finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

sync with previous repo

Browse Source
This commit is contained in:
Michael Collins
2021-08-13 16:05:57 +08:00
parent 83a90f1cd1
commit 98e6cd685d
641 changed files with 43857 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

99
roles/matrix-awx/tasks/backup_server.yml Normal file
View File

@ -0,0 +1,99 @@
- name: Record Backup Server variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# AWX Settings Start'
with_dict:
'matrix_awx_backup_enabled': '{{ matrix_awx_backup_enabled }}'
tags: use-survey
- name: Save new 'Backup Server' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: 'roles/matrix-awx/surveys/backup_server.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json'
tags: use-survey
- name: Copy new 'Backup Server' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json'
dest: '/matrix/awx/backup_server.json'
mode: '0660'
tags: use-survey
- name: Collect AWX admin token the hard way!
delegate_to: 127.0.0.1
shell: |
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
register: tower_token
no_log: True
tags: use-survey
- name: Recreate 'Backup Server' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 0 - Backup Server"
description: "Performs a backup of the entire service to a remote location."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "backup-server,use-survey"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json') }}"
become_enabled: yes
state: present
verbosity: 1
tower_host: "https://{{ tower_host }}"
tower_oauthtoken: "{{ tower_token.stdout }}"
validate_certs: yes
tags: use-survey
- name: Include vars in matrix_vars.yml
include_vars:
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
no_log: True
- name: Copy new 'matrix_vars.yml' to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
dest: '/matrix/awx/matrix_vars.yml'
mode: '0660'
tags: use-survey
- name: Run initial backup of /matrix/ and snapshot the database simultaneously
command: "{{ item }}"
with_items:
- borgmatic -c /root/.config/borgmatic/config_1.yaml
- /bin/sh /usr/local/bin/awx-export-service.sh 1 0
register: _create_instances
async: 3600 # Maximum runtime in seconds.
poll: 0 # Fire and continue (never poll)
when: matrix_awx_backup_enabled|bool
- name: Wait for both of these jobs to finish
async_status:
jid: "{{ item.ansible_job_id }}"
register: _jobs
until: _jobs.finished
delay: 5 # Check every 5 seconds.
retries: 720 # Retry for a full hour.
with_items: "{{ _create_instances.results }}"
when: matrix_awx_backup_enabled|bool
- name: Perform borg backup of postgres dump
command: borgmatic -c /root/.config/borgmatic/config_2.yaml
when: matrix_awx_backup_enabled|bool
- name: Set boolean value to exit playbook
set_fact:
end_playbook: true
- name: End playbook if this task list is called.
meta: end_play
when: end_playbook is defined and end_playbook|bool

12
roles/matrix-awx/tasks/cache_matrix_variables.yml Normal file
View File

@ -0,0 +1,12 @@
- name: Collect current datetime
set_fact:
awx_datetime: "{{ lookup('pipe', 'date +%Y-%m-%d_%H:%M') }}"
- name: Create cached matrix_vars.yml file location
set_fact:
awx_cached_matrix_vars: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars_{{ awx_datetime }}.yml'
- name: Create cached matrix_vars.yml
delegate_to: 127.0.0.1
shell: "cp /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml {{ awx_cached_matrix_vars }}"

31
roles/matrix-awx/tasks/create_user.yml Executable file
View File

@ -0,0 +1,31 @@
#
# Create user and define if they are admin
#
# /usr/local/bin/matrix-synapse-register-user <your_username> <your_password> <admin access: 0 or 1>
#
- name: Set admin bool to zero
set_fact:
admin_bool: 0
when: admin_access == 'false'
- name: Examine if server admin set
set_fact:
admin_bool: 1
when: admin_access == 'true'
- name: Set boolean value to exit playbook
set_fact:
end_playbook: true
- name: Create user account
command: |
/usr/local/bin/matrix-synapse-register-user {{ new_username | quote }} {{ new_password | quote }} {{ admin_bool }}
register: cmd
- name: Result
debug: msg="{{ cmd.stdout }}"
- name: End playbook if this task list is called.
meta: end_play
when: end_playbook is defined and end_playbook|bool

273
roles/matrix-awx/tasks/customise_website_access_export.yml Executable file
View File

@ -0,0 +1,273 @@
- name: Enable index.html creation if user doesn't wish to customise base domain
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Base Domain Settings Start'
with_dict:
'matrix_nginx_proxy_base_domain_homepage_enabled': 'true'
when: (customise_base_domain_website is defined) and not customise_base_domain_website|bool
- name: Disable index.html creation to allow multi-file site if user does wish to customise base domain
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Base Domain Settings Start'
with_dict:
'matrix_nginx_proxy_base_domain_homepage_enabled': 'false'
when: (customise_base_domain_website is defined) and customise_base_domain_website|bool
- name: Record custom 'Customise Website + Access Export' variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Custom Settings Start'
with_dict:
'sftp_auth_method': '"{{ sftp_auth_method }}"'
'sftp_password': '"{{ sftp_password }}"'
'sftp_public_key': '"{{ sftp_public_key }}"'
- name: Record custom 'Customise Website + Access Export' variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Custom Settings Start'
with_dict:
'customise_base_domain_website': '{{ customise_base_domain_website }}'
when: customise_base_domain_website is defined
- name: Reload vars in matrix_vars.yml
include_vars:
file: '{{ awx_cached_matrix_vars }}'
no_log: True
- name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: './roles/matrix-awx/surveys/configure_website_access_export.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json'
when: customise_base_domain_website is defined
- name: Copy new 'Customise Website + Access Export' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json'
dest: '/matrix/awx/configure_website_access_export.json'
mode: '0660'
when: customise_base_domain_website is defined
- name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: './roles/matrix-awx/surveys/access_export.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json'
when: customise_base_domain_website is undefined
- name: Copy new 'Customise Website + Access Export' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json'
dest: '/matrix/awx/access_export.json'
mode: '0660'
when: customise_base_domain_website is undefined
- name: Collect AWX admin token the hard way!
delegate_to: 127.0.0.1
shell: |
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
register: tower_token
no_log: True
- name: Recreate 'Configure Website + Access Export' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 1 - Configure Website + Access Export"
description: "Configure base domain website settings and access the servers export."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "start,setup-nginx-proxy"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json') }}"
become_enabled: yes
state: present
verbosity: 1
tower_host: "https://{{ tower_host }}"
tower_oauthtoken: "{{ tower_token.stdout }}"
validate_certs: yes
when: customise_base_domain_website is defined
- name: Recreate 'Access Export' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 1 - Access Export"
description: "Access the services export."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "start,setup-nginx-proxy"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json') }}"
become_enabled: yes
state: present
verbosity: 1
tower_host: "https://{{ tower_host }}"
tower_oauthtoken: "{{ tower_token.stdout }}"
validate_certs: yes
when: customise_base_domain_website is undefined
- name: If user doesn't define a sftp_password, create a disabled 'sftp' account
user:
name: sftp
comment: SFTP user to set custom web files and access servers export
shell: /bin/false
home: /home/sftp
group: matrix
password: '*'
update_password: always
when: sftp_password|length == 0
- name: If user defines sftp_password, enable account and set password on 'stfp' account
user:
name: sftp
comment: SFTP user to set custom web files and access servers export
shell: /bin/false
home: /home/sftp
group: matrix
password: "{{ sftp_password | password_hash('sha512') }}"
update_password: always
when: sftp_password|length > 0
- name: Ensure group "sftp" exists
group:
name: sftp
state: present
- name: adding existing user 'sftp' to group matrix
user:
name: sftp
groups: sftp
append: yes
when: customise_base_domain_website is defined
- name: Create the ro /chroot directory with sticky bit if it doesn't exist. (/chroot/website has matrix:matrix permissions and is mounted to nginx container)
file:
path: /chroot
state: directory
owner: root
group: root
mode: '1755'
- name: Ensure /chroot/website location exists.
file:
path: /chroot/website
state: directory
owner: matrix
group: matrix
mode: '0770'
when: customise_base_domain_website is defined
- name: Ensure /chroot/export location exists
file:
path: /chroot/export
state: directory
owner: sftp
group: sftp
mode: '0700'
- name: Ensure /home/sftp/.ssh location exists
file:
path: /home/sftp/.ssh
state: directory
owner: sftp
group: sftp
mode: '0700'
- name: Ensure /home/sftp/authorized_keys exists
file:
path: /home/sftp/.ssh/authorized_keys
state: touch
owner: sftp
group: sftp
mode: '0644'
- name: Clear authorized_keys file
shell: echo "" > /home/sftp/.ssh/authorized_keys
- name: Insert public SSH key into authorized_keys file
lineinfile:
path: /home/sftp/.ssh/authorized_keys
line: "{{ sftp_public_key }}"
owner: sftp
group: sftp
mode: '0644'
when: (sftp_public_key | length > 0) and (sftp_auth_method == "SSH Key")
- name: Remove any existing Subsystem lines
lineinfile:
path: /etc/ssh/sshd_config
state: absent
regexp: '^Subsystem'
- name: Set SSH Subsystem State
lineinfile:
path: /etc/ssh/sshd_config
insertafter: "^# override default of no subsystems"
line: "Subsystem sftp internal-sftp"
- name: Add SSH Match User section for disabled auth
blockinfile:
path: /etc/ssh/sshd_config
state: absent
block: |
Match User sftp
ChrootDirectory /chroot
PermitTunnel no
X11Forwarding no
AllowTcpForwarding no
PasswordAuthentication yes
AuthorizedKeysFile /home/sftp/.ssh/authorized_keys
when: sftp_auth_method == "Disabled"
- name: Add SSH Match User section for password auth
blockinfile:
path: /etc/ssh/sshd_config
state: present
block: |
Match User sftp
ChrootDirectory /chroot
PermitTunnel no
X11Forwarding no
AllowTcpForwarding no
PasswordAuthentication yes
when: sftp_auth_method == "Password"
- name: Add SSH Match User section for publickey auth
blockinfile:
path: /etc/ssh/sshd_config
state: present
block: |
Match User sftp
ChrootDirectory /chroot
PermitTunnel no
X11Forwarding no
AllowTcpForwarding no
AuthorizedKeysFile /home/sftp/.ssh/authorized_keys
when: sftp_auth_method == "SSH Key"
- name: Restart service ssh.service
service:
name: ssh.service
state: restarted

33
roles/matrix-awx/tasks/export_server.yml Normal file
View File

@ -0,0 +1,33 @@
- name: Run export of /matrix/ and snapshot the database simultaneously
command: "{{ item }}"
with_items:
- /bin/sh /usr/local/bin/awx-export-service.sh 1 0
- /bin/sh /usr/local/bin/awx-export-service.sh 0 1
register: _create_instances
async: 3600 # Maximum runtime in seconds.
poll: 0 # Fire and continue (never poll)
- name: Wait for both of these jobs to finish
async_status:
jid: "{{ item.ansible_job_id }}"
register: _jobs
until: _jobs.finished
delay: 5 # Check every 5 seconds.
retries: 720 # Retry for a full hour.
with_items: "{{ _create_instances.results }}"
- name: Schedule deletion of the export in 24 hours
at:
command: rm /chroot/export/matrix*
count: 1
units: days
unique: yes
- name: Set boolean value to exit playbook
set_fact:
end_playbook: true
- name: End playbook if this task list is called.
meta: end_play
when: end_playbook is defined and end_playbook|bool

7
roles/matrix-awx/tasks/import_awx.yml Normal file
View File

@ -0,0 +1,7 @@
- name: Ensure correct ownership of /matrix/awx
shell: chown -R matrix:matrix /matrix/awx
- name: Ensure correct ownership of /matrix/synapse
shell: chown -R matrix:matrix /matrix/synapse

11
roles/matrix-awx/tasks/load_hosting_and_org_variables.yml Normal file
View File

@ -0,0 +1,11 @@
- name: Include vars in organisation.yml
include_vars:
file: '/var/lib/awx/projects/clients/{{ member_id }}/organisation.yml'
no_log: True
- name: Include vars in hosting_vars.yml
include_vars:
file: '/var/lib/awx/projects/hosting/hosting_vars.yml'
no_log: True

15
roles/matrix-awx/tasks/load_matrix_variables.yml Executable file
View File

@ -0,0 +1,15 @@
- name: Include new vars in matrix_vars.yml
include_vars:
file: '{{ awx_cached_matrix_vars }}'
no_log: True
- name: If include_vars succeeds overwrite the old matrix_vars.yml
delegate_to: 127.0.0.1
shell: "cp {{ awx_cached_matrix_vars }} /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml && rm {{ awx_cached_matrix_vars }}"
- name: Copy new 'matrix_vars.yml' to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
dest: '/matrix/awx/matrix_vars.yml'
mode: '0660'

189
roles/matrix-awx/tasks/main.yml Executable file
View File

@ -0,0 +1,189 @@
# Load initial hosting and organisation variables from AWX volume
- include_tasks:
file: "load_hosting_and_org_variables.yml"
apply:
tags: always
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- always
# Renames the variables if needed
- include_tasks:
file: "rename_variables.yml"
apply:
tags: always
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- always
# Perform a backup of the server
- include_tasks:
file: "backup_server.yml"
apply:
tags: backup-server
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- backup-server
# Perform a export of the server
- include_tasks:
file: "export_server.yml"
apply:
tags: export-server
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- export-server
# Create a user account if called
- include_tasks:
file: "create_user.yml"
apply:
tags: create-user
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- create-user
# Purge local/remote media if called
- include_tasks:
file: "purge_media_main.yml"
apply:
tags: purge-media
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- purge-media
# Purge Synapse database if called
- include_tasks:
file: "purge_database_main.yml"
apply:
tags: purge-database
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- purge-database
# Import configs, media repo from /chroot/backup import
- include_tasks:
file: "import_awx.yml"
apply:
tags: import-awx
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- import-awx
# Perform extra self-check functions
- include_tasks:
file: "self_check.yml"
apply:
tags: self-check
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- self-check
# Create cached matrix_vars.yml file
- include_tasks:
file: "cache_matrix_variables.yml"
apply:
tags: always
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- always
# Configure SFTP so user can upload a static website or access the servers export
- include_tasks:
file: "customise_website_access_export.yml"
apply:
tags: setup-nginx-proxy
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- setup-nginx-proxy
# Additional playbook to set the variable file during Element configuration
- include_tasks:
file: "set_variables_element.yml"
apply:
tags: setup-client-element
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- setup-client-element
# Additional playbook to set the variable file during Mailer configuration
- include_tasks:
file: "set_variables_mailer.yml"
apply:
tags: setup-mailer
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- setup-mailer
# Additional playbook to set the variable file during Element configuration
- include_tasks:
file: "set_variables_element_subdomain.yml"
apply:
tags: setup-client-element-subdomain
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- setup-client-element-subdomain
# Additional playbook to set the variable file during Synapse configuration
- include_tasks:
file: "set_variables_synapse.yml"
apply:
tags: setup-synapse
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- setup-synapse
# Additional playbook to set the variable file during Jitsi configuration
- include_tasks:
file: "set_variables_jitsi.yml"
apply:
tags: setup-jitsi
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- setup-jitsi
# Additional playbook to set the variable file during Ma1sd configuration
- include_tasks:
file: "set_variables_ma1sd.yml"
apply:
tags: setup-ma1sd
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- setup-ma1sd
# Additional playbook to set the variable file during Corporal configuration
- include_tasks:
file: "set_variables_corporal.yml"
apply:
tags: setup-corporal
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- setup-corporal
# Additional playbook to set the variable file during Dimension configuration
- include_tasks:
file: "set_variables_dimension.yml"
apply:
tags: setup-dimension
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- setup-dimension
# Additional playbook to set the variable file during Synapse Admin configuration
- include_tasks:
file: "set_variables_synapse_admin.yml"
apply:
tags: setup-synapse-admin
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- setup-synapse-admin
# Load newly formed matrix variables from AWX volume
- include_tasks:
file: "load_matrix_variables.yml"
apply:
tags: always
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- always

10
roles/matrix-awx/tasks/purge_database_build_list.yml Normal file
View File

@ -0,0 +1,10 @@
- name: Collect entire room list into stdout
shell: |
curl -X GET --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/rooms?from={{ item }}'
register: rooms_output
- name: Print stdout to file
delegate_to: 127.0.0.1
shell: |
echo '{{ rooms_output.stdout }}' >> /tmp/{{ subscription_id }}_room_list_complete.json

13
roles/matrix-awx/tasks/purge_database_events.yml Normal file
View File

@ -0,0 +1,13 @@
- name: Purge all rooms with more then N events
shell: |
curl --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ purge_epoche_time.stdout }}000 }' "{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_history/{{ item[1:-1] }}"
register: purge_command
- name: Print output of purge command
debug:
msg: "{{ purge_command.stdout }}"
- name: Pause for 5 seconds to let Synapse breathe
pause:
seconds: 5

317
roles/matrix-awx/tasks/purge_database_main.yml Normal file
View File

@ -0,0 +1,317 @@
- name: Ensure dateutils and curl is installed in AWX
delegate_to: 127.0.0.1
yum:
name: dateutils
state: latest
- name: Ensure dateutils, curl and jq intalled on target machine
apt:
pkg:
- curl
- jq
state: present
- name: Include vars in matrix_vars.yml
include_vars:
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
no_log: True
- name: Collect before shrink size of Synapse database
shell: du -sh /matrix/postgres/data
register: db_size_before_stat
when: (purge_mode.find("Perform final shrink") != -1)
no_log: True
- name: Collect the internal IP of the matrix-synapse container
shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse"
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1)
register: synapse_container_ip
- name: Collect access token for janitor user
shell: |
curl -X POST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ matrix_awx_janitor_user_password }}"}' "{{ synapse_container_ip.stdout }}:8008/_matrix/client/r0/login" | jq '.access_token'
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1)
register: janitors_token
no_log: True
- name: Copy build_room_list.py script to target machine
copy:
src: ./roles/matrix-awx/scripts/matrix_build_room_list.py
dest: /usr/local/bin/matrix_build_room_list.py
owner: matrix
group: matrix
mode: '0755'
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1)
- name: Run build_room_list.py script
shell: |
runuser -u matrix -- python3 /usr/local/bin/matrix_build_room_list.py {{ janitors_token.stdout[1:-1] }} {{ synapse_container_ip.stdout }}
register: rooms_total
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1)
- name: Fetch complete room list from target machine
fetch:
src: /tmp/room_list_complete.json
dest: "/tmp/{{ subscription_id }}_room_list_complete.json"
flat: yes
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1)
- name: Remove complete room list from target machine
file:
path: /tmp/room_list_complete.json
state: absent
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1)
- name: Generate list of rooms with no local users
delegate_to: 127.0.0.1
shell: |
jq 'try .rooms[] | select(.joined_local_members == 0) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_no_local_users.txt
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1)
- name: Count number of rooms with no local users
delegate_to: 127.0.0.1
shell: |
wc -l /tmp/{{ subscription_id }}_room_list_no_local_users.txt | awk '{ print $1 }'
register: rooms_no_local_total
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1)
- name: Setting host fact room_list_no_local_users
set_fact:
room_list_no_local_users: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_no_local_users.txt') }}"
no_log: True
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1)
- name: Purge all rooms with no local users
include_tasks: purge_database_no_local.yml
loop: "{{ room_list_no_local_users.splitlines() | flatten(levels=1) }}"
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1)
- name: Collect epoche time from date
delegate_to: 127.0.0.1
shell: |
date -d '{{ purge_date }}' +"%s"
when: (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1)
register: purge_epoche_time
- name: Generate list of rooms with more then N users
delegate_to: 127.0.0.1
shell: |
jq 'try .rooms[] | select(.joined_members > {{ purge_metric_value }}) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_joined_members.txt
when: purge_mode.find("Number of users [slower]") != -1
- name: Count number of rooms with more then N users
delegate_to: 127.0.0.1
shell: |
wc -l /tmp/{{ subscription_id }}_room_list_joined_members.txt | awk '{ print $1 }'
register: rooms_join_members_total
when: purge_mode.find("Number of users [slower]") != -1
- name: Setting host fact room_list_joined_members
delegate_to: 127.0.0.1
set_fact:
room_list_joined_members: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_joined_members.txt') }}"
when: purge_mode.find("Number of users [slower]") != -1
no_log: True
- name: Purge all rooms with more then N users
include_tasks: purge_database_users.yml
loop: "{{ room_list_joined_members.splitlines() | flatten(levels=1) }}"
when: purge_mode.find("Number of users [slower]") != -1
- name: Generate list of rooms with more then N events
delegate_to: 127.0.0.1
shell: |
jq 'try .rooms[] | select(.state_events > {{ purge_metric_value }}) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_state_events.txt
when: purge_mode.find("Number of events [slower]") != -1
- name: Count number of rooms with more then N events
delegate_to: 127.0.0.1
shell: |
wc -l /tmp/{{ subscription_id }}_room_list_state_events.txt | awk '{ print $1 }'
register: rooms_state_events_total
when: purge_mode.find("Number of events [slower]") != -1
- name: Setting host fact room_list_state_events
delegate_to: 127.0.0.1
set_fact:
room_list_state_events: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_state_events.txt') }}"
when: purge_mode.find("Number of events [slower]") != -1
no_log: True
- name: Purge all rooms with more then N events
include_tasks: purge_database_events.yml
loop: "{{ room_list_state_events.splitlines() | flatten(levels=1) }}"
when: purge_mode.find("Number of events [slower]") != -1
- name: Collect AWX admin token the hard way!
delegate_to: 127.0.0.1
shell: |
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
register: tower_token
no_log: True
- name: Adjust 'Deploy/Update a Server' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
description: "Creates a new matrix service with Spantaleev's playbooks"
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "rust-synapse-compress-state"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
state: present
verbosity: 1
tower_host: "https://{{ tower_host }}"
tower_oauthtoken: "{{ tower_token.stdout }}"
validate_certs: yes
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) or (purge_mode.find("Skip purging rooms [faster]") != -1)
- name: Execute rust-synapse-compress-state job template
delegate_to: 127.0.0.1
awx.awx.tower_job_launch:
job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
wait: yes
tower_host: "https://{{ tower_host }}"
tower_oauthtoken: "{{ tower_token.stdout }}"
validate_certs: yes
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) or (purge_mode.find("Skip purging rooms [faster]") != -1)
- name: Revert 'Deploy/Update a Server' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
description: "Creates a new matrix service with Spantaleev's playbooks"
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "setup-all,start"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
state: present
verbosity: 1
tower_host: "https://{{ tower_host }}"
tower_oauthtoken: "{{ tower_token.stdout }}"
validate_certs: yes
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) or (purge_mode.find("Skip purging rooms [faster]") != -1)
- name: Ensure matrix-synapse is stopped
service:
name: matrix-synapse
state: stopped
daemon_reload: yes
when: (purge_mode.find("Perform final shrink") != -1)
- name: Re-index Synapse database
shell: docker exec -i matrix-postgres psql "host=127.0.0.1 port=5432 dbname=synapse user=synapse password={{ matrix_synapse_connection_password }}" -c 'REINDEX (VERBOSE) DATABASE synapse'
when: (purge_mode.find("Perform final shrink") != -1)
- name: Ensure matrix-synapse is started
service:
name: matrix-synapse
state: started
daemon_reload: yes
when: (purge_mode.find("Perform final shrink") != -1)
- name: Adjust 'Deploy/Update a Server' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
description: "Creates a new matrix service with Spantaleev's playbooks"
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "run-postgres-vacuum,start"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
state: present
verbosity: 1
tower_host: "https://{{ tower_host }}"
tower_oauthtoken: "{{ tower_token.stdout }}"
validate_certs: yes
when: (purge_mode.find("Perform final shrink") != -1)
- name: Execute run-postgres-vacuum job template
delegate_to: 127.0.0.1
awx.awx.tower_job_launch:
job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
wait: yes
tower_host: "https://{{ tower_host }}"
tower_oauthtoken: "{{ tower_token.stdout }}"
validate_certs: yes
when: (purge_mode.find("Perform final shrink") != -1)
- name: Revert 'Deploy/Update a Server' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
description: "Creates a new matrix service with Spantaleev's playbooks"
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "setup-all,start"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
state: present
verbosity: 1
tower_host: "https://{{ tower_host }}"
tower_oauthtoken: "{{ tower_token.stdout }}"
validate_certs: yes
when: (purge_mode.find("Perform final shrink") != -1)
- name: Cleanup room_list files
delegate_to: 127.0.0.1
shell: |
rm /tmp/{{ subscription_id }}_room_list*
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1)
ignore_errors: yes
- name: Collect after shrink size of Synapse database
shell: du -sh /matrix/postgres/data
register: db_size_after_stat
when: (purge_mode.find("Perform final shrink") != -1)
no_log: True
- name: Print total number of rooms processed
debug:
msg: '{{ rooms_total.stdout }}'
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1)
- name: Print the number of rooms purged with no local users
debug:
msg: '{{ rooms_no_local_total.stdout }}'
when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1)
- name: Print the number of rooms purged with more then N users
debug:
msg: '{{ rooms_join_members_total.stdout }}'
when: purge_mode.find("Number of users") != -1
- name: Print the number of rooms purged with more then N events
debug:
msg: '{{ rooms_state_events_total.stdout }}'
when: purge_mode.find("Number of events") != -1
- name: Print before purge size of Synapse database
debug:
msg: "{{ db_size_before_stat.stdout.split('\n') }}"
when: (db_size_before_stat is defined) and (purge_mode.find("Perform final shrink") != -1)
- name: Print after purge size of Synapse database
debug:
msg: "{{ db_size_after_stat.stdout.split('\n') }}"
when: (db_size_after_stat is defined) and (purge_mode.find("Perform final shrink") != -1)
- name: Set boolean value to exit playbook
set_fact:
end_playbook: true
- name: End playbook early if this task is called.
meta: end_play
when: end_playbook is defined and end_playbook|bool

13
roles/matrix-awx/tasks/purge_database_no_local.yml Normal file
View File

@ -0,0 +1,13 @@
- name: Purge all rooms with no local users
shell: |
curl --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "room_id": {{ item }} }' '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_room'
register: purge_command
- name: Print output of purge command
debug:
msg: "{{ purge_command.stdout }}"
- name: Pause for 5 seconds to let Synapse breathe
pause:
seconds: 5

13
roles/matrix-awx/tasks/purge_database_users.yml Normal file
View File

@ -0,0 +1,13 @@
- name: Purge all rooms with more then N users
shell: |
curl --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ purge_epoche_time.stdout }}000 }' "{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_history/{{ item[1:-1] }}"
register: purge_command
- name: Print output of purge command
debug:
msg: "{{ purge_command.stdout }}"
- name: Pause for 5 seconds to let Synapse breathe
pause:
seconds: 5

18
roles/matrix-awx/tasks/purge_media_local.yml Normal file
View File

@ -0,0 +1,18 @@
- name: Collect epoche time from date
shell: |
date -d '{{ item }}' +"%s"
register: epoche_time
- name: Purge local media to specific date
shell: |
curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ epoche_time.stdout }}000'
register: purge_command
- name: Print output of purge command
debug:
msg: "{{ purge_command.stdout }}"
- name: Pause for 5 seconds to let Synapse breathe
pause:
seconds: 5

99
roles/matrix-awx/tasks/purge_media_main.yml Normal file
View File

@ -0,0 +1,99 @@
- name: Ensure dateutils and curl is installed in AWX
delegate_to: 127.0.0.1
yum:
name: dateutils
state: latest
- name: Include vars in matrix_vars.yml
include_vars:
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
no_log: True
- name: Ensure curl and jq intalled on target machine
apt:
pkg:
- curl
- jq
state: present
- name: Collect the internal IP of the matrix-synapse container
shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse"
register: synapse_container_ip
- name: Collect access token for janitor user
shell: |
curl -XPOST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ matrix_awx_janitor_user_password }}"}' "{{ synapse_container_ip.stdout }}:8008/_matrix/client/r0/login" | jq '.access_token'
register: janitors_token
no_log: True
- name: Generate list of dates to purge to
delegate_to: 127.0.0.1
shell: "dateseq {{ matrix_purge_from_date }} {{ matrix_purge_to_date }}"
register: purge_dates
- name: Calculate initial size of local media repository
shell: du -sh /matrix/synapse/storage/media-store/local*
register: local_media_size_before
when: matrix_purge_media_type == "Local Media"
ignore_errors: yes
no_log: True
- name: Calculate initial size of remote media repository
shell: du -sh /matrix/synapse/storage/media-store/remote*
register: remote_media_size_before
when: matrix_purge_media_type == "Remote Media"
ignore_errors: yes
no_log: True
- name: Purge local media with loop
include_tasks: purge_media_local.yml
loop: "{{ purge_dates.stdout_lines | flatten(levels=1) }}"
when: matrix_purge_media_type == "Local Media"
- name: Purge remote media with loop
include_tasks: purge_media_remote.yml
loop: "{{ purge_dates.stdout_lines | flatten(levels=1) }}"
when: matrix_purge_media_type == "Remote Media"
- name: Calculate final size of local media repository
shell: du -sh /matrix/synapse/storage/media-store/local*
register: local_media_size_after
when: matrix_purge_media_type == "Local Media"
ignore_errors: yes
no_log: True
- name: Calculate final size of remote media repository
shell: du -sh /matrix/synapse/storage/media-store/remote*
register: remote_media_size_after
when: matrix_purge_media_type == "Remote Media"
ignore_errors: yes
no_log: True
- name: Print size of local media repository before purge
debug:
msg: "{{ local_media_size_before.stdout.split('\n') }}"
when: matrix_purge_media_type == "Local Media"
- name: Print size of local media repository after purge
debug:
msg: "{{ local_media_size_after.stdout.split('\n') }}"
when: matrix_purge_media_type == "Local Media"
- name: Print size of remote media repository before purge
debug:
msg: "{{ remote_media_size_before.stdout.split('\n') }}"
when: matrix_purge_media_type == "Remote Media"
- name: Print size of remote media repository after purge
debug:
msg: "{{ remote_media_size_after.stdout.split('\n') }}"
when: matrix_purge_media_type == "Remote Media"
- name: Set boolean value to exit playbook
set_fact:
end_playbook: true
- name: End playbook early if this task is called.
meta: end_play
when: end_playbook is defined and end_playbook|bool

18
roles/matrix-awx/tasks/purge_media_remote.yml Normal file
View File

@ -0,0 +1,18 @@
- name: Collect epoche time from date
shell: |
date -d '{{ item }}' +"%s"
register: epoche_time
- name: Purge remote media to specific date
shell: |
curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_media_cache?before_ts={{ epoche_time.stdout }}000'
register: purge_command
- name: Print output of purge command
debug:
msg: "{{ purge_command.stdout }}"
- name: Pause for 5 seconds to let Synapse breathe
pause:
seconds: 5

8
roles/matrix-awx/tasks/rename_variables.yml Normal file
View File

@ -0,0 +1,8 @@
- name: Rename synapse presence variable
delegate_to: 127.0.0.1
replace:
path: "/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml"
regexp: 'matrix_synapse_use_presence'
replace: 'matrix_synapse_presence_enabled'

105
roles/matrix-awx/tasks/self_check.yml Normal file
View File

@ -0,0 +1,105 @@
- name: Install prerequisite apt packages on target
apt:
name:
- sysstat
- curl
state: present
- name: Install prerequisite yum packages on AWX
delegate_to: 127.0.0.1
yum:
name:
- bind-utils
state: present
- name: Install prerequisite pip packages on AWX
delegate_to: 127.0.0.1
pip:
name:
- dnspython
state: present
- name: Calculate MAU value
shell: |
curl -s localhost:9000 | grep "^synapse_admin_mau_current "
register: mau_stat
no_log: True
- name: Print MAU value
debug:
msg: "{{ mau_stat.stdout.split('\n') }}"
when: mau_stat is defined
- name: Calculate CPU usage statistics
shell: iostat -c
register: cpu_usage_stat
no_log: True
- name: Print CPU usage statistics
debug:
msg: "{{ cpu_usage_stat.stdout.split('\n') }}"
when: cpu_usage_stat is defined
- name: Calculate RAM usage statistics
shell: free -mh
register: ram_usage_stat
no_log: True
- name: Print RAM usage statistics
debug:
msg: "{{ ram_usage_stat.stdout.split('\n') }}"
when: ram_usage_stat is defined
- name: Calculate free disk space
shell: df -h
register: disk_space_stat
no_log: True
- name: Print free disk space
debug:
msg: "{{ disk_space_stat.stdout.split('\n') }}"
when: disk_space_stat is defined
- name: Calculate size of Synapse database
shell: du -sh /matrix/postgres/data
register: db_size_stat
no_log: True
- name: Print size of Synapse database
debug:
msg: "{{ db_size_stat.stdout.split('\n') }}"
when: db_size_stat is defined
- name: Calculate size of local media repository
shell: du -sh /matrix/synapse/storage/media-store/local*
register: local_media_size_stat
ignore_errors: yes
no_log: True
- name: Print size of local media repository
debug:
msg: "{{ local_media_size_stat.stdout.split('\n') }}"
when: local_media_size_stat is defined
- name: Calculate size of remote media repository
shell: du -sh /matrix/synapse/storage/media-store/remote*
register: remote_media_size_stat
ignore_errors: yes
no_log: True
- name: Print size of remote media repository
debug:
msg: "{{ remote_media_size_stat.stdout.split('\n') }}"
when: remote_media_size_stat is defined
- name: Calculate docker container statistics
shell: docker stats --all --no-stream
register: docker_stats
ignore_errors: yes
no_log: True
- name: Print docker container statistics
debug:
msg: "{{ docker_stats.stdout.split('\n') }}"
when: docker_stats is defined

247
roles/matrix-awx/tasks/set_variables_corporal.yml Executable file
View File

@ -0,0 +1,247 @@
- name: Record Corporal Enabled/Disabled variable
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Corporal Settings Start'
with_dict:
'matrix_corporal_enabled': '{{ matrix_corporal_enabled }}'
- name: Enable Shared Secret Auth if Corporal enabled
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Shared Secret Auth Settings Start'
with_dict:
'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'true'
when: matrix_corporal_enabled|bool
- name: Disable Shared Secret Auth if Corporal disabled
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Shared Secret Auth Settings Start'
with_dict:
'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'false'
when: not matrix_corporal_enabled|bool
- name: Enable Rest Auth Endpoint if Corporal enabled
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Synapse Extension Start'
with_dict:
'matrix_synapse_ext_password_provider_rest_auth_enabled': 'true'
when: matrix_corporal_enabled|bool
- name: Disable Rest Auth Endpoint if Corporal disabled
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Synapse Extension Start'
with_dict:
'matrix_synapse_ext_password_provider_rest_auth_enabled': 'false'
when: not matrix_corporal_enabled|bool
- name: Disable Corporal API if Simple Static File mode selected
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Corporal Settings Start'
with_dict:
'matrix_corporal_http_api_enabled': 'false'
when: (matrix_corporal_policy_provider_mode == "Simple Static File") or (not matrix_corporal_enabled|bool)
- name: Enable Corporal API if Push/Pull mode delected
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Corporal Settings Start'
with_dict:
'matrix_corporal_http_api_enabled': 'true'
when: (matrix_corporal_policy_provider_mode != "Simple Static File") and (matrix_corporal_enabled|bool)
- name: Record Corporal API Access Token if it's defined
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Corporal Settings Start'
with_dict:
'matrix_corporal_http_api_auth_token': '{{ matrix_corporal_http_api_auth_token }}'
when: matrix_corporal_http_api_auth_token|length > 0
- name: Record 'Simple Static File' configuration variables in matrix_vars.yml
delegate_to: 127.0.0.1
blockinfile:
path: '{{ awx_cached_matrix_vars }}'
insertafter: "# Corporal Policy Provider Settings Start"
block: |
matrix_corporal_policy_provider_config: |
{
"Type": "static_file",
"Path": "/etc/matrix-corporal/corporal-policy.json"
}
when: matrix_corporal_policy_provider_mode == "Simple Static File"
- name: Touch the /matrix/corporal/ directory
file:
path: "/matrix/corporal/"
state: directory
owner: matrix
group: matrix
mode: '750'
- name: Touch the /matrix/corporal/config/ directory
file:
path: "/matrix/corporal/config/"
state: directory
owner: matrix
group: matrix
mode: '750'
- name: Touch the /matrix/corporal/cache/ directory
file:
path: "/matrix/corporal/cache/"
state: directory
owner: matrix
group: matrix
mode: '750'
- name: Touch the corporal-policy.json file to ensure it exists
file:
path: "/matrix/corporal/config/corporal-policy.json"
state: touch
owner: matrix
group: matrix
mode: '660'
- name: Touch the last-policy.json file to ensure it exists
file:
path: "/matrix/corporal/config/last-policy.json"
state: touch
owner: matrix
group: matrix
mode: '660'
- name: Record 'Simple Static File' configuration content in corporal-policy.json
copy:
content: "{{ matrix_corporal_simple_static_config | string }}"
dest: "/matrix/corporal/config/corporal-policy.json"
owner: matrix
group: matrix
mode: '660'
when: (matrix_corporal_policy_provider_mode == "Simple Static File") and (matrix_corporal_simple_static_config|length > 0)
- name: Record 'HTTP Pull Mode' configuration variables in matrix_vars.yml
delegate_to: 127.0.0.1
blockinfile:
path: '{{ awx_cached_matrix_vars }}'
insertafter: "# Corporal Policy Provider Settings Start"
block: |
matrix_corporal_policy_provider_config: |
{
"Type": "http",
"Uri": "{{ matrix_corporal_pull_mode_uri }}",
"AuthorizationBearerToken": "{{ matrix_corporal_pull_mode_token }}",
"CachePath": "/var/cache/matrix-corporal/last-policy.json",
"ReloadIntervalSeconds": 1800,
"TimeoutMilliseconds": 30000
}
when: (matrix_corporal_policy_provider_mode == "HTTP Pull Mode (API Enabled)") and (matrix_corporal_pull_mode_uri|length > 0) and (matrix_corporal_pull_mode_token|length > 0)
- name: Record 'HTTP Push Mode' configuration variables in matrix_vars.yml
delegate_to: 127.0.0.1
blockinfile:
path: '{{ awx_cached_matrix_vars }}'
insertafter: "# Corporal Policy Provider Settings Start"
block: |
matrix_corporal_policy_provider_config: |
{
"Type": "last_seen_store_policy",
"CachePath": "/var/cache/matrix-corporal/last-policy.json"
}
when: (matrix_corporal_policy_provider_mode == "HTTP Push Mode (API Enabled)")
- name: Lower RateLimit if set to 'Normal'
delegate_to: 127.0.0.1
replace:
path: '{{ awx_cached_matrix_vars }}'
regexp: ' address:\n per_second: 50\n burst_count: 300\n account:\n per_second: 0.17\n burst_count: 300'
replace: ' address:\n per_second: 0.17\n burst_count: 3\n account:\n per_second: 0.17\n burst_count: 3'
when: matrix_corporal_raise_ratelimits == "Normal"
- name: Raise RateLimit if set to 'Raised'
delegate_to: 127.0.0.1
replace:
path: '{{ awx_cached_matrix_vars }}'
regexp: ' address:\n per_second: 0.17\n burst_count: 3\n account:\n per_second: 0.17\n burst_count: 3'
replace: ' address:\n per_second: 50\n burst_count: 300\n account:\n per_second: 0.17\n burst_count: 300'
when: matrix_corporal_raise_ratelimits == "Raised"
- name: Save new 'Configure Corporal' survey.json to the AWX tower
delegate_to: 127.0.0.1
template:
src: 'roles/matrix-awx/surveys/configure_corporal.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json'
- name: Copy new 'Configure Corporal' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json'
dest: '/matrix/awx/configure_corporal.json'
mode: '0660'
- debug:
msg: "matrix_corporal_matrix_homeserver_api_endpoint: {{ matrix_corporal_matrix_homeserver_api_endpoint }}"
- debug:
msg: "matrix_corporal_matrix_auth_shared_secret: {{ matrix_corporal_matrix_auth_shared_secret }}"
- debug:
msg: "matrix_corporal_http_gateway_internal_rest_auth_enabled: {{ matrix_corporal_http_gateway_internal_rest_auth_enabled }}"
- debug:
msg: "matrix_corporal_matrix_registration_shared_secret: {{ matrix_corporal_matrix_registration_shared_secret }}"
- name: Collect AWX admin token the hard way!
delegate_to: 127.0.0.1
shell: |
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
register: tower_token
no_log: True
- name: Recreate 'Configure Corporal (Advanced)' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 1 - Configure Corporal (Advanced)"
description: "Configure Matrix Corporal, a tool that manages your Matrix server according to a configuration policy."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "start,setup-corporal"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json') }}"
become_enabled: yes
state: present
verbosity: 1
tower_host: "https://{{ tower_host }}"
tower_oauthtoken: "{{ tower_token.stdout }}"
validate_certs: yes

111
roles/matrix-awx/tasks/set_variables_dimension.yml Normal file
View File

@ -0,0 +1,111 @@
- name: Include vars in matrix_vars.yml
include_vars:
file: '{{ awx_cached_matrix_vars }}'
no_log: True
- name: Install jq and curl on remote machine
apt:
name:
- jq
- curl
state: present
- name: Collect access token of Dimension user
shell: |
curl -X POST --header 'Content-Type: application/json' -d '{ "identifier": { "type": "m.id.user","user": "dimension" }, "password": "{{ matrix_awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//'
register: dimension_user_access_token
- name: Record Synapse variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Dimension Settings Start'
with_dict:
'matrix_dimension_enabled': '{{ matrix_dimension_enabled }}'
'matrix_dimension_access_token': '"{{ dimension_user_access_token.stdout }}"'
- name: Set final users list if users are defined
set_fact:
ext_dimension_users_raw_final: "{{ ext_dimension_users_raw }}"
when: ext_dimension_users_raw|length > 0
- name: Set final users list if no users are defined
set_fact:
ext_dimension_users_raw_final: '@dimension:{{ matrix_domain }}'
when: ext_dimension_users_raw|length == 0
- name: Remove Dimension Users
delegate_to: 127.0.0.1
replace:
path: '{{ awx_cached_matrix_vars }}'
regexp: '^ - .*\n'
after: 'matrix_dimension_admins:'
before: '# Dimension Settings End'
- name: Set Dimension Users Header
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
insertbefore: '# Dimension Settings End'
line: "matrix_dimension_admins:"
- name: Set Dimension Users
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
insertafter: '^matrix_dimension_admins:'
line: ' - "{{ item }}"'
with_items: "{{ ext_dimension_users_raw_final.splitlines() }}"
- name: Record Dimension Custom variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Custom Settings Start'
with_dict:
'ext_dimension_users_raw': '{{ ext_dimension_users_raw.splitlines() | to_json }}'
- name: Save new 'Configure Dimension' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: 'roles/matrix-awx/surveys/configure_dimension.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//configure_dimension.json'
- name: Copy new 'Configure Dimension' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json'
dest: '/matrix/awx/configure_dimension.json'
mode: '0660'
- name: Collect AWX admin token the hard way!
delegate_to: 127.0.0.1
shell: |
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
register: tower_token
no_log: True
- name: Recreate 'Configure Dimension' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 1 - Configure Dimension"
description: "Configure Dimension, the self-hosted integrations server."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "start,setup-all,setup-dimension"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json') }}"
become_enabled: yes
state: present
verbosity: 1
tower_host: "https://{{ tower_host }}"
tower_oauthtoken: "{{ tower_token.stdout }}"
validate_certs: yes

69
roles/matrix-awx/tasks/set_variables_element.yml Executable file
View File

@ -0,0 +1,69 @@
- name: Record Element-Web variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Element Settings Start'
with_dict:
'matrix_client_element_enabled': '{{ matrix_client_element_enabled }}'
'matrix_client_element_jitsi_preferredDomain': '{{ matrix_client_element_jitsi_preferredDomain }}'
'matrix_client_element_brand': '{{ matrix_client_element_brand }}'
'matrix_client_element_default_theme': '{{ matrix_client_element_default_theme }}'
'matrix_client_element_registration_enabled': '{{ matrix_client_element_registration_enabled }}'
- name: Set fact for 'https' string
set_fact:
awx_https_string: "https"
- name: Record Element-Web Background variable locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Element Settings Start'
with_dict:
'matrix_client_element_branding_welcomeBackgroundUrl': '{{ matrix_client_element_branding_welcomeBackgroundUrl }}'
when: (awx_https_string in matrix_client_element_branding_welcomeBackgroundUrl) and ( matrix_client_element_branding_welcomeBackgroundUrl|length > 0 )
- name: Save new 'Configure Element' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: 'roles/matrix-awx/surveys/configure_element.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json'
- name: Copy new 'Configure Element' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json'
dest: '/matrix/awx/configure_element.json'
mode: '0660'
- name: Collect AWX admin token the hard way!
delegate_to: 127.0.0.1
shell: |
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
register: tower_token
no_log: True
- name: Recreate 'Configure Element' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 1 - Configure Element"
description: "Configure Element client via survey."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "start,setup-client-element"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json') }}"
become_enabled: yes
state: present
verbosity: 1
tower_host: "https://{{ tower_host }}"
tower_oauthtoken: "{{ tower_token.stdout }}"
validate_certs: yes

49
roles/matrix-awx/tasks/set_variables_element_subdomain.yml Normal file
View File

@ -0,0 +1,49 @@
- name: Record Element-Web variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Element Settings Start'
with_dict:
'matrix_server_fqn_element': "{{ element_subdomain }}.{{ matrix_domain }}"
- name: Save new 'Configure Element Subdomain' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: 'roles/matrix-awx/surveys/configure_element_subdomain.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element_subdomain.json'
- name: Copy new 'Configure Element Subdomain' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element_subdomain.json'
dest: '/matrix/awx/configure_element_subdomain.json'
mode: '0660'
- name: Collect AWX admin token the hard way!
delegate_to: 127.0.0.1
shell: |
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
register: tower_token
no_log: True
- name: Recreate 'Configure Element Subdomain' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 1 - Configure Element Subdomain"
description: "Configure Element clients subdomain location. (Eg: 'element' for element.example.org)"
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "start,setup-all,setup-client-element-subdomain"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element_subdomain.json') }}"
state: present
verbosity: 1
tower_host: "https://{{ tower_host }}"
tower_oauthtoken: "{{ tower_token.stdout }}"
validate_certs: yes

51
roles/matrix-awx/tasks/set_variables_jitsi.yml Executable file
View File

@ -0,0 +1,51 @@
- name: Record Jitsi variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Jitsi Settings Start'
with_dict:
'matrix_jitsi_enabled': '{{ matrix_jitsi_enabled }}'
'matrix_jitsi_web_config_defaultLanguage': '{{ matrix_jitsi_web_config_defaultLanguage }}'
- name: Save new 'Configure Jitsi' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: 'roles/matrix-awx/surveys/configure_jitsi.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json'
- name: Copy new 'Configure Jitsi' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json'
dest: '/matrix/awx/configure_jitsi.json'
mode: '0660'
- name: Collect AWX admin token the hard way!
delegate_to: 127.0.0.1
shell: |
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
register: tower_token
no_log: True
- name: Recreate 'Configure Jitsi' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 1 - Configure Jitsi"
description: "Configure Jitsi conferencing settings."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "start,setup-jitsi"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json') }}"
become_enabled: yes
state: present
verbosity: 1
tower_host: "https://{{ tower_host }}"
tower_oauthtoken: "{{ tower_token.stdout }}"
validate_certs: yes

109
roles/matrix-awx/tasks/set_variables_ma1sd.yml Executable file
View File

@ -0,0 +1,109 @@
- name: Record ma1sd variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# ma1sd Settings Start'
with_dict:
'matrix_ma1sd_enabled': '{{ matrix_ma1sd_enabled }}'
- name: Disable REST auth (matrix-corporal/ma1sd) if using internal auth
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Synapse Extension Start'
with_dict:
'matrix_synapse_ext_password_provider_rest_auth_enabled': 'false'
when: ext_matrix_ma1sd_auth_store == 'Synapse Internal'
- name: Enable REST auth if using external LDAP/AD with ma1sd
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Synapse Extension Start'
with_dict:
'matrix_synapse_ext_password_provider_rest_auth_enabled': 'true'
'matrix_synapse_ext_password_provider_rest_auth_endpoint': '"http://matrix-ma1sd:8090"'
when: ext_matrix_ma1sd_auth_store == 'LDAP/AD'
- name: Remove entire ma1sd configuration extension
delegate_to: 127.0.0.1
replace:
path: '{{ awx_cached_matrix_vars }}'
regexp: '^.*\n'
after: '# Start ma1sd Extension'
before: '# End ma1sd Extension'
- name: Replace conjoined ma1sd configuration extension limiters
delegate_to: 127.0.0.1
replace:
path: '{{ awx_cached_matrix_vars }}'
regexp: '^# Start ma1sd Extension# End ma1sd Extension'
replace: '# Start ma1sd Extension\n# End ma1sd Extension'
- name: Insert/Update ma1sd configuration extension variables
delegate_to: 127.0.0.1
blockinfile:
path: '{{ awx_cached_matrix_vars }}'
marker: "# {mark} ma1sd ANSIBLE MANAGED BLOCK"
insertafter: '# Start ma1sd Extension'
block: '{{ ext_matrix_ma1sd_configuration_extension_yaml }}'
- name: Record ma1sd Custom variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertbefore: '# Custom Settings Start'
with_dict:
'ext_matrix_ma1sd_auth_store': '{{ ext_matrix_ma1sd_auth_store }}'
'ext_matrix_ma1sd_configuration_extension_yaml': '{{ ext_matrix_ma1sd_configuration_extension_yaml.splitlines() | to_json }}'
no_log: True
- name: Save new 'Configure ma1sd' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: 'roles/matrix-awx/surveys/configure_ma1sd.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json'
- name: Copy new 'Configure ma1sd' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json'
dest: '/matrix/awx/configure_ma1sd.json'
mode: '0660'
- name: Collect AWX admin token the hard way!
delegate_to: 127.0.0.1
shell: |
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
register: tower_token
no_log: True
- name: Recreate 'Configure ma1sd (Advanced)' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 1 - Configure ma1sd (Advanced)"
description: "Configure Jitsi conferencing settings."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "start,setup-ma1sd"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json') }}"
become_enabled: yes
state: present
verbosity: 1
tower_host: "https://{{ tower_host }}"
tower_oauthtoken: "{{ tower_token.stdout }}"
validate_certs: yes

50
roles/matrix-awx/tasks/set_variables_mailer.yml Normal file
View File

@ -0,0 +1,50 @@
- name: Record Mailer variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Email Settings Start'
with_dict:
'matrix_mailer_relay_use': '{{ matrix_mailer_relay_use }}'
- name: Save new 'Configure Email Relay' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: 'roles/matrix-awx/surveys/configure_email_relay.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json'
- name: Copy new 'Configure Email Relay' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json'
dest: '/matrix/awx/configure_email_relay.json'
mode: '0660'
- name: Collect AWX admin token the hard way!
delegate_to: 127.0.0.1
shell: |
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
register: tower_token
no_log: True
- name: Recreate 'Configure Email Relay' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 1 - Configure Email Relay"
description: "Enable MailGun relay to increase verification email reliability."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "start,setup-mailer"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json') }}"
become_enabled: yes
state: present
verbosity: 1
tower_host: "https://{{ tower_host }}"
tower_oauthtoken: "{{ tower_token.stdout }}"
validate_certs: yes

229
roles/matrix-awx/tasks/set_variables_synapse.yml Executable file
View File

@ -0,0 +1,229 @@
- name: Limit max upload size to 200MB part 1
set_fact:
matrix_synapse_max_upload_size_mb: "200"
when: matrix_synapse_max_upload_size_mb_raw|int >= 200
- name: Limit max upload size to 200MB part 2
set_fact:
matrix_synapse_max_upload_size_mb: "{{ matrix_synapse_max_upload_size_mb_raw }}"
when: matrix_synapse_max_upload_size_mb_raw|int < 200
- name: Record Synapse variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Synapse Settings Start'
with_dict:
'matrix_synapse_allow_public_rooms_over_federation': '{{ matrix_synapse_allow_public_rooms_over_federation }}'
'matrix_synapse_enable_registration': '{{ matrix_synapse_enable_registration }}'
'matrix_synapse_federation_enabled': '{{ matrix_synapse_federation_enabled }}'
'matrix_synapse_enable_group_creation': '{{ matrix_synapse_enable_group_creation }}'
'matrix_synapse_presence_enabled': '{{ matrix_synapse_presence_enabled }}'
'matrix_synapse_max_upload_size_mb': '{{ matrix_synapse_max_upload_size_mb }}'
'matrix_synapse_url_preview_enabled': '{{ matrix_synapse_url_preview_enabled }}'
'matrix_synapse_allow_guest_access': '{{ matrix_synapse_allow_guest_access }}'
- name: Empty Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if raw inputs empty
delegate_to: 127.0.0.1
replace:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^matrix_synapse_auto_join_rooms: .*$"
replace: "matrix_synapse_auto_join_rooms: []"
when: matrix_synapse_auto_join_rooms_raw|length == 0
- name: If the raw inputs is not empty start constructing parsed auto_join_rooms list
set_fact:
matrix_synapse_auto_join_rooms_array: |-
{{ matrix_synapse_auto_join_rooms_raw.splitlines() | to_json }}
when: matrix_synapse_auto_join_rooms_raw|length > 0
- name: Record Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if it's not blank
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Synapse Settings Start'
with_dict:
"matrix_synapse_auto_join_rooms": "{{ matrix_synapse_auto_join_rooms_array }}"
when: matrix_synapse_auto_join_rooms_raw|length > 0
- name: Record Synapse Shared Secret if it's defined
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Synapse Settings Start'
with_dict:
'matrix_synapse_registration_shared_secret': '{{ ext_matrix_synapse_registration_shared_secret }}'
when: ext_matrix_synapse_registration_shared_secret|length > 0
- name: Record registations_require_3pid extra variable if true
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "{{ item }}"
line: "{{ item }}"
insertbefore: '# Synapse Extension End'
with_items:
- " registrations_require_3pid:"
- " - email"
when: ext_registrations_require_3pid|bool
- name: Remove registrations_require_3pid extra variable if false
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "{{ item }}"
line: "{{ item }}"
insertbefore: '# Synapse Extension End'
state: absent
with_items:
- " registrations_require_3pid:"
- " - email"
when: not ext_registrations_require_3pid|bool
- name: Remove URL Languages
delegate_to: 127.0.0.1
replace:
path: '{{ awx_cached_matrix_vars }}'
regexp: '^(?!.*\bemail\b) - [a-zA-Z\-]{2,5}\n'
after: ' url_preview_accept_language:'
before: '# Synapse Extension End'
- name: Set URL languages default if raw inputs empty
set_fact:
ext_url_preview_accept_language_default: 'en'
when: ext_url_preview_accept_language_raw|length == 0
- name: Set URL languages default if raw inputs not empty
set_fact:
ext_url_preview_accept_language_default: "{{ ext_url_preview_accept_language_raw }}"
when: ext_url_preview_accept_language_raw|length > 0
- name: Set URL languages if raw inputs empty
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
insertafter: '^ url_preview_accept_language:'
line: " - {{ ext_url_preview_accept_language_default }}"
when: ext_url_preview_accept_language_raw|length == 0
- name: Set URL languages if raw inputs not empty
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
insertafter: '^ url_preview_accept_language:'
line: " - {{ item }}"
with_items: "{{ ext_url_preview_accept_language_raw.splitlines() }}"
when: ext_url_preview_accept_language_raw|length > 0
- name: Remove Federation Whitelisting 1
delegate_to: 127.0.0.1
replace:
path: '{{ awx_cached_matrix_vars }}'
regexp: '^ - [a-z0-9]+\.[a-z0-9.]+\n'
after: ' federation_domain_whitelist:'
before: '# Synapse Extension End'
- name: Remove Federation Whitelisting 2
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
line: " federation_domain_whitelist:"
state: absent
- name: Set Federation Whitelisting 1
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
insertafter: '^matrix_synapse_configuration_extension_yaml: \|'
line: " federation_domain_whitelist:"
when: ext_federation_whitelist_raw|length > 0
- name: Set Federation Whitelisting 2
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
insertafter: '^ federation_domain_whitelist:'
line: " - {{ item }}"
with_items: "{{ ext_federation_whitelist_raw.splitlines() }}"
when: ext_federation_whitelist_raw|length > 0
- name: Set ext_recaptcha_public_key to a 'public-key' if undefined
set_fact: ext_recaptcha_public_key="public-key"
when: (ext_recaptcha_public_key is not defined) or (ext_recaptcha_public_key|length == 0)
- name: Set ext_recaptcha_private_key to a 'private-key' if undefined
set_fact: ext_recaptcha_private_key="private-key"
when: (ext_recaptcha_private_key is not defined) or (ext_recaptcha_private_key|length == 0)
- name: Record Synapse Extension variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertbefore: '# Synapse Extension End'
with_dict:
' enable_registration_captcha': '{{ ext_enable_registration_captcha }}'
' recaptcha_public_key': '{{ ext_recaptcha_public_key }}'
' recaptcha_private_key': '{{ ext_recaptcha_private_key }}'
- name: Record Synapse Custom variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Custom Settings Start'
with_dict:
'ext_federation_whitelist_raw': '{{ ext_federation_whitelist_raw.splitlines() | to_json }}'
'ext_url_preview_accept_language_default': '{{ ext_url_preview_accept_language_default.splitlines() | to_json }}'
'ext_enable_registration_captcha': '{{ ext_enable_registration_captcha }}'
'ext_recaptcha_public_key': '"{{ ext_recaptcha_public_key }}"'
'ext_recaptcha_private_key': '"{{ ext_recaptcha_private_key }}"'
- name: Save new 'Configure Synapse' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: 'roles/matrix-awx/surveys/configure_synapse.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//configure_synapse.json'
- name: Copy new 'Configure Synapse' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json'
dest: '/matrix/awx/configure_synapse.json'
mode: '0660'
- name: Collect AWX admin token the hard way!
delegate_to: 127.0.0.1
shell: |
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
register: tower_token
no_log: True
- name: Recreate 'Configure Synapse' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 1 - Configure Synapse"
description: "Configure Synapse (homeserver) settings."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "start,setup-synapse"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json') }}"
become_enabled: yes
state: present
verbosity: 1
tower_host: "https://{{ tower_host }}"
tower_oauthtoken: "{{ tower_token.stdout }}"
validate_certs: yes

50
roles/matrix-awx/tasks/set_variables_synapse_admin.yml Normal file
View File

@ -0,0 +1,50 @@
- name: Record Synapse Admin variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Synapse Admin Settings Start'
with_dict:
'matrix_synapse_admin_enabled': '{{ matrix_synapse_admin_enabled }}'
- name: Save new 'Configure Synapse Admin' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: 'roles/matrix-awx/surveys/configure_synapse_admin.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json'
- name: Copy new 'Configure Synapse Admin' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json'
dest: '/matrix/awx/configure_synapse_admin.json'
mode: '0660'
- name: Collect AWX admin token the hard way!
delegate_to: 127.0.0.1
shell: |
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
register: tower_token
no_log: True
- name: Recreate 'Configure Synapse Admin' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 1 - Configure Synapse Admin"
description: "Configure 'Synapse Admin', a moderation tool to help you manage your server."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "start,setup-all"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json') }}"
become_enabled: yes
state: present
verbosity: 1
tower_host: "https://{{ tower_host }}"
tower_oauthtoken: "{{ tower_token.stdout }}"
validate_certs: yes