sync with previous repo

roles/matrix-base/tasks/clean_up_old_files.yml

@@ -0,0 +1,9 @@
+---
+
+- name: Get rid of old files and directories
+  file:
+    path: "{{ item }}"
+    state: absent
+  with_items:
+    - "{{ matrix_base_data_path }}/environment-variables"
+    - "{{ matrix_base_data_path }}/scratchpad"

roles/matrix-base/tasks/main.yml

@@ -0,0 +1,34 @@
+- import_tasks: "{{ role_path }}/tasks/sanity_check.yml"
+  tags:
+    - always
+
+- import_tasks: "{{ role_path }}/tasks/clean_up_old_files.yml"
+  when: run_setup|bool
+  tags:
+    - setup-all
+
+- import_tasks: "{{ role_path }}/tasks/server_base/setup.yml"
+  when: run_setup|bool
+  tags:
+    - setup-all
+
+# This needs to always run, because it populates `matrix_user_uid` and `matrix_user_gid`,
+# which are required by many other roles.
+- import_tasks: "{{ role_path }}/tasks/setup_matrix_user.yml"
+  when: run_setup|bool
+  tags:
+    - always
+    - setup-system-user
+
+- import_tasks: "{{ role_path }}/tasks/setup_matrix_base.yml"
+  when: run_setup|bool
+  tags:
+    - setup-all
+
+- import_tasks: "{{ role_path }}/tasks/setup_well_known.yml"
+  when: run_setup|bool
+  tags:
+    - setup-all
+    - setup-ma1sd
+    - setup-synapse
+    - setup-nginx-proxy

roles/matrix-base/tasks/sanity_check.yml

@@ -0,0 +1,61 @@
+---
+
+# We generally support Ansible 2.7.1 and above.
+- name: Fail if running on Ansible < 2.7.1
+  fail:
+    msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md"
+  when:
+    - "(ansible_version.major < 2) or (ansible_version.major == 2 and ansible_version.minor < 7) or (ansible_version.major == 2 and ansible_version.minor == 7 and ansible_version.revision < 1)"
+
+# Though we do not support Ansible 2.9.6 which is buggy
+- name: Fail if running on Ansible 2.9.6 on Ubuntu
+  fail:
+    msg: "You are running on Ansible {{ ansible_version.string }}, which is not supported. See our guide about Ansible: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/ansible.md"
+  when:
+    - ansible_distribution == 'Ubuntu'
+    - "ansible_version.major == 2 and ansible_version.minor == 9 and ansible_version.revision == 6"
+
+- name: (Deprecation) Catch and report renamed settings
+  fail:
+    msg: >-
+      Your configuration contains a variable, which now has a different name.
+      Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
+  when: "item.old in vars"
+  with_items:
+    - {'old': 'host_specific_hostname_identity', 'new': 'matrix_domain'}
+    - {'old': 'hostname_identity', 'new': 'matrix_domain'}
+    - {'old': 'hostname_matrix', 'new': 'matrix_server_fqn_matrix'}
+    - {'old': 'hostname_riot', 'new': 'matrix_server_fqn_element'}
+    - {'old': 'matrix_server_fqn_riot', 'new': 'matrix_server_fqn_element'}
+
+- name: Fail if required variables are undefined
+  fail:
+    msg: "The `{{ item }}` variable must be defined and have a non-null value"
+  with_items:
+    - matrix_domain
+    - matrix_server_fqn_matrix
+    - matrix_server_fqn_element
+  when: "item not in vars or vars[item] is none"
+
+- name: Fail if uppercase domain used
+  fail:
+    msg: "Detected that you're using an uppercase domain name - `{{ item }}`. This will cause trouble. Please use all-lowercase!"
+  with_items:
+    - "{{ matrix_domain }}"
+    - "{{ matrix_server_fqn_matrix }}"
+    - "{{ matrix_server_fqn_element }}"
+  when: "item != item|lower"
+
+- name: Fail if using python2 on Archlinux
+  fail:
+    msg: "Detected that you're using python2 when installing onto Archlinux. Archlinux by default only supports python3."
+  when:
+    - ansible_distribution == 'Archlinux'
+    - ansible_python.version.major != 3
+
+- name: Fail if architecture is set incorrectly
+  fail:
+    msg: "Detected that variable matrix_architecture {{ matrix_architecture }} appears to be set incorrectly. See docs/alternative-architectures.md. Server appears to be {{ ansible_architecture }}."
+  when: (ansible_architecture == "x86_64" and matrix_architecture != "amd64") or
+        (ansible_architecture == "aarch64" and matrix_architecture != "arm64") or
+        (ansible_architecture.startswith("armv") and matrix_architecture != "arm32")

roles/matrix-base/tasks/server_base/setup.yml

@@ -0,0 +1,43 @@
+---
+
+- include_tasks: "{{ role_path }}/tasks/server_base/setup_centos.yml"
+  when: ansible_distribution == 'CentOS' and ansible_distribution_major_version < '8'
+
+- include_tasks: "{{ role_path }}/tasks/server_base/setup_centos8.yml"
+  when: ansible_distribution == 'CentOS' and ansible_distribution_major_version > '7'
+
+- block:
+  # ansible_lsb is only available if lsb-release is installed.
+  - name: Ensure lsb-release installed
+    apt:
+      name:
+        - lsb-release
+      state: present
+      update_cache: yes
+    register: lsb_release_installation_result
+
+  - name: Reread ansible_lsb facts if lsb-release got installed
+    setup: filter=ansible_lsb*
+    when: lsb_release_installation_result.changed
+
+  - include_tasks: "{{ role_path }}/tasks/server_base/setup_debian.yml"
+    when: (ansible_os_family == 'Debian') and (ansible_lsb.id != 'Raspbian')
+
+  - include_tasks: "{{ role_path }}/tasks/server_base/setup_raspbian.yml"
+    when: (ansible_os_family == 'Debian') and (ansible_lsb.id == 'Raspbian')
+  when: ansible_os_family == 'Debian'
+
+- include_tasks: "{{ role_path }}/tasks/server_base/setup_archlinux.yml"
+  when: ansible_distribution == 'Archlinux'
+
+- name: Ensure Docker is started and autoruns
+  service:
+    name: docker
+    state: started
+    enabled: yes
+
+- name: "Ensure {{ matrix_ntpd_service }} is started and autoruns"
+  service:
+    name: "{{ matrix_ntpd_service }}"
+    state: started
+    enabled: yes

roles/matrix-base/tasks/server_base/setup_archlinux.yml

@@ -0,0 +1,19 @@
+---
+
+- name: Install host dependencies
+  pacman:
+    name:
+      - python-docker
+      - "{{ matrix_ntpd_package }}"
+      # TODO This needs to be verified. Which version do we need?
+      - fuse3
+      - python-dnspython
+    state: latest
+    update_cache: yes
+
+- name: Ensure Docker is installed
+  pacman:
+    name:
+      - docker
+    state: latest
+  when: matrix_docker_installation_enabled|bool

roles/matrix-base/tasks/server_base/setup_centos.yml

@@ -0,0 +1,34 @@
+---
+
+- name: Ensure Docker repository is enabled
+  template:
+    src: "{{ role_path }}/files/yum.repos.d/{{ item }}"
+    dest: "/etc/yum.repos.d/{{ item }}"
+    owner: "root"
+    group: "root"
+    mode: 0644
+  with_items:
+    - docker-ce.repo
+  when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
+
+- name: Ensure Docker's RPM key is trusted
+  rpm_key:
+    state: present
+    key: https://download.docker.com/linux/centos/gpg
+  when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
+
+- name: Ensure yum packages are installed
+  yum:
+    name:
+      - "{{ matrix_ntpd_package }}"
+      - fuse
+    state: latest
+    update_cache: yes
+
+- name: Ensure Docker is installed
+  yum:
+    name:
+      - "{{ matrix_docker_package_name }}"
+      - docker-python
+    state: latest
+  when: matrix_docker_installation_enabled|bool

roles/matrix-base/tasks/server_base/setup_centos8.yml

@@ -0,0 +1,47 @@
+---
+
+- name: Ensure Docker repository is enabled
+  template:
+    src: "{{ role_path }}/files/yum.repos.d/{{ item }}"
+    dest: "/etc/yum.repos.d/{{ item }}"
+    owner: "root"
+    group: "root"
+    mode: 0644
+  with_items:
+    - docker-ce.repo
+  when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
+
+- name: Ensure Docker's RPM key is trusted
+  rpm_key:
+    state: present
+    key: https://download.docker.com/linux/centos/gpg
+  when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
+
+- name: Ensure EPEL is installed
+  yum:
+    name:
+      - epel-release
+    state: latest
+    update_cache: yes
+
+- name: Ensure yum packages are installed
+  yum:
+    name:
+      - "{{ matrix_ntpd_package }}"
+      - fuse
+    state: latest
+    update_cache: yes
+
+- name: Ensure Docker is installed
+  yum:
+    name:
+      - "{{ matrix_docker_package_name }}"
+      - python3-pip
+    state: latest
+  when: matrix_docker_installation_enabled|bool
+
+- name: Ensure Docker-Py is installed
+  pip:
+    name: docker-py
+    state: latest
+  when: matrix_docker_installation_enabled|bool

roles/matrix-base/tasks/server_base/setup_debian.yml

@@ -0,0 +1,49 @@
+---
+
+- name: Ensure APT usage dependencies are installed
+  apt:
+    name:
+      - apt-transport-https
+      - ca-certificates
+      - gnupg
+    state: present
+    update_cache: yes
+
+- name: Ensure Docker's APT key is trusted
+  apt_key:
+    url: "https://download.docker.com/linux/{{ ansible_distribution|lower }}/gpg"
+    id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
+    state: present
+  register: add_repository_key
+  ignore_errors: true
+  when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
+
+- name: Ensure Docker repository is enabled
+  apt_repository:
+    repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable"
+    state: present
+    update_cache: yes
+  when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' and not ansible_distribution_release == 'bullseye'
+
+- name: Ensure Docker repository is enabled (using Debian Buster on Debian Bullseye, for which there is no Docker yet)
+  apt_repository:
+    repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/{{ ansible_distribution|lower }} buster stable"
+    state: present
+    update_cache: yes
+  when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' and ansible_distribution_release == 'bullseye'
+
+- name: Ensure APT packages are installed
+  apt:
+    name:
+      - "{{ matrix_ntpd_package }}"
+      - fuse
+    state: latest
+    update_cache: yes
+
+- name: Ensure Docker is installed
+  apt:
+    name:
+      - "{{ matrix_docker_package_name }}"
+      - "python{{'3' if ansible_python.version.major == 3 else ''}}-docker"
+    state: latest
+  when: matrix_docker_installation_enabled|bool

roles/matrix-base/tasks/server_base/setup_raspbian.yml

@@ -0,0 +1,42 @@
+---
+
+- name: Ensure APT usage dependencies are installed
+  apt:
+    name:
+      - apt-transport-https
+      - ca-certificates
+      - gnupg
+    state: present
+    update_cache: yes
+
+- name: Ensure Docker's APT key is trusted
+  apt_key:
+    url: https://download.docker.com/linux/raspbian/gpg
+    id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
+    state: present
+  register: add_repository_key
+  ignore_errors: true
+  when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
+
+- name: Ensure Docker repository is enabled
+  apt_repository:
+    repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/raspbian {{ ansible_distribution_release }} stable"
+    state: present
+    update_cache: yes
+  when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
+
+- name: Ensure APT packages are installed
+  apt:
+    name:
+      - "{{ matrix_ntpd_package }}"
+      - fuse
+    state: latest
+    update_cache: yes
+
+- name: Ensure Docker is installed
+  apt:
+    name:
+      - "{{ matrix_docker_package_name }}"
+      - "python{{'3' if ansible_python.version.major == 3 else ''}}-docker"
+    state: latest
+  when: matrix_docker_installation_enabled|bool

roles/matrix-base/tasks/setup_matrix_base.yml

@@ -0,0 +1,31 @@
+---
+
+- name: Ensure Matrix base path exists
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: "{{ matrix_base_data_path_mode }}"
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - "{{ matrix_base_data_path }}"
+
+- name: Preserve vars.yml on the server for easily restoring if it gets lost later on
+  copy:
+    src: "{{ matrix_vars_yml_snapshotting_src }}"
+    dest: "{{ matrix_base_data_path }}/vars.yml"
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+    mode: '0660'
+  when: "matrix_vars_yml_snapshotting_enabled|bool"
+
+- name: Ensure Matrix network is created in Docker
+  docker_network:
+    name: "{{ matrix_docker_network }}"
+    driver: bridge
+
+- name: Ensure matrix-remove-all script created
+  template:
+    src: "{{ role_path }}/templates/usr-local-bin/matrix-remove-all.j2"
+    dest: "{{ matrix_local_bin_path }}/matrix-remove-all"
+    mode: 0750

roles/matrix-base/tasks/setup_matrix_user.yml

@@ -0,0 +1,27 @@
+---
+
+- name: Ensure Matrix group is created
+  group:
+    name: "{{ matrix_user_groupname }}"
+    gid: "{{ omit if matrix_user_gid is none else matrix_user_gid }}"
+    state: present
+  register: matrix_group
+
+- name: Set Matrix Group GID Variable
+  set_fact:
+    matrix_user_gid: "{{ matrix_group.gid }}"
+
+- name: Ensure Matrix user is created
+  user:
+    name: "{{ matrix_user_username }}"
+    uid: "{{ omit if matrix_user_uid is none else matrix_user_uid }}"
+    state: present
+    group: "{{ matrix_user_groupname }}"
+    home: "{{ matrix_base_data_path }}"
+    create_home: no
+    system: yes
+  register: matrix_user
+
+- name: Set Matrix Group UID Variable
+  set_fact:
+    matrix_user_uid: "{{ matrix_user.uid }}"

roles/matrix-base/tasks/setup_well_known.yml

@@ -0,0 +1,36 @@
+# We need others to be able to read these directories too,
+# so that matrix-nginx-proxy's nginx user can access the files.
+#
+# For running with another webserver, we recommend being part of the `matrix` group.
+- name: Ensure Matrix static-files path exists
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0755
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  with_items:
+    - "{{ matrix_static_files_base_path }}/.well-known/matrix"
+
+- name: Ensure Matrix /.well-known/matrix/client file configured
+  template:
+    src: "{{ role_path }}/templates/static-files/well-known/matrix-client.j2"
+    dest: "{{ matrix_static_files_base_path }}/.well-known/matrix/client"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+
+- name: Ensure Matrix /.well-known/matrix/server file configured
+  template:
+    src: "{{ role_path }}/templates/static-files/well-known/matrix-server.j2"
+    dest: "{{ matrix_static_files_base_path }}/.well-known/matrix/server"
+    mode: 0644
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  when: matrix_well_known_matrix_server_enabled|bool
+
+- name: Ensure Matrix /.well-known/matrix/server file deleted
+  file:
+    path: "{{ matrix_static_files_base_path }}/.well-known/matrix/server"
+    state: absent
+  when: "not matrix_well_known_matrix_server_enabled|bool"