Add matrix_synapse_uid, matrix_synapse_gid and matrix_synapse_username
This commit is contained in:
parent
154d077ec7
commit
632026513e
@ -3071,6 +3071,10 @@ matrix_client_cinny_self_check_validate_certificates: "{{ false if matrix_playbo
|
||||
|
||||
matrix_synapse_enabled: "{{ matrix_homeserver_implementation == 'synapse' }}"
|
||||
|
||||
matrix_synapse_username: "{{ matrix_user_username }}"
|
||||
matrix_synapse_uid: "{{ matrix_user_uid }}"
|
||||
matrix_synapse_gid: "{{ matrix_user_gid }}"
|
||||
|
||||
matrix_synapse_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}"
|
||||
|
||||
# When ma1sd is enabled, we can use it to validate phone numbers. It's something that the homeserver cannot do by itself.
|
||||
|
@ -4,6 +4,10 @@
|
||||
|
||||
matrix_synapse_enabled: true
|
||||
|
||||
matrix_synapse_username: ''
|
||||
matrix_synapse_uid: ''
|
||||
matrix_synapse_gid: ''
|
||||
|
||||
matrix_synapse_container_image_self_build: false
|
||||
matrix_synapse_container_image_self_build_repo: "https://github.com/matrix-org/synapse.git"
|
||||
|
||||
|
@ -6,8 +6,8 @@
|
||||
dest: "{{ matrix_synapse_ext_path }}/matrix_e2ee_filter.py"
|
||||
force: true
|
||||
mode: 0440
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
owner: "{{ matrix_synapse_uid }}"
|
||||
group: "{{ matrix_synapse_gid }}"
|
||||
register: result
|
||||
retries: "{{ devture_playbook_help_geturl_retries_count }}"
|
||||
delay: "{{ devture_playbook_help_geturl_retries_delay }}"
|
||||
|
@ -11,7 +11,7 @@
|
||||
version: "{{ matrix_synapse_ext_spam_checker_mjolnir_antispam_git_version }}"
|
||||
dest: "{{ matrix_synapse_ext_path }}/mjolnir"
|
||||
become: true
|
||||
become_user: "{{ matrix_user_username }}"
|
||||
become_user: "{{ matrix_synapse_username }}"
|
||||
|
||||
- ansible.builtin.set_fact:
|
||||
matrix_synapse_spam_checker: >
|
||||
|
@ -11,8 +11,8 @@
|
||||
dest: "{{ matrix_synapse_ext_path }}/rest_auth_provider.py"
|
||||
force: true
|
||||
mode: 0440
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
owner: "{{ matrix_synapse_uid }}"
|
||||
group: "{{ matrix_synapse_gid }}"
|
||||
register: result
|
||||
retries: "{{ devture_playbook_help_geturl_retries_count }}"
|
||||
delay: "{{ devture_playbook_help_geturl_retries_delay }}"
|
||||
|
@ -12,8 +12,8 @@
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
owner: "{{ matrix_synapse_uid }}"
|
||||
group: "{{ matrix_synapse_gid }}"
|
||||
with_items:
|
||||
- "{{ matrix_synapse_ext_s3_storage_provider_base_path }}"
|
||||
- "{{ matrix_synapse_ext_s3_storage_provider_bin_path }}"
|
||||
|
@ -16,8 +16,8 @@
|
||||
dest: "{{ matrix_synapse_ext_path }}/shared_secret_authenticator.py"
|
||||
force: true
|
||||
mode: 0440
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
owner: "{{ matrix_synapse_uid }}"
|
||||
group: "{{ matrix_synapse_gid }}"
|
||||
register: result
|
||||
retries: "{{ devture_playbook_help_geturl_retries_count }}"
|
||||
delay: "{{ devture_playbook_help_geturl_retries_delay }}"
|
||||
|
@ -16,7 +16,7 @@
|
||||
version: "{{ matrix_synapse_ext_spam_checker_synapse_simple_antispam_git_version }}"
|
||||
dest: "{{ matrix_synapse_ext_path }}/synapse-simple-antispam"
|
||||
become: true
|
||||
become_user: "{{ matrix_user_username }}"
|
||||
become_user: "{{ matrix_synapse_username }}"
|
||||
|
||||
- ansible.builtin.set_fact:
|
||||
matrix_synapse_modules: >
|
||||
|
@ -27,8 +27,8 @@
|
||||
path: "{{ matrix_s3_media_store_path }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
owner: "{{ matrix_synapse_uid }}"
|
||||
group: "{{ matrix_synapse_gid }}"
|
||||
when: "not local_path_matrix_s3_media_store_path_stat.failed and not local_path_matrix_s3_media_store_path_stat.stat.exists"
|
||||
|
||||
- name: Ensure goofys environment variables file created
|
||||
|
@ -66,8 +66,8 @@
|
||||
- name: Ensure media store permissions are correct (generic case)
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_synapse_media_store_path }}"
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
owner: "{{ matrix_synapse_uid }}"
|
||||
group: "{{ matrix_synapse_gid }}"
|
||||
recurse: true
|
||||
when: "not matrix_s3_media_store_enabled | bool"
|
||||
|
||||
|
@ -7,7 +7,7 @@
|
||||
ansible.builtin.set_fact:
|
||||
matrix_synapse_rust_synapse_compress_state_compress_room_command: >-
|
||||
{{ devture_systemd_docker_base_host_command_docker }} run --rm --name matrix-rust-synapse-compress-state-compress-room
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||
--user={{ matrix_synapse_uid }}:{{ matrix_synapse_gid }}
|
||||
--cap-drop=ALL
|
||||
--network={{ matrix_docker_network }}
|
||||
--mount type=bind,src={{ matrix_synapse_rust_synapse_compress_state_base_path }},dst=/work
|
||||
|
@ -39,8 +39,8 @@
|
||||
path: "{{ matrix_synapse_rust_synapse_compress_state_base_path }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
owner: "{{ matrix_synapse_uid }}"
|
||||
group: "{{ matrix_synapse_gid }}"
|
||||
|
||||
- name: Ensure rust-synapse-compress-state image is pulled
|
||||
community.docker.docker_image:
|
||||
|
@ -5,8 +5,8 @@
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
owner: "{{ matrix_synapse_uid }}"
|
||||
group: "{{ matrix_synapse_gid }}"
|
||||
with_items:
|
||||
- {path: "{{ matrix_synapse_config_dir_path }}", when: true}
|
||||
- {path: "{{ matrix_synapse_ext_path }}", when: true}
|
||||
|
@ -14,8 +14,8 @@
|
||||
path: "{{ matrix_synapse_media_store_path }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
owner: "{{ matrix_synapse_uid }}"
|
||||
group: "{{ matrix_synapse_gid }}"
|
||||
when: "not local_path_media_store_stat.failed and not local_path_media_store_stat.stat.exists"
|
||||
|
||||
- when: "matrix_synapse_container_image_self_build | bool"
|
||||
@ -27,7 +27,7 @@
|
||||
version: "{{ matrix_synapse_docker_image.split(':')[1] }}"
|
||||
force: "yes"
|
||||
become: true
|
||||
become_user: "{{ matrix_user_username }}"
|
||||
become_user: "{{ matrix_synapse_username }}"
|
||||
register: matrix_synapse_git_pull_results
|
||||
|
||||
- name: Check if Synapse Docker image exists
|
||||
@ -68,8 +68,8 @@
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/templates/synapse/customizations/Dockerfile.j2"
|
||||
dest: "{{ matrix_synapse_customized_docker_src_files_path }}/Dockerfile"
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
owner: "{{ matrix_synapse_uid }}"
|
||||
group: "{{ matrix_synapse_gid }}"
|
||||
mode: 0640
|
||||
|
||||
- name: Ensure customized Docker image for Synapse is built
|
||||
@ -98,7 +98,7 @@
|
||||
docker run
|
||||
--rm
|
||||
--name=matrix-config
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||
--user={{ matrix_synapse_uid }}:{{ matrix_synapse_gid }}
|
||||
--cap-drop=ALL
|
||||
--mount type=bind,src={{ matrix_synapse_config_dir_path }},dst=/data
|
||||
-e SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
|
||||
@ -113,8 +113,8 @@
|
||||
content: "{{ matrix_synapse_configuration | to_nice_yaml(indent=2, width=999999) }}"
|
||||
dest: "{{ matrix_synapse_config_dir_path }}/homeserver.yaml"
|
||||
mode: 0644
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
owner: "{{ matrix_synapse_uid }}"
|
||||
group: "{{ matrix_synapse_gid }}"
|
||||
|
||||
- name: Ensure Synapse log config installed
|
||||
ansible.builtin.template:
|
||||
@ -143,7 +143,7 @@
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/templates/synapse/prometheus/external_prometheus.yml.example.j2"
|
||||
dest: "{{ matrix_synapse_base_path }}/external_prometheus.yml.example"
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
owner: "{{ matrix_synapse_uid }}"
|
||||
group: "{{ matrix_synapse_gid }}"
|
||||
mode: 0644
|
||||
when: matrix_synapse_metrics_proxying_enabled | bool
|
||||
|
@ -10,8 +10,8 @@
|
||||
src: "{{ role_path }}/templates/synapse/worker.yaml.j2"
|
||||
dest: "{{ matrix_synapse_config_dir_path }}/{{ matrix_synapse_worker_config_file_name }}"
|
||||
mode: 0644
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
owner: "{{ matrix_synapse_uid }}"
|
||||
group: "{{ matrix_synapse_gid }}"
|
||||
|
||||
- name: Ensure systemd service exists for {{ matrix_synapse_worker_systemd_service_name }}
|
||||
ansible.builtin.template:
|
||||
|
@ -6,11 +6,15 @@
|
||||
You need to define a required configuration setting (`{{ item }}`) for using Synapse.
|
||||
when: "vars[item] == ''"
|
||||
with_items:
|
||||
- "matrix_synapse_macaroon_secret_key"
|
||||
- "matrix_synapse_database_host"
|
||||
- "matrix_synapse_database_user"
|
||||
- "matrix_synapse_database_password"
|
||||
- "matrix_synapse_database_database"
|
||||
- matrix_synapse_username
|
||||
- matrix_synapse_uid
|
||||
- matrix_synapse_gid
|
||||
- matrix_synapse_container_network
|
||||
- matrix_synapse_macaroon_secret_key
|
||||
- matrix_synapse_database_host
|
||||
- matrix_synapse_database_user
|
||||
- matrix_synapse_database_password
|
||||
- matrix_synapse_database_database
|
||||
|
||||
- name: Fail if asking for more than 1 instance of single-instance workers
|
||||
ansible.builtin.fail:
|
||||
|
@ -13,7 +13,7 @@ ExecStartPre=-{{ devture_systemd_docker_base_host_command_docker }} rm %n
|
||||
|
||||
ExecStart={{ devture_systemd_docker_base_host_command_docker }} run --rm --name %n \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--user={{ matrix_synapse_uid }}:{{ matrix_synapse_gid }} \
|
||||
--mount type=bind,src=/etc/passwd,dst=/etc/passwd,ro \
|
||||
--mount type=bind,src=/etc/group,dst=/etc/group,ro \
|
||||
--mount type=bind,src={{ matrix_s3_media_store_path }},dst=/s3,bind-propagation=shared \
|
||||
|
@ -18,7 +18,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
|
||||
--rm \
|
||||
--name={{ matrix_synapse_worker_container_name }} \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--user={{ matrix_synapse_uid }}:{{ matrix_synapse_gid }} \
|
||||
--cap-drop=ALL \
|
||||
--read-only \
|
||||
--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_synapse_tmp_directory_size_mb }}m \
|
||||
|
@ -34,7 +34,7 @@ ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \
|
||||
--rm \
|
||||
--name=matrix-synapse \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--user={{ matrix_synapse_uid }}:{{ matrix_synapse_gid }} \
|
||||
--cap-drop=ALL \
|
||||
--read-only \
|
||||
--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_synapse_tmp_directory_size_mb }}m \
|
||||
|
Loading…
Reference in New Issue
Block a user