapse-compress-state room find command
|
||||
|
||||
- name: Generate rust-synapse-compress-state room find SQL command
|
||||
ansible.builtin.set_fact:
|
||||
matrix_synapse_rust_synapse_compress_state_find_rooms_command: >-
|
||||
{{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-rust-synapse-compress-state-find-rooms
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||
--cap-drop=ALL
|
||||
--network={{ matrix_docker_network }}
|
||||
--env-file={{ matrix_postgres_base_path }}/env-postgres-psql
|
||||
{{ matrix_postgres_docker_image_latest }}
|
||||
psql -v ON_ERROR_STOP=1 -h matrix-postgres {{ matrix_synapse_database_database }} -c
|
||||
'SELECT array_to_json(array_agg(row_to_json (r))) FROM (SELECT room_id, count(*) AS count FROM state_groups_state GROUP BY room_id HAVING count(*) > {{ matrix_synapse_rust_synapse_compress_state_min_state_groups_required }} ORDER BY count DESC) r;'
|
||||
{{ devture_postgres_bin_path }}/cli-non-interactive --dbname={{ matrix_synapse_database_database | quote }} -c "SELECT array_to_json(array_agg(row_to_json (r))) FROM (SELECT room_id, count(*) AS count FROM state_groups_state GROUP BY room_id HAVING count(*) > {{ matrix_synapse_rust_synapse_compress_state_min_state_groups_required }} ORDER BY count DESC) r;"
|
||||
|
||||
- name: Find rooms eligible for compression with rust-synapse-compress-state
|
||||
ansible.builtin.command: "{{ matrix_synapse_rust_synapse_compress_state_find_rooms_command }}"
|
||||
|
||||
@ -9,6 +9,8 @@
|
||||
ignore_errors: true
|
||||
check_mode: false
|
||||
when: matrix_synapse_enabled | bool
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
|
||||
- name: Fail if Matrix Client API not working
|
||||
ansible.builtin.fail:
|
||||
|
||||
@ -9,6 +9,8 @@
|
||||
ignore_errors: true
|
||||
check_mode: false
|
||||
when: matrix_synapse_enabled | bool
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
|
||||
- name: Fail if Matrix Federation API not working
|
||||
ansible.builtin.fail:
|
||||
|
||||
55
roles/custom/matrix-synapse/tasks/setup_install.yml
Normal file
55
roles/custom/matrix-synapse/tasks/setup_install.yml
Normal file
@ -0,0 +1,55 @@
|
||||
---
|
||||
|
||||
- name: Ensure Synapse paths exist
|
||||
ansible.builtin.file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
with_items:
|
||||
- {path: "{{ matrix_synapse_config_dir_path }}", when: true}
|
||||
- {path: "{{ matrix_synapse_ext_path }}", when: true}
|
||||
- {path: "{{ matrix_synapse_bin_path }}", when: true}
|
||||
- {path: "{{ matrix_synapse_docker_src_files_path }}", when: "{{ matrix_synapse_container_image_self_build }}"}
|
||||
- {path: "{{ matrix_synapse_customized_docker_src_files_path }}", when: "{{ matrix_synapse_container_image_customizations_enabled }}"}
|
||||
|
||||
- {path: "{{ matrix_synapse_ext_s3_storage_provider_base_path }}", when: "{{ matrix_synapse_ext_synapse_s3_storage_provider_enabled }}"}
|
||||
- {path: "{{ matrix_synapse_ext_s3_storage_provider_bin_path }}", when: "{{ matrix_synapse_ext_synapse_s3_storage_provider_enabled }}"}
|
||||
- {path: "{{ matrix_synapse_ext_s3_storage_provider_data_path }}", when: "{{ matrix_synapse_ext_synapse_s3_storage_provider_enabled }}"}
|
||||
|
||||
# We handle matrix_synapse_media_store_path elsewhere (in ./synapse/setup_install.yml),
|
||||
# because if it's using Goofys and it's already mounted (from before),
|
||||
# trying to chown/chmod it here will cause trouble.
|
||||
when: item.when | bool
|
||||
|
||||
- block:
|
||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/setup_install.yml"
|
||||
|
||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/setup_uninstall.yml"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-synapse
|
||||
|
||||
- block:
|
||||
- when: matrix_synapse_workers_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/setup_install.yml"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-synapse
|
||||
|
||||
- block:
|
||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/setup_install.yml"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-synapse
|
||||
|
||||
- block:
|
||||
- when: matrix_s3_media_store_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/goofys/setup_install.yml"
|
||||
|
||||
- when: not matrix_s3_media_store_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/goofys/setup_uninstall.yml"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-synapse
|
||||
@ -1,27 +0,0 @@
|
||||
---
|
||||
|
||||
- name: Ensure Synapse paths exist
|
||||
ansible.builtin.file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
with_items:
|
||||
- {path: "{{ matrix_synapse_config_dir_path }}", when: true}
|
||||
- {path: "{{ matrix_synapse_ext_path }}", when: true}
|
||||
- {path: "{{ matrix_synapse_docker_src_files_path }}", when: "{{ matrix_synapse_container_image_self_build }}"}
|
||||
- {path: "{{ matrix_synapse_customized_docker_src_files_path }}", when: "{{ matrix_synapse_container_image_customizations_enabled }}"}
|
||||
- {path: "{{ matrix_synapse_ext_s3_storage_provider_path }}", when: "{{ matrix_synapse_ext_synapse_s3_storage_provider_enabled }}"}
|
||||
# We handle matrix_synapse_media_store_path elsewhere (in ./synapse/setup_install.yml),
|
||||
# because if it's using Goofys and it's already mounted (from before),
|
||||
# trying to chown/chmod it here will cause trouble.
|
||||
when: "(matrix_synapse_enabled | bool or matrix_s3_media_store_enabled | bool) and item.when"
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/setup.yml"
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/synapse/workers/setup.yml"
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/synapse/setup.yml"
|
||||
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/goofys/setup.yml"
|
||||
27
roles/custom/matrix-synapse/tasks/setup_uninstall.yml
Normal file
27
roles/custom/matrix-synapse/tasks/setup_uninstall.yml
Normal file
@ -0,0 +1,27 @@
|
||||
---
|
||||
|
||||
- block:
|
||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/ext/setup_uninstall.yml"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-synapse
|
||||
|
||||
- block:
|
||||
- when: not matrix_synapse_workers_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/setup_uninstall.yml"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-synapse
|
||||
|
||||
- block:
|
||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/setup_uninstall.yml"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-synapse
|
||||
|
||||
- block:
|
||||
- when: not matrix_s3_media_store_enabled | bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/goofys/setup_uninstall.yml"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-synapse
|
||||
@ -127,17 +127,11 @@
|
||||
src: "{{ role_path }}/templates/synapse/systemd/matrix-synapse.service.j2"
|
||||
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse.service"
|
||||
mode: 0644
|
||||
register: matrix_synapse_systemd_service_result
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-synapse.service installation
|
||||
ansible.builtin.service:
|
||||
daemon_reload: true
|
||||
when: "matrix_synapse_systemd_service_result.changed"
|
||||
|
||||
- name: Ensure matrix-synapse-register-user script created
|
||||
- name: Ensure register-user script created
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/templates/synapse/usr-local-bin/matrix-synapse-register-user.j2"
|
||||
dest: "{{ matrix_local_bin_path }}/matrix-synapse-register-user"
|
||||
src: "{{ role_path }}/templates/synapse/bin/register-user.j2"
|
||||
dest: "{{ matrix_synapse_bin_path }}/register-user"
|
||||
mode: 0755
|
||||
|
||||
- name: Generate sample prometheus.yml for external scraping
|
||||
|
||||
@ -5,36 +5,25 @@
|
||||
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse.service"
|
||||
register: matrix_synapse_service_stat
|
||||
|
||||
- name: Ensure matrix-synapse is stopped
|
||||
ansible.builtin.service:
|
||||
name: matrix-synapse
|
||||
state: stopped
|
||||
enabled: false
|
||||
daemon_reload: true
|
||||
register: stopping_result
|
||||
when: "matrix_synapse_service_stat.stat.exists"
|
||||
- when: matrix_synapse_service_stat.stat.exists | bool
|
||||
block:
|
||||
- name: Ensure matrix-synapse is stopped
|
||||
ansible.builtin.service:
|
||||
name: matrix-synapse
|
||||
state: stopped
|
||||
enabled: false
|
||||
daemon_reload: true
|
||||
|
||||
- name: Ensure matrix-synapse.service doesn't exist
|
||||
ansible.builtin.file:
|
||||
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse.service"
|
||||
state: absent
|
||||
when: "matrix_synapse_service_stat.stat.exists"
|
||||
- name: Ensure Synapse paths don't exist
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
state: absent
|
||||
with_items:
|
||||
- "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse.service"
|
||||
- "{{ matrix_synapse_bin_path }}"
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-synapse.service removal
|
||||
ansible.builtin.service:
|
||||
daemon_reload: true
|
||||
when: "matrix_synapse_service_stat.stat.exists"
|
||||
|
||||
- name: Ensure Synapse Docker image doesn't exist
|
||||
community.docker.docker_image:
|
||||
name: "{{ item }}"
|
||||
state: absent
|
||||
with_items:
|
||||
- "{{ matrix_synapse_docker_image_final }}"
|
||||
- "{{ matrix_synapse_docker_image }}"
|
||||
|
||||
- name: Ensure sample prometheus.yml for external scraping is deleted
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_synapse_base_path }}/external_prometheus.yml.example"
|
||||
state: absent
|
||||
when: "not matrix_synapse_metrics_proxying_enabled | bool"
|
||||
- name: Ensure sample prometheus.yml for external scraping is deleted
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_synapse_base_path }}/external_prometheus.yml.example"
|
||||
state: absent
|
||||
when: "not matrix_synapse_metrics_proxying_enabled | bool"
|
||||
|
||||
@ -1,21 +0,0 @@
|
||||
---
|
||||
|
||||
# A previous version of the worker setup used this.
|
||||
# This is a temporary cleanup for people who ran that version.
|
||||
- name: Ensure old matrix-synapse.service.wants directory is gone
|
||||
ansible.builtin.file:
|
||||
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-synapse.service.wants"
|
||||
state: absent
|
||||
|
||||
# Same. This was part of a previous version of the worker setup.
|
||||
# No longer necessary.
|
||||
- name: Ensure matrix-synapse-worker-write-pid script is removed
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_local_bin_path }}/matrix-synapse-worker-write-pid"
|
||||
state: absent
|
||||
|
||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/setup_install.yml"
|
||||
when: "matrix_synapse_enabled | bool and matrix_synapse_workers_enabled | bool"
|
||||
|
||||
- ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/setup_uninstall.yml"
|
||||
when: "not matrix_synapse_workers_enabled | bool"
|
||||
@ -7,12 +7,16 @@
|
||||
use_regex: true
|
||||
register: matrix_synapse_workers_current_config_files
|
||||
|
||||
- ansible.builtin.set_fact:
|
||||
matrix_synapse_enabled_worker_names: "{{ matrix_synapse_workers_enabled_list | map(attribute='name') }}"
|
||||
|
||||
# This also deletes some things which we need. They will be recreated below.
|
||||
- name: Ensure previous worker configs are cleaned
|
||||
- name: Ensure unnecessary worker configs are cleaned
|
||||
ansible.builtin.file:
|
||||
path: "{{ item.path }}"
|
||||
state: absent
|
||||
with_items: "{{ matrix_synapse_workers_current_config_files.files }}"
|
||||
when: "not ansible_check_mode and (item.path | basename | replace ('worker.', '') | replace('.yaml', '')) not in matrix_synapse_enabled_worker_names"
|
||||
|
||||
- name: Determine current worker systemd services
|
||||
ansible.builtin.find:
|
||||
@ -27,13 +31,14 @@
|
||||
state: stopped
|
||||
enabled: false
|
||||
with_items: "{{ matrix_synapse_workers_current_systemd_services.files }}"
|
||||
when: "not ansible_check_mode and item.path | basename not in matrix_systemd_services_list"
|
||||
when: "not ansible_check_mode and (item.path | basename | replace('.service', '')) not in matrix_synapse_enabled_worker_names"
|
||||
|
||||
- name: Ensure unnecessary worker systemd services are cleaned
|
||||
ansible.builtin.file:
|
||||
path: "{{ item.path }}"
|
||||
state: absent
|
||||
with_items: "{{ matrix_synapse_workers_current_systemd_services.files }}"
|
||||
when: "not ansible_check_mode and (item.path | basename | replace('.service', '')) not in matrix_synapse_enabled_worker_names"
|
||||
|
||||
- name: Ensure creation of worker systemd service files and configuration files
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/synapse/workers/util/setup_files_for_worker.yml"
|
||||
|
||||
@ -53,7 +53,7 @@
|
||||
when: "'replication_port' not in matrix_synapse_worker_details"
|
||||
|
||||
- ansible.builtin.set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + [matrix_synapse_worker_details.name + '.service'] }}"
|
||||
devture_systemd_service_manager_services_list_auto: "{{ devture_systemd_service_manager_services_list_auto + [{'name': (matrix_synapse_worker_details.name + '.service'), 'priority': 1100, 'groups': ['matrix', 'homeservers', 'synapse']}] }}"
|
||||
|
||||
- ansible.builtin.set_fact:
|
||||
matrix_synapse_webserving_workers_systemd_services_list: "{{ matrix_synapse_webserving_workers_systemd_services_list + [matrix_synapse_worker_details.name + '.service'] }}"
|
||||
|
||||
@ -10,37 +10,43 @@
|
||||
msg: "The `password` variable needs to be provided to this playbook, via --extra-vars"
|
||||
when: "password is not defined or password == '<your-password>'"
|
||||
|
||||
- name: Fail if not using matrix-postgres container
|
||||
- name: Fail if not using integrated Postgres database
|
||||
ansible.builtin.fail:
|
||||
msg: "This command is working only when matrix-postgres container is being used"
|
||||
when: "not matrix_postgres_enabled | bool"
|
||||
msg: "This command is working only when Postgres is installed via the the integrated com.devture.ansible.role.postgres role"
|
||||
when: "not devture_postgres_enabled | bool"
|
||||
|
||||
- name: Ensure matrix-synapse is started
|
||||
- name: Ensure Postgres is started
|
||||
ansible.builtin.service:
|
||||
name: matrix-synapse
|
||||
state: started
|
||||
daemon_reload: true
|
||||
register: start_result
|
||||
|
||||
- name: Ensure matrix-postgres is started
|
||||
ansible.builtin.service:
|
||||
name: matrix-postgres
|
||||
name: "{{ devture_postgres_identifier }}"
|
||||
state: started
|
||||
daemon_reload: true
|
||||
register: postgres_start_result
|
||||
|
||||
- name: Ensure Synapse is started
|
||||
ansible.builtin.service:
|
||||
name: matrix-synapse
|
||||
state: started
|
||||
daemon_reload: true
|
||||
register: synapse_start_result
|
||||
|
||||
- name: Wait a while, so that Matrix Synapse can manage to start
|
||||
- name: Wait a while, so that Synapse and/or Postgres can manage to start
|
||||
ansible.builtin.pause:
|
||||
seconds: 7
|
||||
when: "start_result.changed or postgres_start_result.changed"
|
||||
when: "synapse_start_result.changed or postgres_start_result.changed"
|
||||
|
||||
- name: Generate password hash
|
||||
- name: Generate user password hash
|
||||
ansible.builtin.shell: "{{ devture_systemd_docker_base_host_command_docker }} exec matrix-synapse /usr/local/bin/hash_password -c /data/homeserver.yaml -p {{ password | quote }}"
|
||||
register: password_hash
|
||||
changed_when: false
|
||||
|
||||
- name: Generate user password-change SQL command
|
||||
ansible.builtin.set_fact:
|
||||
matrix_synapse_user_password_change_command: >-
|
||||
{{ devture_postgres_bin_path }}/cli-non-interactive --dbname={{ matrix_synapse_database_database | quote }} -c "UPDATE users SET password_hash='{{ password_hash.stdout }}' WHERE name = '@{{ username }}:{{ matrix_domain }}'"
|
||||
|
||||
- name: Update user password hash
|
||||
ansible.builtin.command: "{{ matrix_local_bin_path }}/matrix-postgres-update-user-password-hash {{ username | quote }} {{ password_hash.stdout | quote }}"
|
||||
ansible.builtin.command:
|
||||
cmd: "{{ matrix_synapse_user_password_change_command }}"
|
||||
register: matrix_synapse_update_user_password_result
|
||||
changed_when: matrix_synapse_update_user_password_result.rc == 0
|
||||
failed_when: "matrix_synapse_update_user_password_result.rc != 0 or matrix_synapse_update_user_password_result.stdout != 'UPDATE 1'"
|
||||
|
||||
@ -59,6 +59,10 @@
|
||||
- {'old': 'matrix_synapse_workers_frontend_proxy_workers_count', 'new': '<removed in favor of generic workers - see https://github.com/matrix-org/synapse/pull/13645>'}
|
||||
- {'old': 'matrix_synapse_workers_frontend_proxy_workers_port_range_start', 'new': '<removed in favor of generic workers - see https://github.com/matrix-org/synapse/pull/13645>'}
|
||||
- {'old': 'matrix_synapse_workers_frontend_proxy_workers_metrics_range_start', 'new': '<removed in favor of generic workers - see https://github.com/matrix-org/synapse/pull/13645>'}
|
||||
- {'old': 'matrix_synapse_ext_s3_storage_provider_path', 'new': 'matrix_synapse_ext_s3_storage_provider_base_path'}
|
||||
- {'old': 'matrix_synapse_send_federation', 'new': '<unnecessary - Synapse relies on federation_sender_instances now>'}
|
||||
- {'old': 'matrix_synapse_start_pushers', 'new': '<unnecessary - Synapse relies on pusher_instances now>'}
|
||||
|
||||
|
||||
- name: (Deprecation) Catch and report renamed settings in matrix_synapse_configuration_extension_yaml
|
||||
ansible.builtin.fail:
|
||||
|
||||
@ -3,9 +3,9 @@
|
||||
|
||||
{{ devture_systemd_docker_base_host_command_docker }} run \
|
||||
--rm \
|
||||
--env-file={{ matrix_synapse_ext_s3_storage_provider_path }}/env \
|
||||
--env-file={{ matrix_synapse_ext_s3_storage_provider_base_path }}/env \
|
||||
--mount type=bind,src={{ matrix_synapse_storage_path }},dst=/matrix-media-store-parent,bind-propagation=slave \
|
||||
--mount type=bind,src={{ matrix_synapse_ext_s3_storage_provider_path }}/data,dst=/data \
|
||||
--mount type=bind,src={{ matrix_synapse_ext_s3_storage_provider_data_path }},dst=/data \
|
||||
--workdir=/data \
|
||||
--network={{ matrix_docker_network }} \
|
||||
--entrypoint=/bin/bash \
|
||||
@ -4,9 +4,9 @@
|
||||
{{ devture_systemd_docker_base_host_command_docker }} run \
|
||||
-it \
|
||||
--rm \
|
||||
--env-file={{ matrix_synapse_ext_s3_storage_provider_path }}/env \
|
||||
--env-file={{ matrix_synapse_ext_s3_storage_provider_base_path }}/env \
|
||||
--mount type=bind,src={{ matrix_synapse_storage_path }},dst=/matrix-media-store-parent,bind-propagation=slave \
|
||||
--mount type=bind,src={{ matrix_synapse_ext_s3_storage_provider_path }}/data,dst=/data \
|
||||
--mount type=bind,src={{ matrix_synapse_ext_s3_storage_provider_data_path }},dst=/data \
|
||||
--workdir=/data \
|
||||
--network={{ matrix_docker_network }} \
|
||||
--entrypoint=/bin/bash \
|
||||
@ -4,4 +4,4 @@ Description=Migrates locally-stored Synapse media store files to S3
|
||||
[Service]
|
||||
Type=oneshot
|
||||
Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
|
||||
ExecStart={{ matrix_local_bin_path }}/matrix-synapse-s3-storage-provider-migrate
|
||||
ExecStart={{ matrix_synapse_ext_s3_storage_provider_bin_path }}/migrate
|
||||
|
||||
@ -2532,6 +2532,8 @@ password_providers:
|
||||
## Push ##
|
||||
|
||||
push:
|
||||
# enabled: false
|
||||
|
||||
# Clients requesting push notifications can either have the body of
|
||||
# the message sent in the notification poke along with other details
|
||||
# like the sender, or just the event ID and room ID (`event_id_only`).
|
||||
@ -2836,12 +2838,6 @@ opentracing:
|
||||
|
||||
## Workers ##
|
||||
|
||||
# Disables sending of outbound federation transactions on the main process.
|
||||
# Uncomment if using a federation sender worker.
|
||||
#
|
||||
#send_federation: false
|
||||
send_federation: {{ matrix_synapse_send_federation | to_json }}
|
||||
|
||||
# It is possible to run multiple federation sender workers, in which case the
|
||||
# work is balanced across them.
|
||||
#
|
||||
@ -2859,7 +2855,6 @@ federation_sender_instances: {{ matrix_synapse_federation_sender_instances | to_
|
||||
{% if matrix_synapse_federation_pusher_instances | length > 0 %}
|
||||
pusher_instances: {{ matrix_synapse_federation_pusher_instances | to_json }}
|
||||
{% endif %}
|
||||
start_pushers: {{ matrix_synapse_start_pushers | to_json }}
|
||||
|
||||
# When using workers this should be a map from `worker_name` to the
|
||||
# HTTP replication listener of the worker, if configured.
|
||||
|
||||
@ -10,10 +10,6 @@ worker_replication_host: matrix-synapse
|
||||
worker_replication_http_port: {{ matrix_synapse_replication_http_port }}
|
||||
{% endif %}
|
||||
|
||||
{% if matrix_synapse_worker_details.type == 'generic_worker' %}
|
||||
worker_main_http_uri: http://matrix-synapse:{{ matrix_synapse_container_client_api_port }}
|
||||
{% endif %}
|
||||
|
||||
{% set http_resources = [] %}
|
||||
|
||||
{% if matrix_synapse_worker_details.type == 'user_dir' %}
|
||||
|
||||
@ -3,9 +3,6 @@
|
||||
matrix_synapse_client_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}/_matrix/client/versions"
|
||||
matrix_synapse_federation_api_url_endpoint_public: "https://{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}/_matrix/federation/v1/version"
|
||||
|
||||
# Tells whether this role had executed or not. Toggled to `true` during runtime.
|
||||
matrix_synapse_role_executed: false
|
||||
|
||||
matrix_synapse_media_store_directory_name: "{{ matrix_synapse_media_store_path | basename }}"
|
||||
|
||||
# A Synapse generic worker can handle both federation and client-server API endpoints.
|
||||
@ -137,6 +134,7 @@ matrix_synapse_workers_generic_worker_endpoints:
|
||||
- ^/_matrix/federation/(v1|v2)/send_leave/
|
||||
- ^/_matrix/federation/(v1|v2)/invite/
|
||||
- ^/_matrix/federation/v1/event_auth/
|
||||
- ^/_matrix/federation/v1/timestamp_to_event/
|
||||
- ^/_matrix/federation/v1/exchange_third_party_invite/
|
||||
- ^/_matrix/federation/v1/user/devices/
|
||||
- ^/_matrix/key/v2/query
|
||||
@ -164,6 +162,7 @@ matrix_synapse_workers_generic_worker_endpoints:
|
||||
- ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$
|
||||
- ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/
|
||||
- ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$
|
||||
- ^/_matrix/client/v1/rooms/.*/timestamp_to_event$
|
||||
- ^/_matrix/client/(api/v1|r0|v3|unstable)/search$
|
||||
|
||||
# Encryption requests
|
||||
|
||||
Reference in New Issue
Block a user