Split playbook into multiple roles
As suggested in #63 (Github issue), splitting the playbook's logic into multiple roles will be beneficial for maintainability. This patch realizes this split. Still, some components affect others, so the roles are not really independent of one another. For example: - disabling mxisd (`matrix_mxisd_enabled: false`), causes Synapse and riot-web to reconfigure themselves with other (public) Identity servers. - enabling matrix-corporal (`matrix_corporal_enabled: true`) affects how reverse-proxying (by `matrix-nginx-proxy`) is done, in order to put matrix-corporal's gateway server in front of Synapse We may be able to move away from such dependencies in the future, at the expense of a more complicated manual configuration, but it's probably not worth sacrificing the convenience we have now. As part of this work, the way we do "start components" has been redone now to use a loop, as suggested in #65 (Github issue). This should make restarting faster and more reliable.
This commit is contained in:
Slavi Pantaleev
5
roles/matrix-synapse/tasks/ext/init.yml
Normal file
5
roles/matrix-synapse/tasks/ext/init.yml
Normal file
@ -0,0 +1,5 @@
|
||||
---
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/ext/mautrix-telegram/init.yml"
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/ext/mautrix-whatsapp/init.yml"
|
||||
11
roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml
Normal file
11
roles/matrix-synapse/tasks/ext/ldap-auth/setup.yml
Normal file
@ -0,0 +1,11 @@
|
||||
- set_fact:
|
||||
matrix_synapse_password_providers_enabled: true
|
||||
when: "matrix_synapse_ext_password_provider_ldap_enabled"
|
||||
|
||||
- set_fact:
|
||||
matrix_synapse_additional_loggers: >
|
||||
{{ matrix_synapse_additional_loggers }}
|
||||
+
|
||||
{{ [{'name': 'ldap_auth_provider', 'level': 'INFO'}] }}
|
||||
when: "matrix_synapse_ext_password_provider_ldap_enabled"
|
||||
|
||||
3
roles/matrix-synapse/tasks/ext/mautrix-telegram/init.yml
Normal file
3
roles/matrix-synapse/tasks/ext/mautrix-telegram/init.yml
Normal file
@ -0,0 +1,3 @@
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-telegram'] }}"
|
||||
when: matrix_mautrix_telegram_enabled
|
||||
69
roles/matrix-synapse/tasks/ext/mautrix-telegram/setup.yml
Normal file
69
roles/matrix-synapse/tasks/ext/mautrix-telegram/setup.yml
Normal file
@ -0,0 +1,69 @@
|
||||
---
|
||||
|
||||
- name: Ensure Mautrix Telegram image is pulled
|
||||
docker_image:
|
||||
name: "{{ matrix_mautrix_telegram_docker_image }}"
|
||||
when: "matrix_mautrix_telegram_enabled"
|
||||
|
||||
- name: Ensure Mautrix Telegram configuration path exists
|
||||
file:
|
||||
path: "{{ matrix_mautrix_telegram_base_path }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_username }}"
|
||||
when: "matrix_mautrix_telegram_enabled"
|
||||
|
||||
- stat: "path={{ matrix_mautrix_telegram_base_path }}/config.yaml"
|
||||
register: mautrix_config_file
|
||||
|
||||
- name: Ensure Matrix Mautrix telegram config installed
|
||||
template:
|
||||
src: "{{ role_path }}/templates/ext/mautrix-telegram/config.yaml.j2"
|
||||
dest: "{{ matrix_mautrix_telegram_base_path }}/config.yaml"
|
||||
mode: 0644
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_username }}"
|
||||
when: "matrix_mautrix_telegram_enabled and mautrix_config_file.stat.exists == False"
|
||||
|
||||
- name: Ensure matrix-mautrix-telegram.service installed
|
||||
template:
|
||||
src: "{{ role_path }}/templates/ext/mautrix-telegram/systemd/matrix-mautrix-telegram.service.j2"
|
||||
dest: "/etc/systemd/system/matrix-mautrix-telegram.service"
|
||||
mode: 0644
|
||||
when: "matrix_mautrix_telegram_enabled"
|
||||
|
||||
- stat:
|
||||
path: "{{ matrix_mautrix_telegram_base_path }}/registration.yaml"
|
||||
register: mautrix_telegram_registration_file
|
||||
|
||||
- name: Generate matrix-mautrix-telegram registration.yaml if it doesn't exist
|
||||
shell: /usr/bin/docker run --rm --name matrix-mautrix-telegram-gen -v {{ matrix_mautrix_telegram_base_path }}:/data:z {{ matrix_mautrix_telegram_docker_image }} python3 -m mautrix_telegram -g -c /data/config.yaml -r /data/registration.yaml
|
||||
when: "matrix_mautrix_telegram_enabled and mautrix_telegram_registration_file.stat.exists == False"
|
||||
|
||||
- set_fact:
|
||||
matrix_synapse_app_service_config_file_mautrix_telegram: '/app-registration/mautrix-telegram.yml'
|
||||
|
||||
- set_fact:
|
||||
matrix_synapse_container_additional_volumes: >
|
||||
{{ matrix_synapse_container_additional_volumes }}
|
||||
+
|
||||
{{ [{'src': '{{ matrix_mautrix_telegram_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_mautrix_telegram }}', 'options': 'ro'}] }}
|
||||
when: "matrix_mautrix_telegram_enabled"
|
||||
|
||||
- set_fact:
|
||||
matrix_synapse_app_service_config_files: >
|
||||
{{ matrix_synapse_app_service_config_files }}
|
||||
+
|
||||
{{ ["{{ matrix_synapse_app_service_config_file_mautrix_telegram }}"] | to_nice_json }}
|
||||
when: "matrix_mautrix_telegram_enabled"
|
||||
|
||||
#
|
||||
# Tasks related to getting rid of matrix-mautrix-telegram (if it was previously enabled)
|
||||
#
|
||||
|
||||
- name: Ensure matrix-mautrix-telegram.service doesn't exist
|
||||
file:
|
||||
path: "/etc/systemd/system/matrix-mautrix-telegram.service"
|
||||
state: absent
|
||||
when: "not matrix_mautrix_telegram_enabled"
|
||||
3
roles/matrix-synapse/tasks/ext/mautrix-whatsapp/init.yml
Normal file
3
roles/matrix-synapse/tasks/ext/mautrix-whatsapp/init.yml
Normal file
@ -0,0 +1,3 @@
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-mautrix-whatsapp'] }}"
|
||||
when: matrix_mautrix_whatsapp_enabled
|
||||
69
roles/matrix-synapse/tasks/ext/mautrix-whatsapp/setup.yml
Normal file
69
roles/matrix-synapse/tasks/ext/mautrix-whatsapp/setup.yml
Normal file
@ -0,0 +1,69 @@
|
||||
---
|
||||
|
||||
- name: Ensure Mautrix Whatsapp image is pulled
|
||||
docker_image:
|
||||
name: "{{ matrix_mautrix_whatsapp_docker_image }}"
|
||||
when: "matrix_mautrix_whatsapp_enabled"
|
||||
|
||||
- name: Ensure Mautrix Whatsapp configuration path exists
|
||||
file:
|
||||
path: "{{ matrix_mautrix_whatsapp_base_path }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_username }}"
|
||||
when: "matrix_mautrix_whatsapp_enabled"
|
||||
|
||||
- stat: "path={{ matrix_mautrix_whatsapp_base_path }}/config.yaml"
|
||||
register: mautrix_config_file
|
||||
|
||||
- name: Ensure Matrix Mautrix whatsapp config installed
|
||||
template:
|
||||
src: "{{ role_path }}/templates/ext/mautrix-whatsapp/config.yaml.j2"
|
||||
dest: "{{ matrix_mautrix_whatsapp_base_path }}/config.yaml"
|
||||
mode: 0644
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_username }}"
|
||||
when: "matrix_mautrix_whatsapp_enabled and mautrix_config_file.stat.exists == False"
|
||||
|
||||
- name: Ensure matrix-mautrix-whatsapp.service installed
|
||||
template:
|
||||
src: "{{ role_path }}/templates/ext/mautrix-whatsapp/systemd/matrix-mautrix-whatsapp.service.j2"
|
||||
dest: "/etc/systemd/system/matrix-mautrix-whatsapp.service"
|
||||
mode: 0644
|
||||
when: "matrix_mautrix_whatsapp_enabled"
|
||||
|
||||
- stat:
|
||||
path: "{{ matrix_mautrix_whatsapp_base_path }}/registration.yaml"
|
||||
register: mautrix_whatsapp_registration_file
|
||||
|
||||
- name: Generate matrix-mautrix-whatsapp registration.yaml if it doesn't exist
|
||||
shell: /usr/bin/docker run --rm --name matrix-mautrix-whatsapp-gen -v {{ matrix_mautrix_whatsapp_base_path }}:/data:z {{ matrix_mautrix_whatsapp_docker_image }} /usr/bin/mautrix-whatsapp -g -c /data/config.yaml -r /data/registration.yaml
|
||||
when: "matrix_mautrix_whatsapp_enabled and mautrix_whatsapp_registration_file.stat.exists == False"
|
||||
|
||||
- set_fact:
|
||||
matrix_synapse_app_service_config_file_mautrix_whatsapp: '/app-registration/mautrix-whatsapp.yml'
|
||||
|
||||
- set_fact:
|
||||
matrix_synapse_container_additional_volumes: >
|
||||
{{ matrix_synapse_container_additional_volumes }}
|
||||
+
|
||||
{{ [{'src': '{{ matrix_mautrix_whatsapp_base_path }}/registration.yaml', 'dst': '{{ matrix_synapse_app_service_config_file_mautrix_whatsapp }}', 'options': 'ro'}] }}
|
||||
when: "matrix_mautrix_whatsapp_enabled"
|
||||
|
||||
- set_fact:
|
||||
matrix_synapse_app_service_config_files: >
|
||||
{{ matrix_synapse_app_service_config_files }}
|
||||
+
|
||||
{{ ["{{ matrix_synapse_app_service_config_file_mautrix_whatsapp }}"] | to_nice_json }}
|
||||
when: "matrix_mautrix_whatsapp_enabled"
|
||||
|
||||
#
|
||||
# Tasks related to getting rid of matrix-mautrix-whatsapp (if it was previously enabled)
|
||||
#
|
||||
|
||||
- name: Ensure matrix-mautrix-whatsapp.service doesn't exist
|
||||
file:
|
||||
path: "/etc/systemd/system/matrix-mautrix-whatsapp.service"
|
||||
state: absent
|
||||
when: "not matrix_mautrix_whatsapp_enabled"
|
||||
48
roles/matrix-synapse/tasks/ext/rest-auth/setup.yml
Normal file
48
roles/matrix-synapse/tasks/ext/rest-auth/setup.yml
Normal file
@ -0,0 +1,48 @@
|
||||
---
|
||||
|
||||
#
|
||||
# Tasks related to setting up matrix-synapse-rest-auth
|
||||
#
|
||||
|
||||
- name: Fail if REST Auth enabled, but endpoint not configured
|
||||
fail:
|
||||
msg: "You have enabled the REST Auth password provider, but have not configured its endpoint in the `matrix_synapse_ext_password_provider_rest_auth_endpoint` variable. Consult the documentation."
|
||||
when: "matrix_synapse_ext_password_provider_rest_auth_enabled and matrix_synapse_ext_password_provider_rest_auth_endpoint == ''"
|
||||
|
||||
- name: Download matrix-synapse-rest-auth
|
||||
get_url:
|
||||
url: "{{ matrix_synapse_ext_password_provider_rest_auth_download_url }}"
|
||||
dest: "{{ matrix_synapse_ext_path }}/rest_auth_provider.py"
|
||||
force: true
|
||||
mode: 0440
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_username }}"
|
||||
when: "matrix_synapse_ext_password_provider_rest_auth_enabled"
|
||||
|
||||
- set_fact:
|
||||
matrix_synapse_password_providers_enabled: true
|
||||
when: "matrix_synapse_ext_password_provider_rest_auth_enabled"
|
||||
|
||||
- set_fact:
|
||||
matrix_synapse_container_additional_volumes: >
|
||||
{{ matrix_synapse_container_additional_volumes }}
|
||||
+
|
||||
{{ [{'src': '{{ matrix_synapse_ext_path }}/rest_auth_provider.py', 'dst': '{{ matrix_synapse_in_container_python_packages_path }}/rest_auth_provider.py', 'options': 'ro'}] }}
|
||||
when: "matrix_synapse_ext_password_provider_rest_auth_enabled"
|
||||
|
||||
- set_fact:
|
||||
matrix_synapse_additional_loggers: >
|
||||
{{ matrix_synapse_additional_loggers }}
|
||||
+
|
||||
{{ [{'name': 'rest_auth_provider', 'level': 'INFO'}] }}
|
||||
when: "matrix_synapse_ext_password_provider_rest_auth_enabled"
|
||||
|
||||
#
|
||||
# Tasks related to getting rid of matrix-synapse-rest-auth (if it was previously enabled)
|
||||
#
|
||||
|
||||
- name: Ensure matrix-synapse-rest-auth doesn't exist
|
||||
file:
|
||||
path: "{{ matrix_synapse_ext_path }}/rest_auth_provider.py"
|
||||
state: absent
|
||||
when: "not matrix_synapse_ext_password_provider_rest_auth_enabled"
|
||||
11
roles/matrix-synapse/tasks/ext/setup.yml
Normal file
11
roles/matrix-synapse/tasks/ext/setup.yml
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/ext/rest-auth/setup.yml"
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup.yml"
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/ext/ldap-auth/setup.yml"
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/ext/mautrix-telegram/setup.yml"
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/ext/mautrix-whatsapp/setup.yml"
|
||||
48
roles/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml
Normal file
48
roles/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml
Normal file
@ -0,0 +1,48 @@
|
||||
---
|
||||
|
||||
#
|
||||
# Tasks related to setting up matrix-synapse-shared-secret-auth
|
||||
#
|
||||
|
||||
- name: Fail if Shared Secret Auth enabled, but no secret set
|
||||
fail:
|
||||
msg: "Shared Secret Auth is enabled, but no secret has been set in matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret"
|
||||
when: "matrix_synapse_ext_password_provider_shared_secret_auth_enabled and matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret == ''"
|
||||
|
||||
- name: Download matrix-synapse-shared-secret-auth
|
||||
get_url:
|
||||
url: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_download_url }}"
|
||||
dest: "{{ matrix_synapse_ext_path }}/shared_secret_authenticator.py"
|
||||
force: true
|
||||
mode: 0440
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_username }}"
|
||||
when: "matrix_synapse_ext_password_provider_shared_secret_auth_enabled"
|
||||
|
||||
- set_fact:
|
||||
matrix_synapse_password_providers_enabled: true
|
||||
when: "matrix_synapse_ext_password_provider_shared_secret_auth_enabled"
|
||||
|
||||
- set_fact:
|
||||
matrix_synapse_container_additional_volumes: >
|
||||
{{ matrix_synapse_container_additional_volumes }}
|
||||
+
|
||||
{{ [{'src': '{{ matrix_synapse_ext_path }}/shared_secret_authenticator.py', 'dst': '{{ matrix_synapse_in_container_python_packages_path }}/shared_secret_authenticator.py', 'options': 'ro'}] }}
|
||||
when: "matrix_synapse_ext_password_provider_shared_secret_auth_enabled"
|
||||
|
||||
- set_fact:
|
||||
matrix_synapse_additional_loggers: >
|
||||
{{ matrix_synapse_additional_loggers }}
|
||||
+
|
||||
{{ [{'name': 'shared_secret_authenticator', 'level': 'INFO'}] }}
|
||||
when: "matrix_synapse_ext_password_provider_shared_secret_auth_enabled"
|
||||
|
||||
#
|
||||
# Tasks related to getting rid of matrix-synapse-shared-secret-auth (if it was previously enabled)
|
||||
#
|
||||
|
||||
- name: Ensure matrix-synapse-shared-secret-auth doesn't exist
|
||||
file:
|
||||
path: "{{ matrix_synapse_ext_path }}/shared_secret_authenticator.py"
|
||||
state: absent
|
||||
when: "not matrix_synapse_ext_password_provider_shared_secret_auth_enabled"
|
||||
Reference in New Issue
Block a user