Compare commits
13 Commits
24967b9372
...
1f31491f49
Author | SHA1 | Date | |
---|---|---|---|
1f31491f49 | |||
2b16d4de8c | |||
4660d2f567 | |||
|
3dd32d2512 | ||
|
9daeb39710 | ||
|
1e46785a0d | ||
|
1da3531a3d | ||
|
e545869454 | ||
|
4fb1134ad1 | ||
|
a7fcb7c04d | ||
|
68f91660d3 | ||
|
4cd5835e11 | ||
|
08d1a5c2e7 |
@ -55,3 +55,22 @@ Certain Synapse administration tasks (managing users and rooms, etc.) can be per
|
|||||||
## Synapse + OpenID Connect for Single-Sign-On
|
## Synapse + OpenID Connect for Single-Sign-On
|
||||||
|
|
||||||
If you'd like to use OpenID Connect authentication with Synapse, you'll need some additional reverse-proxy configuration (see [our nginx reverse-proxy doc page](configuring-playbook-nginx.md#synapse-openid-connect-for-single-sign-on)).
|
If you'd like to use OpenID Connect authentication with Synapse, you'll need some additional reverse-proxy configuration (see [our nginx reverse-proxy doc page](configuring-playbook-nginx.md#synapse-openid-connect-for-single-sign-on)).
|
||||||
|
|
||||||
|
In case you encounter errors regarding the parsing of the variables, you can try to add `{%raw}` and `{% endraw %}` blocks around them. For example ;
|
||||||
|
|
||||||
|
```
|
||||||
|
- idp_id: keycloak
|
||||||
|
idp_name: "Keycloak"
|
||||||
|
issuer: "https://url.ix/auth/realms/x"
|
||||||
|
client_id: "matrix"
|
||||||
|
client_secret: "{{ vault_synapse_keycloak }}"
|
||||||
|
scopes: ["openid", "profile"]
|
||||||
|
authorization_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/auth"
|
||||||
|
token_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/token"
|
||||||
|
userinfo_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/userinfo"
|
||||||
|
user_mapping_provider:
|
||||||
|
config:
|
||||||
|
display_name_template: "{%raw}{{ user.given_name }}{% endraw %} {%raw}{{ user.family_name }}{% endraw %}"
|
||||||
|
email_template: "{%raw}{{ user.email }}{% endraw %}"
|
||||||
|
```
|
||||||
|
|
||||||
|
@ -54,10 +54,6 @@
|
|||||||
validate_certs: yes
|
validate_certs: yes
|
||||||
tags: use-survey
|
tags: use-survey
|
||||||
|
|
||||||
- name: Run export.sh if this job template is run by the client
|
|
||||||
command: /bin/sh /root/export.sh
|
|
||||||
tags: use-survey
|
|
||||||
|
|
||||||
- name: Include vars in matrix_vars.yml
|
- name: Include vars in matrix_vars.yml
|
||||||
include_vars:
|
include_vars:
|
||||||
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||||
@ -70,8 +66,28 @@
|
|||||||
mode: '0660'
|
mode: '0660'
|
||||||
tags: use-survey
|
tags: use-survey
|
||||||
|
|
||||||
- name: Perform the borg backup
|
- name: Run initial backup of /matrix/ and snapshot the database simultaneously
|
||||||
command: borgmatic
|
command: "{{ item }}"
|
||||||
|
with_items:
|
||||||
|
- borgmatic -c /root/.config/borgmatic/config_1.yaml
|
||||||
|
- /bin/sh /usr/local/bin/awx-export-service.sh 1 0
|
||||||
|
register: _create_instances
|
||||||
|
async: 3600 # Maximum runtime in seconds.
|
||||||
|
poll: 0 # Fire and continue (never poll)
|
||||||
|
when: matrix_awx_backup_enabled|bool
|
||||||
|
|
||||||
|
- name: Wait for both of these jobs to finish
|
||||||
|
async_status:
|
||||||
|
jid: "{{ item.ansible_job_id }}"
|
||||||
|
register: _jobs
|
||||||
|
until: _jobs.finished
|
||||||
|
delay: 5 # Check every 5 seconds.
|
||||||
|
retries: 720 # Retry for a full hour.
|
||||||
|
with_items: "{{ _create_instances.results }}"
|
||||||
|
when: matrix_awx_backup_enabled|bool
|
||||||
|
|
||||||
|
- name: Perform borg backup of postgres dump
|
||||||
|
command: borgmatic -c /root/.config/borgmatic/config_2.yaml
|
||||||
when: matrix_awx_backup_enabled|bool
|
when: matrix_awx_backup_enabled|bool
|
||||||
|
|
||||||
- name: Set boolean value to exit playbook
|
- name: Set boolean value to exit playbook
|
||||||
|
33
roles/matrix-awx/tasks/export_server.yml
Normal file
33
roles/matrix-awx/tasks/export_server.yml
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
|
||||||
|
- name: Run export of /matrix/ and snapshot the database simultaneously
|
||||||
|
command: "{{ item }}"
|
||||||
|
with_items:
|
||||||
|
- /bin/sh /usr/local/bin/awx-export-service.sh 1 0
|
||||||
|
- /bin/sh /usr/local/bin/awx-export-service.sh 0 1
|
||||||
|
register: _create_instances
|
||||||
|
async: 3600 # Maximum runtime in seconds.
|
||||||
|
poll: 0 # Fire and continue (never poll)
|
||||||
|
|
||||||
|
- name: Wait for both of these jobs to finish
|
||||||
|
async_status:
|
||||||
|
jid: "{{ item.ansible_job_id }}"
|
||||||
|
register: _jobs
|
||||||
|
until: _jobs.finished
|
||||||
|
delay: 5 # Check every 5 seconds.
|
||||||
|
retries: 720 # Retry for a full hour.
|
||||||
|
with_items: "{{ _create_instances.results }}"
|
||||||
|
|
||||||
|
- name: Schedule deletion of the export in 24 hours
|
||||||
|
at:
|
||||||
|
command: rm /chroot/export/matrix*
|
||||||
|
count: 1
|
||||||
|
units: days
|
||||||
|
unique: yes
|
||||||
|
|
||||||
|
- name: Set boolean value to exit playbook
|
||||||
|
set_fact:
|
||||||
|
end_playbook: true
|
||||||
|
|
||||||
|
- name: End playbook if this task list is called.
|
||||||
|
meta: end_play
|
||||||
|
when: end_playbook is defined and end_playbook|bool
|
@ -1,15 +1,4 @@
|
|||||||
|
|
||||||
- name: Ensure /matrix/awx is empty
|
|
||||||
shell: rm -r /matrix/awx/*
|
|
||||||
ignore_errors: yes
|
|
||||||
|
|
||||||
- name: Ensure /matrix/synapse is empty
|
|
||||||
shell: rm -r /matrix/synapse/*
|
|
||||||
ignore_errors: yes
|
|
||||||
|
|
||||||
- name: Extract from /chroot/export
|
|
||||||
shell: tar -xvzf /chroot/export/matrix.tar.gz -C /matrix/
|
|
||||||
|
|
||||||
- name: Ensure correct ownership of /matrix/awx
|
- name: Ensure correct ownership of /matrix/awx
|
||||||
shell: chown -R matrix:matrix /matrix/awx
|
shell: chown -R matrix:matrix /matrix/awx
|
||||||
|
|
||||||
|
@ -26,6 +26,15 @@
|
|||||||
tags:
|
tags:
|
||||||
- backup-server
|
- backup-server
|
||||||
|
|
||||||
|
# Perform a export of the server
|
||||||
|
- include_tasks:
|
||||||
|
file: "export_server.yml"
|
||||||
|
apply:
|
||||||
|
tags: export-server
|
||||||
|
when: run_setup|bool and matrix_awx_enabled|bool
|
||||||
|
tags:
|
||||||
|
- export-server
|
||||||
|
|
||||||
# Create a user account if called
|
# Create a user account if called
|
||||||
- include_tasks:
|
- include_tasks:
|
||||||
file: "create_user.yml"
|
file: "create_user.yml"
|
||||||
|
@ -5,7 +5,7 @@ matrix_client_hydrogen_enabled: true
|
|||||||
matrix_client_hydrogen_container_image_self_build: true
|
matrix_client_hydrogen_container_image_self_build: true
|
||||||
matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git"
|
matrix_client_hydrogen_container_image_self_build_repo: "https://github.com/vector-im/hydrogen-web.git"
|
||||||
|
|
||||||
matrix_client_hydrogen_version: v0.1.56
|
matrix_client_hydrogen_version: v0.1.57
|
||||||
matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}"
|
matrix_client_hydrogen_docker_image: "{{ matrix_client_hydrogen_docker_image_name_prefix }}vectorim/hydrogen-web:{{ matrix_client_hydrogen_version }}"
|
||||||
matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build }}"
|
matrix_client_hydrogen_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_hydrogen_container_image_self_build }}"
|
||||||
matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}"
|
matrix_client_hydrogen_docker_image_force_pull: "{{ matrix_client_hydrogen_docker_image.endswith(':latest') }}"
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
|
|
||||||
matrix_grafana_enabled: false
|
matrix_grafana_enabled: false
|
||||||
|
|
||||||
matrix_grafana_version: 8.0.0
|
matrix_grafana_version: 8.0.2
|
||||||
matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
|
matrix_grafana_docker_image: "{{ matrix_container_global_registry_prefix }}grafana/grafana:{{ matrix_grafana_version }}"
|
||||||
matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
|
matrix_grafana_docker_image_force_pull: "{{ matrix_grafana_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
|
@ -15,8 +15,8 @@ matrix_synapse_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_cont
|
|||||||
# amd64 gets released first.
|
# amd64 gets released first.
|
||||||
# arm32 relies on self-building, so the same version can be built immediately.
|
# arm32 relies on self-building, so the same version can be built immediately.
|
||||||
# arm64 users need to wait for a prebuilt image to become available.
|
# arm64 users need to wait for a prebuilt image to become available.
|
||||||
matrix_synapse_version: v1.35.1
|
matrix_synapse_version: v1.36.0
|
||||||
matrix_synapse_version_arm64: v1.35.1
|
matrix_synapse_version_arm64: v1.36.0
|
||||||
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
|
matrix_synapse_docker_image_tag: "{{ matrix_synapse_version if matrix_architecture in ['arm32', 'amd64'] else matrix_synapse_version_arm64 }}"
|
||||||
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
|
matrix_synapse_docker_image_force_pull: "{{ matrix_synapse_docker_image.endswith(':latest') }}"
|
||||||
|
|
||||||
|
@ -2977,19 +2977,4 @@ redis:
|
|||||||
password: {{ matrix_synapse_redis_password }}
|
password: {{ matrix_synapse_redis_password }}
|
||||||
|
|
||||||
|
|
||||||
# Enable experimental features in Synapse.
|
|
||||||
#
|
|
||||||
# Experimental features might break or be removed without a deprecation
|
|
||||||
# period.
|
|
||||||
#
|
|
||||||
experimental_features:
|
|
||||||
# Support for Spaces (MSC1772), it enables the following:
|
|
||||||
#
|
|
||||||
# * The Spaces Summary API (MSC2946).
|
|
||||||
# * Restricting room membership based on space membership (MSC3083).
|
|
||||||
#
|
|
||||||
# Uncomment to disable support for Spaces.
|
|
||||||
#spaces_enabled: false
|
|
||||||
|
|
||||||
|
|
||||||
# vim:ft=yaml
|
# vim:ft=yaml
|
||||||
|
@ -51,6 +51,9 @@ matrix_synapse_workers_generic_worker_endpoints:
|
|||||||
- ^/_matrix/client/(api/v1|r0|unstable)/joined_groups$
|
- ^/_matrix/client/(api/v1|r0|unstable)/joined_groups$
|
||||||
- ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups$
|
- ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups$
|
||||||
- ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups/
|
- ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups/
|
||||||
|
- ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/event/
|
||||||
|
- ^/_matrix/client/(api/v1|r0|unstable)/joined_rooms$
|
||||||
|
- ^/_matrix/client/(api/v1|r0|unstable)/search$
|
||||||
|
|
||||||
# Registration/login requests
|
# Registration/login requests
|
||||||
- ^/_matrix/client/(api/v1|r0|unstable)/login$
|
- ^/_matrix/client/(api/v1|r0|unstable)/login$
|
||||||
|
Loading…
Reference in New Issue
Block a user