Add support for Matrix Authentication Service

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3108 Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3562
2024-10-19 14:31:14 +03:00
parent 8bdc8fd037
commit 8f16524789
38 changed files with 2170 additions and 28 deletions
--- a/roles/custom/matrix-user-creator/tasks/setup.yml
+++ b/roles/custom/matrix-user-creator/tasks/setup.yml
@ -8,22 +8,48 @@
  # Suppress logging to avoid dumping the credentials to the shell
  no_log: true

- name: Ensure homeserver is started before creating Matrix users
-  ansible.builtin.service:
-    name: "matrix-{{ matrix_homeserver_implementation }}.service"
-    state: started
-    daemon_reload: true
-  register: matrix_user_registrator_homeserver_start_result
+- when: not matrix_authentication_service_enabled | bool
+  block:
+    - name: Ensure homeserver is started before creating Matrix users
+      ansible.builtin.service:
+        name: "matrix-{{ matrix_homeserver_implementation }}.service"
+        state: started
+        daemon_reload: true
+      register: matrix_user_registrator_homeserver_start_result

- name: Wait a while, so that the homeserver can manage to start before creating Matrix users
-  ansible.builtin.pause:
-    seconds: "{{ matrix_user_creator_homeserver_start_wait_time_seconds }}"
-  when: matrix_user_registrator_homeserver_start_result.changed | bool
+    - name: Wait a while, so that the homeserver can manage to start before creating Matrix users
+      ansible.builtin.pause:
+        seconds: "{{ matrix_user_creator_homeserver_start_wait_time_seconds }}"
+      when: matrix_user_registrator_homeserver_start_result.changed | bool

- name: Ensure Matrix users are created
-  ansible.builtin.include_tasks: "{{ role_path }}/tasks/util/ensure_user_registered_{{ matrix_homeserver_implementation }}.yml"
-  with_items: "{{ matrix_user_creator_users }}"
-  loop_control:
-    loop_var: user
-  # Suppress logging to avoid dumping the credentials to the shell
-  no_log: true
+    - name: Ensure Matrix users are created for homeservers
+      when: not matrix_authentication_service_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/util/ensure_user_registered_{{ matrix_homeserver_implementation }}.yml"
+      with_items: "{{ matrix_user_creator_users }}"
+      loop_control:
+        loop_var: user
+      # Suppress logging to avoid dumping the credentials to the shell
+      no_log: true
+
+- when: matrix_authentication_service_enabled | bool
+  block:
+    - name: Ensure Matrix Authentication Service is started before creating Matrix users
+      ansible.builtin.service:
+        name: "matrix-authentication-service.service"
+        state: started
+        daemon_reload: true
+      register: matrix_user_registrator_mas_start_result
+
+    - name: Wait a while, so that the Matrix Authentication Service can manage to start before creating Matrix users
+      ansible.builtin.pause:
+        seconds: "{{ matrix_user_creator_homeserver_start_wait_time_seconds }}"
+      when: matrix_user_registrator_mas_start_result.changed | bool
+
+    - name: Ensure Matrix users are created for Matrix Authentication Service
+      when: matrix_authentication_service_enabled | bool
+      ansible.builtin.include_tasks: "{{ role_path }}/tasks/util/ensure_user_registered_matrix_authentication_service.yml"
+      with_items: "{{ matrix_user_creator_users }}"
+      loop_control:
+        loop_var: user
+      # Suppress logging to avoid dumping the credentials to the shell
+      no_log: true
--- a/roles/custom/matrix-user-creator/tasks/util/ensure_user_registered_matrix_authentication_service.yml
+++ b/roles/custom/matrix-user-creator/tasks/util/ensure_user_registered_matrix_authentication_service.yml
@ -0,0 +1,19 @@
+---
+
+- name: Ensure Matrix Authentication Service user registered - {{ user.username | quote }}
+  ansible.builtin.command:
+    cmd: |-
+      {{ devture_systemd_docker_base_host_command_docker }} exec matrix-authentication-service
+      mas-cli manage register-user
+      -p {{ user.initial_password | quote }}
+      --yes
+      --ignore-password-complexity
+      {% if user.initial_type == 'admin' %}
+        --admin
+      {% else %}
+        --no-admin
+      {% endif %}
+      {{ user.username | quote }}
+  register: matrix_authentication_service_register_user_result
+  changed_when: "matrix_authentication_service_register_user_result.rc == 0 and 'Error: User already exists' not in matrix_authentication_service_register_user_result.stderr"
+  failed_when: "matrix_authentication_service_register_user_result.rc != 0 and 'Error: User already exists' not in matrix_authentication_service_register_user_result.stderr"