finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Make roles more independent of one another

Browse Source 
With this change, the following roles are now only dependent
on the minimal `matrix-base` role:
- `matrix-corporal`
- `matrix-coturn`
- `matrix-mailer`
- `matrix-mxisd`
- `matrix-postgres`
- `matrix-riot-web`
- `matrix-synapse`

The `matrix-nginx-proxy` role still does too much and remains
dependent on the others.

Wiring up the various (now-independent) roles happens
via a glue variables file (`group_vars/matrix-servers`).
It's triggered for all hosts in the `matrix-servers` group.

According to Ansible's rules of priority, we have the following
chain of inclusion/overriding now:
- role defaults (mostly empty or good for independent usage)
- playbook glue variables (`group_vars/matrix-servers`)
- inventory host variables (`inventory/host_vars/matrix.<your-domain>`)

All roles default to enabling their main component
(e.g. `matrix_mxisd_enabled: true`, `matrix_riot_web_enabled: true`).
Reasoning: if a role is included in a playbook (especially separately,
in another playbook), it should "work" by default.

Our playbook disables some of those if they are not generally useful
(e.g. `matrix_corporal_enabled: false`).
This commit is contained in:
Slavi Pantaleev
2019-01-16 18:05:48 +02:00
parent 515f04e936
commit c10182e5a6
57 changed files with 807 additions and 289 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
roles/matrix-synapse/defaults/main.yml
View File

@ -8,10 +8,13 @@ matrix_synapse_media_store_path: "{{ matrix_synapse_storage_path }}/media-store"
matrix_synapse_ext_path: "{{ matrix_synapse_base_path }}/ext"
# Controls whether the Synapse container exposes the Client/Server API port (tcp/8008).
# Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse over the container network.
# If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, you can expose
# the Client/Server API's port to the local host (`127.0.0.1:8008`).
matrix_synapse_container_expose_client_server_api_port: "{{ not matrix_nginx_proxy_enabled }}"
matrix_synapse_container_expose_client_server_api_port: false
# List of systemd services that matrix-synapse.service depends on
matrix_synapse_systemd_required_services_list: ['docker.service']
# List of systemd services that matrix-synapse.service wants
matrix_synapse_systemd_wanted_services_list: []
matrix_synapse_in_container_python_packages_path: "/usr/local/lib/python3.6/site-packages"
@ -27,15 +30,10 @@ matrix_synapse_macaroon_secret_key: ""
matrix_synapse_registration_shared_secret: "{{ matrix_synapse_macaroon_secret_key }}"
matrix_synapse_form_secret: "{{ matrix_synapse_macaroon_secret_key }}"
# These are the identity servers that would be trusted by Synapse if mxisd is NOT enabled
matrix_synapse_id_servers_public: ['vector.im', 'matrix.org']
# These are the identity servers that would be trusted by Synapse if mxisd IS enabled
matrix_synapse_id_servers_own: "['{{ hostname_matrix }}']"
# The final list of identity servers to use for Synapse.
# The first one would also be used as riot-web's default identity server.
matrix_synapse_trusted_third_party_id_servers: "{{ matrix_synapse_id_servers_own if matrix_mxisd_enabled else matrix_synapse_id_servers_public }}"
# The list of identity servers to use for Synapse.
# We assume this role runs standalone without a local Identity server, so we point Synapse to public ones.
# This most likely gets overwritten later, so that a local Identity server is used.
matrix_synapse_trusted_third_party_id_servers: "{{ matrix_synapse_id_servers_public }}"
matrix_synapse_max_upload_size_mb: 10
matrix_synapse_max_log_file_size_mb: 100
@ -114,6 +112,22 @@ matrix_synapse_app_service_config_files: []
# any password providers have been enabled or not.
matrix_synapse_password_providers_enabled: false
# Postgres database information
matrix_synapse_database_host: ""
matrix_synapse_database_user: ""
matrix_synapse_database_password: ""
matrix_synapse_database_database: ""
matrix_synapse_turn_uris: []
matrix_synapse_turn_shared_secret: ""
matrix_synapse_email_enabled: false
matrix_synapse_email_smtp_host: ""
matrix_synapse_email_smtp_port: 587
matrix_synapse_email_smtp_require_transport_security: false
matrix_synapse_email_notif_from: "Matrix <matrix@{{ hostname_identity }}>"
matrix_synapse_email_riot_base_url: "https://{{ hostname_riot }}"
# Enable this to activate the REST auth password provider module.
# See: https://github.com/kamax-io/matrix-synapse-rest-auth