Compare commits

...

74 Commits

Author SHA1 Message Date
f3553dd154
feat: add automatic creation of reverse-proxy routing 2022-02-24 09:21:18 +01:00
1755867a2d
meta: move inventory structure to be more usable 2022-02-24 09:21:17 +01:00
3854c3ab86
meta: add own inventory, add vault-unlock with GPG 2022-02-24 09:21:17 +01:00
Slavi Pantaleev
87c9ea0dc6
Merge pull request #1651 from GoliathLabs/jitsi
Updated: jitsi to stable-6865
2022-02-23 14:44:37 +02:00
Slavi Pantaleev
d714ee624b
Merge pull request #1653 from PC-Admin/gomatrixhosting-testing
GoMatrixHosting v0.6.9
2022-02-23 14:30:13 +02:00
PC-Admin
c640799864 GoMatrixHosting v0.6.9 - stop re-writing of matrix_homeserver_generic_secret_key 2022-02-23 20:06:46 +08:00
Slavi Pantaleev
dae5240b0c
Merge pull request #1327 from altsalt/default_room_version_9
Update Synapse default room version (6 -> 9)
2022-02-23 08:08:08 +02:00
Wm Salt Hale
46f74c3ac0
Merge branch 'spantaleev:master' into default_room_version_9 2022-02-22 11:05:13 -08:00
Slavi Pantaleev
ef7acce94b Upgrade Synapse (1.52.0 -> 1.53.0) 2022-02-22 15:34:10 +02:00
Slavi Pantaleev
eca7c277b4
Merge pull request #1650 from GoliathLabs/synapse-admin
Updated: synapse-admin to 0.8.5
2022-02-22 14:57:32 +02:00
Slavi Pantaleev
0e6781fba1
Merge pull request #1649 from GoliathLabs/prometheus
Updated: prometheus to v2.33.3
2022-02-22 14:57:16 +02:00
Slavi Pantaleev
389f96b45b
Merge pull request #1648 from GoliathLabs/certbot
Updated: certbot to v1.23.0
2022-02-22 14:56:56 +02:00
Slavi Pantaleev
28df88643a
Merge pull request #1647 from GoliathLabs/grafana
Updated: grafana to 8.4.1
2022-02-22 14:56:34 +02:00
Slavi Pantaleev
22b82001d6
Merge pull request #1646 from GoliathLabs/ddclient
Updated: ddclient to v3.9.1-ls79
2022-02-22 14:56:00 +02:00
Slavi Pantaleev
8ca98582ef
Merge pull request #1645 from GoliathLabs/mautrix-telegram
Updated: mautrix-telegram to v0.11.2
2022-02-22 14:55:39 +02:00
Slavi Pantaleev
f22b6e6e95
Merge pull request #1644 from GoliathLabs/mautrix-signal
Updated: mautrix-signal to v0.2.3
2022-02-22 14:55:18 +02:00
GoliathLabs
b8f6f6a51a
Updated: jitsi to stable-6865 2022-02-22 13:08:28 +01:00
GoliathLabs
7f4d7444a3
Updated: synapse-admin to 0.8.5 2022-02-22 12:54:31 +01:00
GoliathLabs
728123b9ab
Updated: prometheus to v2.33.3 2022-02-22 12:52:00 +01:00
GoliathLabs
e53cc026d0
Updated: certbot to v1.23.0 2022-02-22 12:50:21 +01:00
GoliathLabs
0f251a2104
Updated: grafana to 8.4.1 2022-02-22 12:47:32 +01:00
GoliathLabs
5b96dd609b
Updated: ddclient to v3.9.1-ls79 2022-02-22 12:45:42 +01:00
GoliathLabs
a4ba2ba601
Updated: mautrix-telegram v0.11.2 2022-02-22 12:37:11 +01:00
GoliathLabs
906f192cf3
Updated: mautrix-signal to v0.2.3 2022-02-22 12:33:55 +01:00
Slavi Pantaleev
b711189e47
Merge pull request #1642 from JokerGermany/patch-2
fix typo
2022-02-20 13:26:48 +02:00
JokerGermany
31d3706166
fix typo 2022-02-20 11:56:03 +01:00
Slavi Pantaleev
6089c8b47b
Merge pull request #1640 from AnonyPla/patch-1
Update for changing the federation port into the documentation
2022-02-20 10:55:28 +02:00
AnonyPla
cb5a8e8736
Update for changing the federation port
This is a proposed add to the documentation to inform users how to change the federation port using the ansible playbook for eventual use with third party services such as CDNs.
2022-02-19 10:49:31 +00:00
Slavi Pantaleev
b9bc2c4eb7
Merge pull request #1639 from ChrisKar96/patch-1
Upgrade Element (1.10.3 -> 1.10.4)
2022-02-18 20:41:25 +02:00
Christos Karamolegkos
a6e766a06a
Upgrade Element (1.10.3 -> 1.10.4) 2022-02-18 19:56:22 +02:00
Slavi Pantaleev
2f722e8625
Merge pull request #1634 from pucilpet/master
Changed to: mautrix-whatsapp v0.2.4 tag
2022-02-16 21:07:30 +02:00
Petteri Pucilowski
fe389bd11a Changed to: mautrix-whatsapp v0.2.4 tag 2022-02-16 19:48:41 +02:00
Slavi Pantaleev
0d4d476cd8
Merge pull request #1631 from aaronraimist/postgres
Postgres Minor Updates (14.2, 13.6, 12.10, 11.15, 10.20)
2022-02-16 11:36:13 +02:00
Aaron Raimist
f0e30c76f3
Postgres Minor Updates (14.2, 13.6, 12.10, 11.15, 10.20) 2022-02-16 09:22:25 +00:00
Slavi Pantaleev
c7885e85aa
Merge pull request #1630 from iambeingtracked/patch-1
Update faq.md
2022-02-16 10:33:43 +02:00
iambeingtracked
6b4afd1051
Update faq.md
It had an extra dot, which resulted in a question mark and a dot after each other
2022-02-16 10:25:36 +02:00
Slavi Pantaleev
1ed46f0a86 Remove Jinja2 templating delimiters from when statement
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1629

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1505
2022-02-16 09:36:33 +02:00
Slavi Pantaleev
8b3fad45f9 Upgrade Element (1.10.1 -> 1.10.3)
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1627
2022-02-15 14:04:08 +02:00
Slavi Pantaleev
241e21c702 Fix typo 2022-02-15 07:04:45 +02:00
Slavi Pantaleev
f0ab2ec506 Add support for configuring allow_embedding for Grafana
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1626
2022-02-15 07:03:25 +02:00
Slavi Pantaleev
cfba9b2cf5 Update matrix_encryption_disabler (patch_power_levels feature)
Related to:

- https://github.com/digitalentity/matrix_encryption_disabler/pull/4
- https://github.com/digitalentity/matrix_encryption_disabler/issues/5
- https://github.com/digitalentity/matrix_encryption_disabler/pull/6
2022-02-14 10:39:14 +02:00
Slavi Pantaleev
5eeb0156b1 Bump matrix_encryption_disabler "version" 2022-02-12 09:55:59 +02:00
Slavi Pantaleev
fb4c6961e9 Announce matrix_encryption_disabler support
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1621
2022-02-12 09:38:53 +02:00
Slavi Pantaleev
f44ca0c7c2 Add support for matrix_encryption_disabler
Related to https://github.com/matrix-org/synapse/issues/4401

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1621
2022-02-12 09:25:24 +02:00
Slavi Pantaleev
c8d924147c
Merge pull request #1622 from FSG-Cat/patch-1
Update Hydrogen from v0.2.25 to v0.2.26
2022-02-12 08:54:48 +02:00
Catalan Lover
cc412dfffe
Update Hydrogen from v0.2.25 to v0.2.26 2022-02-12 00:37:40 +01:00
Slavi Pantaleev
85c66a944f Remove useless cast 2022-02-11 20:05:32 +02:00
Slavi Pantaleev
0ce68b1ca5
Merge pull request #1374 from spantaleev/shared-secret-auth-v2
Upgrade matrix-synapse-shared-secret-auth (1.0.2 -> 2.0)
2022-02-11 10:55:52 +02:00
Slavi Pantaleev
5a69c899a3 Upgrade matrix-synapse-shared-secret-auth (1.0.2 -> 2.0.2)
For now, we disable the new `com.devture.shared_secret_auth` login type
by default, because it causes problems with Element:
https://github.com/vector-im/element-web/issues/19605

This also becomes the first module to use the new Synapse module system
that got introduced in Synapse v1.46.0.

Despite these upgrades, things should remain functionally identical
as far as bridges, matrix-corporal or other consumers are concerned.
2022-02-11 10:23:50 +02:00
Slavi Pantaleev
fa9b69e213
Merge pull request #1614 from Wunderharke/master
add basic fedora support
2022-02-11 08:37:12 +02:00
Slavi Pantaleev
e2e5db3b89
Do not use misleading with_items for a single file 2022-02-11 08:36:05 +02:00
Slavi Pantaleev
6c47b447e3
Do not use misleading with_items for a single file 2022-02-11 08:35:39 +02:00
Slavi Pantaleev
b7df6ceebb
Merge pull request #1618 from ZzMzaw/feat/ssl-doc-update
Add missing endpoints for SSL certificates
2022-02-11 08:17:44 +02:00
ZzMzaw
6576d4596e Add missing endpoints for SSL certificates
Playbook is retrieving certificates for some endpoints which were
not listed in the doc
2022-02-11 06:56:37 +01:00
Wunderharke
a24f7626bd 7330992b20 fixed the major_version compare and made foedora deployments to use setup_redhat8.yml. This however broke the script on fedora as there is no EPEL package. This commit add very basic fedora support. 2022-02-09 16:56:14 +01:00
Slavi Pantaleev
7330992b20 Do not compare ansible_distribution_major_version as a string
Fedora 35 is:

- `ansible_os_family = 'RedHat'`
- `ansible_distribution_major_version = '35'`

Our RedHat checks against v7/v8 are really for RHEL derivatives (CentOS, Rockylinux,
AlmaLinux), but the same checks (by coincidence) apply for Fedora 35.

The problem is that `'35' > '7'` (comparing these as strings) is
`false`.

This patch makes sure that we always cast
`ansible_distribution_major_version` to an integer.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1610
2022-02-09 16:20:09 +02:00
Slavi Pantaleev
e09694f5ef
Merge pull request #1613 from Marwel/master
some yamllint ignoring
2022-02-09 16:12:12 +02:00
Marko Weltzer
3ad454e06d
Merge branch 'spantaleev:master' into master 2022-02-09 15:04:10 +01:00
Marko Weltzer
43a7cd2efc fix: ignore generated file on yamllint 2022-02-09 15:03:39 +01:00
Slavi Pantaleev
e0df99a7de Fix typo 2022-02-09 14:03:06 +02:00
Marko Weltzer
f92e6ad7b9 fix: disable yamllint on ci line, "on" is not always truthy 2022-02-09 11:19:31 +01:00
Slavi Pantaleev
156a03d93d
Merge pull request #1606 from Marwel/master
yamllint all the things
2022-02-09 10:42:32 +02:00
Slavi Pantaleev
94c9780f7a
Fix matrix_synapse_encryption_enabled_by_default_for_room_type
The value of `off` was taken to be a boolean, but it shouldn't be.

Synapse expects a string (currently one of: `all`, `invite`, `off`).
2022-02-09 10:38:28 +02:00
Slavi Pantaleev
5addb889b1
Fix inconsistent spacing 2022-02-09 10:27:12 +02:00
Marko Weltzer
d27e623c71 fix: manually merge upstream 2022-02-09 09:01:56 +01:00
Marko Weltzer
8e8bf55e15 fix: missing spaces on closing } 2022-02-09 08:52:53 +01:00
Marko Weltzer
902b40fa1b Merge remote-tracking branch 'origin/master' 2022-02-06 11:30:45 +01:00
Marko Weltzer
de025425b5 fix: revert changes to .md files 2022-02-06 11:30:38 +01:00
Marko Weltzer
819574b8ba
Merge branch 'spantaleev:master' into master 2022-02-05 21:37:53 +01:00
Marko Weltzer
8de4e061e1 feat: add yamllint gh action 2022-02-05 21:36:11 +01:00
Marko Weltzer
7e5b88c3b7 fix: all praise the allmighty yamllinter 2022-02-05 21:32:54 +01:00
Wm Salt Hale
ad8d4740a7
Merge branch 'spantaleev:master' into default_room_version_9 2022-01-18 14:56:25 -08:00
Wm Salt Hale
3001b2d32d
Merge branch 'spantaleev:master' into default_room_version_9 2021-12-14 18:19:26 -08:00
Wm Salt Hale
a1cbd5459c
Update Synapse default room version (6 -> 9)
From the [Synapse 1.43.0 release highlights](https://matrix.org/blog/2021/09/21/synapse-1-43-0-released):
> Asks clients to prefer [room version 9](https://github.com/matrix-org/matrix-doc/pull/3375) when creating restricted rooms ([#10772](https://github.com/matrix-org/synapse/issues/10772)), via the API defined in [MSC3244: room version capabilities](https://github.com/matrix-org/matrix-doc/pull/3244).
2021-10-12 09:49:16 -07:00
394 changed files with 2511 additions and 1366 deletions

1
.github/FUNDING.yml vendored
View File

@ -1,3 +1,4 @@
---
# These are supported funding model platforms # These are supported funding model platforms
# https://liberapay.com/s.pantaleev/ # https://liberapay.com/s.pantaleev/

7
.github/dependabot.yaml vendored Normal file
View File

@ -0,0 +1,7 @@
---
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: daily

16
.github/workflows/matrix.yml vendored Normal file
View File

@ -0,0 +1,16 @@
---
name: Matrix CI
on: # yamllint disable-line rule:truthy
push:
pull_request:
jobs:
yamllint:
name: 🧹 yamllint
runs-on: ubuntu-latest
steps:
- name: ⤵️ Check out configuration from GitHub
uses: actions/checkout@v2.4.0
- name: 🚀 Run yamllint
uses: frenck/action-yamllint@v1.1.2

4
.gitignore vendored
View File

@ -1,7 +1,3 @@
/inventory/*
!/inventory/.gitkeep
!/inventory/host_vars/.gitkeep
!/inventory/scripts
/roles/*/files/scratchpad /roles/*/files/scratchpad
.DS_Store .DS_Store
.python-version .python-version

8
.yamllint Normal file
View File

@ -0,0 +1,8 @@
---
extends: default
ignore: |
roles/matrix-synapse/vars/workers.yml
rules:
line-length: disable

View File

@ -1,3 +1,12 @@
# 2022-02-12
## matrix_encryption_disabler support
We now support installing the [matrix_encryption_disabler](https://github.com/digitalentity/matrix_encryption_disabler) Synapse module, which lets you prevent End-to-End-Encryption from being enabled by users on your homeserver. The popular opinion is that this is dangerous and shouldn't be done, but there are valid use cases for disabling encryption discussed [here](https://github.com/matrix-org/synapse/issues/4401).
To enable this module (and prevent encryption from being used on your homserver), add `matrix_synapse_ext_encryption_disabler_enabled: true` to your configuration. This module provides further customization. Check its other configuration settings (and defaults) in `roles/matrix-synapse/defaults/main.yml`.
# 2022-02-01 # 2022-02-01
## matrix-hookshot bridging support ## matrix-hookshot bridging support

View File

@ -1,6 +1,11 @@
[defaults] [defaults]
vault_password_file = gpg/open_vault.sh
retry_files_enabled = False retry_files_enabled = False
stdout_callback = yaml stdout_callback = yaml
inventory = inventory/hosts
[connection] [connection]
pipelining = True pipelining = True

View File

@ -47,3 +47,20 @@ matrix_synapse_federation_port_enabled: false
# This removes the `8448` virtual host from the matrix-nginx-proxy reverse-proxy server. # This removes the `8448` virtual host from the matrix-nginx-proxy reverse-proxy server.
matrix_nginx_proxy_proxy_matrix_federation_api_enabled: false matrix_nginx_proxy_proxy_matrix_federation_api_enabled: false
``` ```
## Changing the federation port from 8448 to a different port to use a CDN that only accepts 443/80 ports
Why? This change could be useful for people running small Synapse instances on small severs/VPSes to avoid being impacted by a simple DOS/DDOS when bandwidth, RAM, an CPU resources are limited and if your hosting provider does not provide a DOS/DDOS protection.
The following changes in the configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`) will allow this and make it possible to proxy the federation through a CDN such as CloudFlare or any other:
```
matrix_synapse_http_listener_resource_names: ["client","federation"]
# Any port can be used but in this case we use 443
matrix_federation_public_port: 443
matrix_synapse_federation_port_enabled: false
# Note that the following change might not be "required per se" but probably will be due to the proxying of the traffic through the CDN proxy servers (CloudFlare for instance). The security impact of doing this should be minimal as your CDN itself will encrypt the traffic no matter what on their proxy servers. You could however first try and see if federation works while setting the following to true.
matrix_synapse_tls_federation_listener_enabled: false
```
**Use this at you own risk as all the possible side-effects of doing this are not fully known. However, it has been tested and works fine and passes all the tests on <https://federationtester.matrix.org/> without issues.**

View File

@ -67,8 +67,13 @@ By default, it obtains certificates for:
- `matrix.<your-domain>` (`matrix_server_fqn_matrix`) - `matrix.<your-domain>` (`matrix_server_fqn_matrix`)
- possibly for `element.<your-domain>`, unless you have disabled the [Element client component](configuring-playbook-client-element.md) using `matrix_client_element_enabled: false` - possibly for `element.<your-domain>`, unless you have disabled the [Element client component](configuring-playbook-client-element.md) using `matrix_client_element_enabled: false`
- possibly for `riot.<your-domain>`, if you have explicitly enabled Riot to Element redirection (for background compatibility) using `matrix_nginx_proxy_proxy_riot_compat_redirect_enabled: true` - possibly for `riot.<your-domain>`, if you have explicitly enabled Riot to Element redirection (for background compatibility) using `matrix_nginx_proxy_proxy_riot_compat_redirect_enabled: true`
- possibly for `hydrogen.<your-domain>`, if you have explicitly [set up Hydrogen client](configuring-playbook-client-hydrogen.md).
- possibly for `cinny.<your-domain>`, if you have explicitly [set up Cinny client](configuring-playbook-client-cinny.md).
- possibly for `dimension.<your-domain>`, if you have explicitly [set up Dimension](configuring-playbook-dimension.md). - possibly for `dimension.<your-domain>`, if you have explicitly [set up Dimension](configuring-playbook-dimension.md).
- possibly for `goneb.<your-domain>`, if you have explicitly [set up Go-NEB bot](configuring-playbook-bot-go-neb.md).
- possibly for `jitsi.<your-domain>`, if you have explicitly [set up Jitsi](configuring-playbook-jitsi.md). - possibly for `jitsi.<your-domain>`, if you have explicitly [set up Jitsi](configuring-playbook-jitsi.md).
- possibly for `stats.<your-domain>`, if you have explicitly [set up Grafana](configuring-playbook-prometheus-grafana.md).
- possibly for `sygnal.<your-domain>`, if you have explicitly [set up Sygnal](configuring-playbook-sygnal.md).
- possibly for your base domain (`<your-domain>`), if you have explicitly configured [Serving the base domain](configuring-playbook-base-domain-serving.md) - possibly for your base domain (`<your-domain>`), if you have explicitly configured [Serving the base domain](configuring-playbook-base-domain-serving.md)
If you are hosting other domains on the Matrix machine, you can make the playbook obtain and renew certificates for those other domains too. If you are hosting other domains on the Matrix machine, you can make the playbook obtain and renew certificates for those other domains too.

View File

@ -226,7 +226,7 @@ Using a separate domain name is easier to manage (although it's a little hard to
We allow `matrix.DOMAIN` to be the Matrix server handling Matrix stuff for `DOMAIN` by [Server Delegation](howto-server-delegation.md). During the installation procedure, we recommend that you set up server delegation using the [.well-known](configuring-well-known.md) method. We allow `matrix.DOMAIN` to be the Matrix server handling Matrix stuff for `DOMAIN` by [Server Delegation](howto-server-delegation.md). During the installation procedure, we recommend that you set up server delegation using the [.well-known](configuring-well-known.md) method.
If you'd really like to install Matrix services directly on the base domain, see [How do I install on matrix.DOMAIN without involving the base DOMAIN?](#how-do-i-install-on-matrixdomain-without-involving-the-base-domain). If you'd really like to install Matrix services directly on the base domain, see [How do I install on matrix.DOMAIN without involving the base DOMAIN?](#how-do-i-install-on-matrixdomain-without-involving-the-base-domain)
### I don't control anything on the base domain and can't set up delegation to matrix.DOMAIN. What do I do? ### I don't control anything on the base domain and can't set up delegation to matrix.DOMAIN. What do I do?

View File

@ -1,3 +1,4 @@
---
version: '3' version: '3'
services: services:
nginx: nginx:

View File

@ -1,3 +1,4 @@
---
# The bare domain name which represents your Matrix identity. # The bare domain name which represents your Matrix identity.
# Matrix user ids for your server will be of the form (`@user:<matrix-domain>`). # Matrix user ids for your server will be of the form (`@user:<matrix-domain>`).
# #

5
gpg/open_vault.sh Executable file
View File

@ -0,0 +1,5 @@
#!/bin/bash
set -e -u
gpg2 --batch --use-agent --decrypt $(dirname $0)/vault_passphrase.gpg 2>/dev/null

18
gpg/vault_passphrase.gpg Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN PGP MESSAGE-----
hQIMAxEs7W/4x4lxARAAssinIzR2rGs+Qkm0Q2tRdSXSXRx3OhH+2T5p0Rz3YkqU
iyiUtyT/Ll7RMUAlAEDZITvirXe4ZZImDcxQegEzFgO7BowQYJDRdhaRmLKZpiuQ
foRnJAAR12sf49arjJjaBQb91ViOp5MkxAtXiiqWyXwSSII+cV88flMq143cFmfC
C5OdIQd3SqrbFhGRTjUzoIMqnJH8xksjwph9GS811dY14rQv5X1Ybt5zehMJ7/m/
luLNg2zgQgYOUxcovddCVMI54ThXyDubDox/5xLvVjyVOFHgwC/VLn+QXHuPY/r5
+rVzz/30eq0uOLKD3LnDBQskCWRVWGC2ulKaZtlylBq6KRzIM6c6+VPSHCjoFyES
RRpRHeIXGLs31eLkr8dc+VNbPKpMsjm/E/4ZVE2JBpy7S/kh1XYVQxT6ahDKT1tD
4YN9O0JyNXzjiyNaTTLwNGh5+ICEd3ZCfa4O/og2LySGPOw6mX8ukgP029LHVp6+
0tRwSWiIM3US/NIVGA+o9e9I/I5Bp/cnzJgd7faUIlzcVPP+euCbo4GsYWpX3Nca
eRcr7AVY3wwuZtl7/s8KbQKk0ulLxS4Lo2XmdpQl8CPGwASdbMf/H8B256+xiUQ3
ml400ZaCC7Loeduwl1ez1H/dFFzmpUziaxxtWW4aFtOUYhGeSCTu6ZIgxVq3eBnS
jAGv8bt+0Xnrpih3mZWM92cw2VKfzYD9WG+dCB4DtZMKhl1ub2bkeTC/B9F+QuP6
anlonYHs2wmPXzjcx8ajonbYrYXanoNRHDId6OqVAbjYqbua6TG6H9LUFweIj1RV
yhUPejzhA8xEB0nUcKJZKLvuqvwPbr06GODnAKY5TQ4yILMAnBx0pNzfQNzo
=Cecg
-----END PGP MESSAGE-----

View File

@ -1128,8 +1128,6 @@ matrix_corporal_matrix_registration_shared_secret: "{{ matrix_synapse_registrati
# #
###################################################################### ######################################################################
###################################################################### ######################################################################
# #
# matrix-coturn # matrix-coturn
@ -1164,8 +1162,6 @@ matrix_coturn_container_additional_volumes: |
# #
###################################################################### ######################################################################
###################################################################### ######################################################################
# #
# matrix-dimension # matrix-dimension
@ -1243,8 +1239,6 @@ matrix_dynamic_dns_enabled: false
# #
###################################################################### ######################################################################
###################################################################### ######################################################################
# #
# matrix-email2matrix # matrix-email2matrix
@ -1261,8 +1255,6 @@ matrix_email2matrix_container_image_self_build: "{{ matrix_architecture not in [
# #
###################################################################### ######################################################################
###################################################################### ######################################################################
# #
# matrix-jitsi # matrix-jitsi
@ -1307,8 +1299,6 @@ matrix_jitsi_etherpad_base: "{{ matrix_etherpad_base_url if matrix_etherpad_enab
# #
###################################################################### ######################################################################
###################################################################### ######################################################################
# #
# matrix-mailer # matrix-mailer
@ -1328,8 +1318,6 @@ matrix_mailer_container_image_self_build: "{{ matrix_architecture not in ['amd64
# #
###################################################################### ######################################################################
###################################################################### ######################################################################
# #
# matrix-ma1sd # matrix-ma1sd
@ -1393,8 +1381,6 @@ matrix_ma1sd_database_password: "{{ '%s' | format(matrix_homeserver_generic_secr
# #
###################################################################### ######################################################################
###################################################################### ######################################################################
# #
# matrix-nginx-proxy # matrix-nginx-proxy
@ -1570,8 +1556,6 @@ matrix_ssl_pre_obtaining_required_service_name: "{{ 'matrix-dynamic-dns' if matr
# #
###################################################################### ######################################################################
###################################################################### ######################################################################
# #
# matrix-postgres # matrix-postgres
@ -1820,8 +1804,6 @@ matrix_postgres_import_databases_to_ignore: |
# #
###################################################################### ######################################################################
###################################################################### ######################################################################
# #
# matrix-sygnal # matrix-sygnal
@ -1842,8 +1824,6 @@ matrix_sygnal_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enable
# #
###################################################################### ######################################################################
###################################################################### ######################################################################
# #
# matrix-redis # matrix-redis
@ -1858,8 +1838,6 @@ matrix_redis_enabled: "{{ matrix_synapse_workers_enabled }}"
# #
###################################################################### ######################################################################
###################################################################### ######################################################################
# #
# matrix-client-element # matrix-client-element
@ -1907,8 +1885,6 @@ matrix_client_element_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matr
# #
###################################################################### ######################################################################
###################################################################### ######################################################################
# #
# matrix-client-hydrogen # matrix-client-hydrogen
@ -1932,8 +1908,6 @@ matrix_client_hydrogen_self_check_validate_certificates: "{{ false if matrix_ssl
# #
###################################################################### ######################################################################
###################################################################### ######################################################################
# #
# matrix-client-cinny # matrix-client-cinny
@ -1959,8 +1933,6 @@ matrix_client_cinny_self_check_validate_certificates: "{{ false if matrix_ssl_re
# #
###################################################################### ######################################################################
###################################################################### ######################################################################
# #
# matrix-synapse # matrix-synapse
@ -2071,8 +2043,6 @@ matrix_synapse_redis_password: "{{ matrix_redis_connection_password if matrix_re
# #
###################################################################### ######################################################################
###################################################################### ######################################################################
# #
# matrix-synapse-admin # matrix-synapse-admin
@ -2094,8 +2064,6 @@ matrix_synapse_admin_container_image_self_build: "{{ matrix_architecture != 'amd
# #
###################################################################### ######################################################################
###################################################################### ######################################################################
# #
# matrix-prometheus-node-exporter # matrix-prometheus-node-exporter
@ -2110,8 +2078,6 @@ matrix_prometheus_node_exporter_enabled: false
# #
###################################################################### ######################################################################
###################################################################### ######################################################################
# #
# matrix-prometheus # matrix-prometheus
@ -2145,7 +2111,6 @@ matrix_prometheus_scraper_hookshot_targets: "{{ [matrix_hookshot_container_url|s
# #
###################################################################### ######################################################################
###################################################################### ######################################################################
# #
# matrix-prometheus-postgres-exporter # matrix-prometheus-postgres-exporter
@ -2201,8 +2166,6 @@ matrix_grafana_systemd_wanted_services_list: |
# #
###################################################################### ######################################################################
###################################################################### ######################################################################
# #
# matrix-registration # matrix-registration

View File

@ -0,0 +1,339 @@
#
# General config
# Domain of the matrix server and SSL config
#
matrix_domain: finallycoffee.eu
matrix_ssl_retrieval_method: none
matrix_nginx_proxy_enabled: false
matrix_base_data_path: "{{ vault_matrix_base_data_path }}"
matrix_server_fqn_element: "chat.{{ matrix_domain }}"
web_user: "web"
revproxy_autoload_dir: "/vault/services/web/sites.d"
#matrix_client_element_version: v1.8.4
#matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:v1.37.1"
#matrix_mautrix_telegram_version: v0.10.0
#
# General Synapse config
#
matrix_postgres_connection_password: "{{ vault_matrix_postgres_connection_password }}"
# A secret used to protect access keys issued by the server.
matrix_homeserver_generic_secret_key: "{{ vault_homeserver_generic_secret_key }}"
# Make synapse accept larger media aswell
matrix_synapse_max_upload_size_mb: 100
# Enable metrics at (default) :9100/_synapse/metrics
matrix_synapse_metrics_enabled: true
matrix_synapse_enable_group_creation: true
matrix_synapse_turn_shared_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
matrix_synapse_turn_uris:
- "turns:voip.matrix.finallycoffee.eu?transport=udp"
- "turns:voip.matrix.finallycoffee.eu?transport=tcp"
# Auto-join all users into those rooms
matrix_synapse_auto_join_rooms:
- "#welcome:finallycoffee.eu"
- "#announcements:finallycoffee.eu"
## Synapse rate limits
matrix_synapse_rc_federation:
window_size: 1000
sleep_limit: 25
sleep_delay: 500
reject_limit: 50
concurrent: 5
matrix_synapse_rc_message:
per_second: 0.5
burst_count: 25
## Synapse cache tuning
matrix_synapse_caches_global_factor: 0.7
matrix_synapse_event_cache_size: "200K"
## Synapse workers
matrix_synapse_workers_enabled: true
matrix_synapse_workers_preset: "little-federation-helper"
matrix_synapse_workers_generic_worker_client_server_count: 0
matrix_synapse_workers_media_repository_workers_count: 0
matrix_synapse_workers_federation_sender_workers_count: 1
matrix_synapse_workers_pusher_workers_count: 0
matrix_synapse_workers_appservice_workers_count: 1
# Static secret auth for matrix-synapse-shared-secret-auth
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "{{ vault_matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
matrix_synapse_ext_password_provider_rest_auth_enabled: true
matrix_synapse_ext_password_provider_rest_auth_endpoint: "http://matrix-ma1sd:8090"
matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false
matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false
# Enable experimental spaces support
matrix_synapse_configuration_extension_yaml: |
experimental_features:
spaces_enabled: true
#
# synapse-admin tool
#
matrix_synapse_admin_enabled: true
matrix_synapse_admin_container_http_host_bind_port: 8985
#
# VoIP / CoTURN config
#
# A shared secret (between Synapse and Coturn) used for authentication.
matrix_coturn_turn_static_auth_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
# Disable coturn, as we use own instance
matrix_coturn_enabled: false
#
# dimension (integration manager) config
#
matrix_dimension_enabled: true
matrix_dimension_admins: "{{ vault_matrix_dimension_admins }}"
matrix_server_fqn_dimension: "dimension.matrix.{{ matrix_domain }}"
matrix_dimension_access_token: "{{ vault_matrix_dimension_access_token }}"
matrix_dimension_configuration_extension_yaml: |
telegram:
botToken: "{{ vault_matrix_dimension_configuration_telegram_bot_token }}"
#
# mautrix-whatsapp config
#
matrix_mautrix_whatsapp_enabled: true
matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port: 9402
matrix_mautrix_whatsapp_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}"
matrix_mautrix_whatsapp_configuration_extension_yaml: |
bridge:
displayname_template: "{% raw %}{{.Name}} ({{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}}) (via WhatsApp){% endraw %}"
max_connection_attempts: 5
connection_timeout: 30
contact_wait_delay: 5
private_chat_portal_meta: true
login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
logging:
print_level: info
metrics:
enabled: true
listen: 0.0.0.0:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}
whatsapp:
os_name: Linux mautrix-whatsapp
browser_name: Chrome
#
# mautrix-telegram config
#
matrix_mautrix_telegram_enabled: true
matrix_mautrix_telegram_api_id: "{{ vault_matrix_mautrix_telegram_api_id }}"
matrix_mautrix_telegram_api_hash: "{{ vault_matrix_mautrix_telegram_api_hash }}"
matrix_mautrix_telegram_public_endpoint: '/bridge/telegram'
matrix_mautrix_telegram_container_http_monitoring_host_bind_port: 9401
matrix_mautrix_telegram_container_http_host_bind_port_public: 8980
matrix_mautrix_telegram_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}"
- "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_host_bind_port_public }}:80"
matrix_mautrix_telegram_configuration_extension_yaml: |
bridge:
displayname_template: "{displayname} (via Telegram)"
parallel_file_transfer: false
inline_images: false
image_as_file_size: 20
delivery_receipts: true
login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
animated_sticker:
target: webm
encryption:
allow: true
default: true
permissions:
"@transcaffeine:finallycoffee.eu": "admin"
"gruenhage.xyz": "full"
logging:
root:
level: INFO
metrics:
enabled: true
listen_port: {{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}
# permissions: "{{ vault_matrix_mautrix_telegram_permission_map | from_yaml }}"
#
# mautrix-signal config
#
matrix_mautrix_signal_enabled: true
matrix_mautrix_signal_container_http_monitoring_host_bind_port: 9408
matrix_mautrix_signal_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}"
matrix_mautrix_signal_configuration_extension_yaml: |
bridge:
displayname_template: "{displayname} (via Signal)"
community_id: "+signal:finallycoffee.eu"
encryption:
allow: true
default: true
key_sharing:
allow: true
require_verification: false
delivery_receipts: true
logging:
root:
level: INFO
metrics:
enabled: true
listen_port: {{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}
#
# mx-puppet-instagram configuration
#
matrix_mx_puppet_instagram_enabled: true
matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port: 9403
matrix_mx_puppet_instagram_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}"
matrix_mx_puppet_instagram_configuration_extension_yaml: |
bridge:
enableGroupSync: true
avatarUrl: mxc://finallycoffee.eu/acmiSAinuHDOULofFFeolTvr
metrics:
enabled: true
port: {{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}
path: /metrics
presence:
enabled: true
interval: 3000
#
# mx-puppet-skype configuration
#
matrix_mx_puppet_skype_enabled: true
matrix_mx_puppet_skype_container_http_monitoring_host_bind_port: 9405
matrix_mx_puppet_skype_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}"
matrix_mx_puppet_skype_configuration_extension_yaml: |
bridge:
enableGroupSync: true
avatarUrl: mxc://finallycoffee.eu/jjXDuFqtpFOBOnywoHgzTuYt
metrics:
enabled: true
port: {{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}
path: /metrics
#
# mx-puppet-discord configuration
#
matrix_mx_puppet_discord_enabled: true
matrix_mx_puppet_discord_client_id: "{{ vault_matrix_mx_puppet_discord_client_id }}"
matrix_mx_puppet_discord_client_secret: "{{ vault_matrix_mx_puppet_discord_client_secret }}"
matrix_mx_puppet_discord_container_http_monitoring_host_bind_port: 9404
matrix_mx_puppet_discord_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}"
matrix_mx_puppet_discord_configuration_extension_yaml: |
bridge:
enableGroupSync: true
avatarUrl: mxc://finallycoffee.eu/BxcAAhjXmglMbtthStEHtCzd
metrics:
enabled: true
port: {{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}
path: /metrics
limits:
maxAutojoinUsers: 500
roomUserAutojoinDelay: 50
presence:
enabled: true
interval: 3000
#
# mx-puppet-slack configuration
#
matrix_mx_puppet_slack_enabled: true
matrix_mx_puppet_slack_client_id: "{{ vault_matrix_mx_puppet_slack_client_id }}"
matrix_mx_puppet_slack_client_secret: "{{ vault_matrix_mx_puppet_slack_client_secret }}"
matrix_mx_puppet_slack_redirect_path: '/bridge/slack/oauth'
matrix_mx_puppet_slack_container_http_auth_host_bind_port: 8981
matrix_mx_puppet_slack_container_http_monitoring_host_bind_port: 9406
matrix_mx_puppet_slack_container_extra_arguments:
- "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}"
- "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_auth_host_bind_port }}:8008"
matrix_mx_puppet_slack_configuration_extension_yaml: |
bridge:
enableGroupSync: true
metrics:
enabled: true
port: {{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}
path: /metrics
limits:
maxAutojoinUsers: 500
roomUserAutojoinDelay: 50
presence:
enabled: true
interval: 3000
#
# Element web configuration
#
# Branding config
matrix_client_element_brand: "Chat"
matrix_client_element_default_theme: "dark"
matrix_client_element_themes_enabled: true
matrix_client_element_welcome_headline: "Welcome to chat.finallycoffee.eu"
matrix_client_element_welcome_text: |
Decentralised, encrypted chat &amp; collaboration,<br />
hosted on finallycoffee.eu, powered by element.io &amp;
<a href="https://matrix.org" target="_blank" rel="noreferrer noopener">
<img width="79" height="34" alt="[matrix]" style="padding-left: 1px;vertical-align: middle" src="welcome/images/matrix.svg" />
</a>
matrix_client_element_welcome_logo: "welcome/images/logo.png"
matrix_client_element_welcome_logo_link: "https://{{ matrix_domain }}"
matrix_client_element_branding_authHeaderLogoUrl: "welcome/images/logo.png"
matrix_client_element_branding_welcomeBackgroundUrl: "welcome/images/background.jpg"
matrix_client_element_container_extra_arguments:
- "-v {{ matrix_client_element_data_path }}/background.jpg:/app/{{ matrix_client_element_branding_welcomeBackgroundUrl }}:ro"
- "-v {{ matrix_client_element_data_path }}/logo.png:/app/{{ matrix_client_element_branding_authHeaderLogoUrl }}:ro"
# Integration and capabilites config
matrix_client_element_integrations_ui_url: "https://{{ matrix_server_fqn_dimension }}/element"
matrix_client_element_integrations_rest_url: "https://{{ matrix_server_fqn_dimension }}/api/v1/scalar"
matrix_client_element_integrations_widgets_urls:
- "https://{{ matrix_server_fqn_dimension }}/widgets"
- "https://scalar.vector.im/api"
matrix_client_element_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_dimension }}/widgets/jitsi"
matrix_client_element_disable_custom_urls: false
matrix_client_element_roomdir_servers:
- "matrix.org"
- "finallycoffee.eu"
- "entropia.de"
matrix_client_element_enable_presence_by_hs_url:
https://matrix.org: false
# Matrix ma1sd extended configuration
matrix_ma1sd_configuration_extension_yaml: |
hashing:
enabled: true
pepperLength: 20
rotationPolicy: per_requests
requests: 10
hashStorageType: sql
algorithms:
- none
- sha256
# Matrix mail notification relay setup
matrix_mailer_enabled: true
matrix_mailer_sender_address: "Matrix on finallycoffee.eu <system-matrix@{{ matrix_domain }}>"
matrix_mailer_relay_use: true
matrix_mailer_relay_host_name: "{{ vault_matrix_mailer_relay_host_name }}"
matrix_mailer_relay_host_port: 587
matrix_mailer_relay_auth: true
matrix_mailer_relay_auth_username: "{{ vault_matrix_mailer_relay_auth_username }}"
matrix_mailer_relay_auth_password: "{{ vault_matrix_mailer_relay_auth_password }}"

View File

@ -0,0 +1,100 @@
$ANSIBLE_VAULT;1.1;AES256
39366364363633336238333130353832663162393038633665396333343732353964333363666539
6562346632343235623835643735386434316666393234360a383634616537393134613631383836
61333835363666623033306166376232303930306433343366373463653234623736643633383734
3330333665383539650a383132353032386230393031626361343764323034386230363066306331
34646236336262623435633566363033613737373064616266336237343233663066396163373034
62303765353066653737366539626461636531636438323932333134363136363134646164646531
63656638666233313437663261396665653736373164323433306435323336633938313164646264
33653661633965363833393031616463633761356234633630643562306366653133366637346166
38636433343736343461613731623538633361363934343764326466313261353633646230353065
37366134303164356433333961346663313963626165323966656536313532376162326565383539
65363333633964323838663461373666353665643236623839646664653661613838353239613137
39353061323131306365656261343630313665356165623064616436653566373663343733316237
34393666383465323463313838393465643830373632373938633763666636346539666233303265
38353337633833373331356663633936326334366337393135653030333531613565643666633038
64393862303765366632393137313432376563353335353231323464633637343334346634306534
35613330373336633031376263306466306437656635396133613335386130346163663438386136
61646437343938663431343736363564376238316666373531616231366132643864346538363866
35396433366137356162313963666134383134306462313336613735386639363936326131383939
66623833643433663039623837623133303336666233623935313438366136353332313165333936
31386632336535383533646639636164313331346630633366383739623261366465656632393062
63373332623738303364623437666531396331646666336230353333366261653438363861656466
39333762633037383336393164616563396564383232636533363864636230616664303330323932
66666234633362346132303932643464366466323535303835363430333737666661373534333934
61393362616438626636383564613335363634626231663234616438343464383461303632363033
39336362396339316661323662393665383031643931626333646335643335353661653939363538
38666561313539613566386132336630643237333432656236356132616230663561343665353938
33366663353834356434366335373265373439363430636533303933656264366338623232613435
35356662383232386137313064313363303861326635333435393737643663336534363234623430
32376432353330613666396337303935376366613564353039396164383361616337656535346166
34396635356266326461613135303639643935363261396363636338636564643838313262326266
31663139343336376233303637373864363835313839326433656235616332333134306139623239
37636639356263646437373362333931613262363363313462666534643765313139386461623731
33376635653133353033333733613464396632636634313063326363313030376632643863336237
61636638353237313764313435626463633964643665313536326235343639663137373436303564
30636232626137376339303238653664346538356430306238633037366332316263623666373062
63646533646131303466653637346463613237323161313265613834383634626237323563653733
38656435303264346663663465333966376631666530333833353233376263336436613065366362
36366263343438393132326661623031316663663231663464383732343064383234616636306530
66613634626362316533303034393063666632343262613431613635663866636433623535363238
30643933613731363236346234336662613633323831633437613435326465383530653765616262
63373538396364316563343365303134373466663639386137663564356532353531343636613135
63316463353264316164306566326462333732316431643939626161346530636638636662303037
34346461313961613063336332333934383363373335616636363661396362613661383762663866
64303834636264376461396266663763336665356561376161333136336638646363313133353161
31643061623833623239373432633537663664636334623534326639616633616361333834366131
30376361656238353332656666316637643133623433333861653265636266376639666135383638
37363337326231656530363536393737383565666266306532626361633633353539363866376534
61303737326632303762626666306134343837376566343035386663613336626332383035383035
37633462373066373062313862323766316362393832666466396637363562353865303366323062
39346332383966313437646138623364656234663066663639663138626163656433363038323166
65613862386665643438323061323763306635666162303366323131363436633335356332393366
63373966383132303434633835333438333337303664346335643066623839343835643364306561
34643336346564363462396330643263653931376664386335313433376332653832323437376135
35383231386133363236653334393433306638303131323064343931623538323130343666653061
36353536383632333964343730346265626433303131346531303133663832363036333261386237
30363361356265356139323761623563396565336137333733656431636531333234323061343862
33623935346663333735613661363234646234356331323636386637343661373363363261646231
33643233343235323230393933616664623166666266333862323631653835666135303233653635
63373061656163353762636531613632366638383366303864343132376162643963366564363563
61336338613935613532636165383463633866633036393533313433643562313737383431353163
37623165373933376236393931363939633963666636303136373065376635623761346537643530
35363464313630376233633863306238616138666464316534363332333937343362343233346431
34643032323934353939666364323239653932363735373061633434653062326336353239633261
38306237336266663038656534393664646138343038323335633064616431386666613739326630
34383963666534313530376331366238343836303036306336343533666332386163643033643138
33336333333338353733383165306139623964303035653439623131633566356136386431613135
63616462386639303230343866346631346532353531373132613433363239646330653666633532
65393766333238383531313132633537633833363335303630376239396565373730646331313633
30383861303739343265623934643635633361623262356433323035393062353630346430646262
63303434353038646361353661616339313937323336303566303536366163623362356332383862
37326333393761633732653264646333653439363039323238383361336233323232613336303464
34393635633131313135313665363161306466643364393734346264633030373234306466653862
32336163666435636162343465386633653863363533616339636531306130383331376563393533
65366136626662343065383164646665613035393636373565346235656439303933343563366339
36643838393033353033396535613331303031646162316361613564323163633434633861356135
62343461616335323565636633383962316531316362396165366533346166336163623232366261
39376230376562626135346333326437373733373266393236383435343562653034313133376236
61666138346562613330633630373837653465393233613261353937336666646231366666393335
35393463333936323664323831396639333462626238613164616435363664643438653763623431
32663237363134353061373563396535653565636431366565386337653863316333343738343432
62303132636338303462313439376535363063333833363632613832303436353834376561333330
66633632383135646263626333643230343630326539663762633934316261633062663732373932
30306438386263626335373838343236643562326135663366353638353163346365396261313133
36333634306133353235316237343738623263333732343063356238333162323931346664346539
66323733643061386334306130633537353630663336313966663538373963313435666564316539
63613030366332363432303036396232306537663765653938353736376135316539613135623632
66356639623635663365323635646635383638346539323438336261393332373935383536333831
61306639343061333639336162366536366438356166396266666132303932333037613632623666
63616662343830303664353931306632323630316162643432653835313962633735626163366332
34373637633066333432383533316363613031393963373963386161663430623533383165653561
38343439633066366663643138326264653539336530393932386236366533663935353664343966
39323161646231353234633961633732613065323039663062313661386565366534623430356632
64343732336238393262363338363734643639353830646163343361653761633134303163616562
35633436393832393137383534613031303963613339333566343065336530623964636662353065
32366630353538383339346465376661323666333234373665613164633866363364613066643034
37616630366232353166366535633936366536626462353831643335306337353564316461653564
66663133373466333431336366346435623436656230376232613665633466333463636263373464
30386434336538303061666566383033616563303564666362346432663130306531613063363537
646635613236636563666161666630653836

22
inventory/hosts Normal file
View File

@ -0,0 +1,22 @@
$ANSIBLE_VAULT;1.1;AES256
31336566376336626265653165306635633033376662656164383037383834653239656136333734
3833666339393037323035343565343235396163636166370a643933333933386133366564396465
30393637613164356564393337633361653432333232383664303739363736633435363764343530
3532313739363963660a343434356534316230623133636366386334323465376139363162616238
39396638366262313531653635326361616537396338363533303961623165343931373939306239
31336632643166633662653765333231393461643933306464303165633037343061323636313034
34376631656563646665373566633431366638383863666130323264316337663237343135306236
66323536346164663239343139623430303230333466633437643337343930363530653964626163
38336363633730393136333637383631636266396636646533356262376630646139303636666538
32366437353163663865623234643061313639646162643965393535353938313133326237313265
66646163333535396539646461356334633532313530653834623263386265383765356130333466
30373531306137393935363030313739666536363138363962646565306439393239303030643162
33333166663430393866666439653532623034396130313066383035396535646633366237303264
36356665366461323664373038366364623937386233313039323837666333653764616462333365
31326264633236373937313537633961633164323138356135633765663639323537656263633766
38653836323263386333376131333330326237393666363064326463663961633839393039323835
61306265333232623037356465393133323733363634646364336261326333366239346565366338
61646132333033373866623739343830336164316461646366666237313565626639323537623732
38323830656136323137323530343764666433633432366136643538323832653130376363653135
64376261386635636533353961613335663962306337353866616464613636303735336230623962
3336

View File

@ -1,3 +1,5 @@
---
- import_tasks: "{{ role_path }}/tasks/setup.yml" - import_tasks: "{{ role_path }}/tasks/setup.yml"
when: run_stop|bool when: run_stop|bool
tags: tags:

View File

@ -1,3 +1,5 @@
---
matrix_awx_enabled: true matrix_awx_enabled: true
# Defaults for 'Customise Website + Access Export' template # Defaults for 'Customise Website + Access Export' template

View File

@ -1,3 +1,4 @@
---
- name: Record Backup Server variables locally on AWX - name: Record Backup Server variables locally on AWX
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1
@ -38,18 +39,18 @@
credential: "{{ member_id }} - AWX SSH Key" credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json') }}" survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json') }}"
become_enabled: yes become_enabled: true
state: present state: present
verbosity: 1 verbosity: 1
tower_host: "https://{{ awx_host }}" tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: yes validate_certs: true
tags: use-survey tags: use-survey
- name: Include vars in matrix_vars.yml - name: Include vars in matrix_vars.yml
include_vars: include_vars:
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
no_log: True no_log: true
- name: Copy new 'matrix_vars.yml' to target machine - name: Copy new 'matrix_vars.yml' to target machine
copy: copy:

View File

@ -1,3 +1,4 @@
---
- name: Record Bridge Discord AppService variables locally on AWX - name: Record Bridge Discord AppService variables locally on AWX
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1
@ -54,4 +55,4 @@
verbosity: 1 verbosity: 1
tower_host: "https://{{ awx_host }}" tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: yes validate_certs: true

View File

@ -1,3 +1,4 @@
---
- name: Collect current datetime - name: Collect current datetime
set_fact: set_fact:

View File

@ -1,3 +1,4 @@
---
- name: Create a AWX session token for executing modules - name: Create a AWX session token for executing modules
awx.awx.tower_token: awx.awx.tower_token:
@ -7,4 +8,4 @@
tower_host: "https://{{ awx_host }}" tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_master_token }}" tower_oauthtoken: "{{ awx_master_token }}"
register: awx_session_token register: awx_session_token
no_log: True no_log: true

View File

@ -1,3 +1,4 @@
---
# #
# Create user and define if they are admin # Create user and define if they are admin
# #

View File

@ -48,7 +48,7 @@
- name: Reload vars in matrix_vars.yml - name: Reload vars in matrix_vars.yml
include_vars: include_vars:
file: '{{ awx_cached_matrix_vars }}' file: '{{ awx_cached_matrix_vars }}'
no_log: True no_log: true
- name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template - name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1
@ -92,12 +92,12 @@
credential: "{{ member_id }} - AWX SSH Key" credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json') }}" survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json') }}"
become_enabled: yes become_enabled: true
state: present state: present
verbosity: 1 verbosity: 1
tower_host: "https://{{ awx_host }}" tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: yes validate_certs: true
when: awx_customise_base_domain_website is defined when: awx_customise_base_domain_website is defined
- name: Recreate 'Access Export' job template - name: Recreate 'Access Export' job template
@ -114,12 +114,12 @@
credential: "{{ member_id }} - AWX SSH Key" credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json') }}" survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json') }}"
become_enabled: yes become_enabled: true
state: present state: present
verbosity: 1 verbosity: 1
tower_host: "https://{{ awx_host }}" tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: yes validate_certs: true
when: awx_customise_base_domain_website is undefined when: awx_customise_base_domain_website is undefined
- name: If user doesn't define a awx_sftp_password, create a disabled 'sftp' account - name: If user doesn't define a awx_sftp_password, create a disabled 'sftp' account
@ -153,7 +153,7 @@
user: user:
name: sftp name: sftp
groups: sftp groups: sftp
append: yes append: true
when: awx_customise_base_domain_website is defined when: awx_customise_base_domain_website is defined
- name: Create the ro /chroot directory with sticky bit if it doesn't exist. (/chroot/website has matrix:matrix permissions and is mounted to nginx container) - name: Create the ro /chroot directory with sticky bit if it doesn't exist. (/chroot/website has matrix:matrix permissions and is mounted to nginx container)

View File

@ -23,7 +23,7 @@
command: rm /chroot/export/matrix* command: rm /chroot/export/matrix*
count: 1 count: 1
units: days units: days
unique: yes unique: true
- name: Delete the AWX session token for executing modules - name: Delete the AWX session token for executing modules
awx.awx.tower_token: awx.awx.tower_token:

View File

@ -3,14 +3,14 @@
- name: Include vars in organisation.yml - name: Include vars in organisation.yml
include_vars: include_vars:
file: '/var/lib/awx/projects/clients/{{ member_id }}/organisation.yml' file: '/var/lib/awx/projects/clients/{{ member_id }}/organisation.yml'
no_log: True no_log: true
- name: Include vars in hosting_vars.yml - name: Include vars in hosting_vars.yml
include_vars: include_vars:
file: '/var/lib/awx/projects/hosting/hosting_vars.yml' file: '/var/lib/awx/projects/hosting/hosting_vars.yml'
no_log: True no_log: true
- name: Include AWX master token from awx_tokens.yml - name: Include AWX master token from awx_tokens.yml
include_vars: include_vars:
file: /var/lib/awx/projects/hosting/awx_tokens.yml file: /var/lib/awx/projects/hosting/awx_tokens.yml
no_log: True no_log: true

View File

@ -3,7 +3,7 @@
- name: Include new vars in matrix_vars.yml - name: Include new vars in matrix_vars.yml
include_vars: include_vars:
file: '{{ awx_cached_matrix_vars }}' file: '{{ awx_cached_matrix_vars }}'
no_log: True no_log: true
- name: If include_vars succeeds overwrite the old matrix_vars.yml - name: If include_vars succeeds overwrite the old matrix_vars.yml
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1

View File

@ -1,4 +1,4 @@
---
# Load initial hosting and organisation variables from AWX volume # Load initial hosting and organisation variables from AWX volume
- include_tasks: - include_tasks:
file: "load_hosting_and_org_variables.yml" file: "load_hosting_and_org_variables.yml"

View File

@ -9,7 +9,7 @@
- name: Include vars in matrix_vars.yml - name: Include vars in matrix_vars.yml
include_vars: include_vars:
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
no_log: True no_log: true
- name: Ensure curl and jq intalled on target machine - name: Ensure curl and jq intalled on target machine
apt: apt:
@ -22,7 +22,7 @@
shell: du -sh /matrix/postgres/data shell: du -sh /matrix/postgres/data
register: awx_db_size_before_stat register: awx_db_size_before_stat
when: (awx_purge_mode.find("Perform final shrink") != -1) when: (awx_purge_mode.find("Perform final shrink") != -1)
no_log: True no_log: true
- name: Collect the internal IP of the matrix-synapse container - name: Collect the internal IP of the matrix-synapse container
shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse" shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse"
@ -34,7 +34,7 @@
curl -X POST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token' curl -X POST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
register: awx_janitors_token register: awx_janitors_token
no_log: True no_log: true
- name: Copy build_room_list.py script to target machine - name: Copy build_room_list.py script to target machine
copy: copy:
@ -55,7 +55,7 @@
fetch: fetch:
src: /tmp/room_list_complete.json src: /tmp/room_list_complete.json
dest: "/tmp/{{ subscription_id }}_room_list_complete.json" dest: "/tmp/{{ subscription_id }}_room_list_complete.json"
flat: yes flat: true
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
- name: Remove complete room list from target machine - name: Remove complete room list from target machine
@ -80,7 +80,7 @@
- name: Setting host fact awx_room_list_no_local_users - name: Setting host fact awx_room_list_no_local_users
set_fact: set_fact:
awx_room_list_no_local_users: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_no_local_users.txt') }}" awx_room_list_no_local_users: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_no_local_users.txt') }}"
no_log: True no_log: true
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
- name: Purge all rooms with no local users - name: Purge all rooms with no local users
@ -113,7 +113,7 @@
set_fact: set_fact:
awx_room_list_joined_members: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_joined_members.txt') }}" awx_room_list_joined_members: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_joined_members.txt') }}"
when: awx_purge_mode.find("Number of users [slower]") != -1 when: awx_purge_mode.find("Number of users [slower]") != -1
no_log: True no_log: true
- name: Purge all rooms with more then N users - name: Purge all rooms with more then N users
include_tasks: purge_database_users.yml include_tasks: purge_database_users.yml
@ -138,7 +138,7 @@
set_fact: set_fact:
awx_room_list_state_events: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_state_events.txt') }}" awx_room_list_state_events: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_state_events.txt') }}"
when: awx_purge_mode.find("Number of events [slower]") != -1 when: awx_purge_mode.find("Number of events [slower]") != -1
no_log: True no_log: true
- name: Purge all rooms with more then N events - name: Purge all rooms with more then N events
include_tasks: purge_database_events.yml include_tasks: purge_database_events.yml
@ -161,17 +161,17 @@
verbosity: 1 verbosity: 1
tower_host: "https://{{ awx_host }}" tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: yes validate_certs: true
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1) when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1)
- name: Execute rust-synapse-compress-state job template - name: Execute rust-synapse-compress-state job template
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1
awx.awx.tower_job_launch: awx.awx.tower_job_launch:
job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server" job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
wait: yes wait: true
tower_host: "https://{{ awx_host }}" tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: yes validate_certs: true
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1) when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1)
- name: Revert 'Deploy/Update a Server' job template - name: Revert 'Deploy/Update a Server' job template
@ -190,14 +190,14 @@
verbosity: 1 verbosity: 1
tower_host: "https://{{ awx_host }}" tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: yes validate_certs: true
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1) when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1)
- name: Ensure matrix-synapse is stopped - name: Ensure matrix-synapse is stopped
service: service:
name: matrix-synapse name: matrix-synapse
state: stopped state: stopped
daemon_reload: yes daemon_reload: true
when: (awx_purge_mode.find("Perform final shrink") != -1) when: (awx_purge_mode.find("Perform final shrink") != -1)
- name: Re-index Synapse database - name: Re-index Synapse database
@ -208,7 +208,7 @@
service: service:
name: matrix-synapse name: matrix-synapse
state: started state: started
daemon_reload: yes daemon_reload: true
when: (awx_purge_mode.find("Perform final shrink") != -1) when: (awx_purge_mode.find("Perform final shrink") != -1)
- name: Adjust 'Deploy/Update a Server' job template - name: Adjust 'Deploy/Update a Server' job template
@ -227,17 +227,17 @@
verbosity: 1 verbosity: 1
tower_host: "https://{{ awx_host }}" tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: yes validate_certs: true
when: (awx_purge_mode.find("Perform final shrink") != -1) when: (awx_purge_mode.find("Perform final shrink") != -1)
- name: Execute run-postgres-vacuum job template - name: Execute run-postgres-vacuum job template
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1
awx.awx.tower_job_launch: awx.awx.tower_job_launch:
job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server" job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
wait: yes wait: true
tower_host: "https://{{ awx_host }}" tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: yes validate_certs: true
when: (awx_purge_mode.find("Perform final shrink") != -1) when: (awx_purge_mode.find("Perform final shrink") != -1)
- name: Revert 'Deploy/Update a Server' job template - name: Revert 'Deploy/Update a Server' job template
@ -256,7 +256,7 @@
verbosity: 1 verbosity: 1
tower_host: "https://{{ awx_host }}" tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: yes validate_certs: true
when: (awx_purge_mode.find("Perform final shrink") != -1) when: (awx_purge_mode.find("Perform final shrink") != -1)
- name: Cleanup room_list files - name: Cleanup room_list files
@ -264,13 +264,13 @@
shell: | shell: |
rm /tmp/{{ subscription_id }}_room_list* rm /tmp/{{ subscription_id }}_room_list*
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
ignore_errors: yes ignore_errors: true
- name: Collect after shrink size of Synapse database - name: Collect after shrink size of Synapse database
shell: du -sh /matrix/postgres/data shell: du -sh /matrix/postgres/data
register: awx_db_size_after_stat register: awx_db_size_after_stat
when: (awx_purge_mode.find("Perform final shrink") != -1) when: (awx_purge_mode.find("Perform final shrink") != -1)
no_log: True no_log: true
- name: Print total number of rooms processed - name: Print total number of rooms processed
debug: debug:

View File

@ -1,3 +1,4 @@
---
- name: Ensure dateutils is installed in AWX - name: Ensure dateutils is installed in AWX
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1
@ -8,7 +9,7 @@
- name: Include vars in matrix_vars.yml - name: Include vars in matrix_vars.yml
include_vars: include_vars:
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
no_log: True no_log: true
- name: Ensure curl and jq intalled on target machine - name: Ensure curl and jq intalled on target machine
apt: apt:
@ -25,7 +26,7 @@
shell: | shell: |
curl -XPOST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token' curl -XPOST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
register: awx_janitors_token register: awx_janitors_token
no_log: True no_log: true
- name: Generate list of dates to purge to - name: Generate list of dates to purge to
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1
@ -37,16 +38,16 @@
register: awx_local_media_size_before register: awx_local_media_size_before
when: awx_purge_media_type == "Local Media" when: awx_purge_media_type == "Local Media"
async: 600 async: 600
ignore_errors: yes ignore_errors: true
no_log: True no_log: true
- name: Calculate initial size of remote media repository - name: Calculate initial size of remote media repository
shell: du -sh /matrix/synapse/storage/media-store/remote* shell: du -sh /matrix/synapse/storage/media-store/remote*
register: awx_remote_media_size_before register: awx_remote_media_size_before
when: awx_purge_media_type == "Remote Media" when: awx_purge_media_type == "Remote Media"
async: 600 async: 600
ignore_errors: yes ignore_errors: true
no_log: True no_log: true
- name: Purge local media with loop - name: Purge local media with loop
include_tasks: purge_media_local.yml include_tasks: purge_media_local.yml
@ -62,15 +63,15 @@
shell: du -sh /matrix/synapse/storage/media-store/local* shell: du -sh /matrix/synapse/storage/media-store/local*
register: awx_local_media_size_after register: awx_local_media_size_after
when: awx_purge_media_type == "Local Media" when: awx_purge_media_type == "Local Media"
ignore_errors: yes ignore_errors: true
no_log: True no_log: true
- name: Calculate final size of remote media repository - name: Calculate final size of remote media repository
shell: du -sh /matrix/synapse/storage/media-store/remote* shell: du -sh /matrix/synapse/storage/media-store/remote*
register: awx_remote_media_size_after register: awx_remote_media_size_after
when: awx_purge_media_type == "Remote Media" when: awx_purge_media_type == "Remote Media"
ignore_errors: yes ignore_errors: true
no_log: True no_log: true
- name: Print size of local media repository before purge - name: Print size of local media repository before purge
debug: debug:

View File

@ -4,7 +4,7 @@
authorized_key: authorized_key:
user: root user: root
state: present state: present
exclusive: yes exclusive: true
key: "{{ lookup('file', '/var/lib/awx/projects/hosting/client_public.key') }}" key: "{{ lookup('file', '/var/lib/awx/projects/hosting/client_public.key') }}"
- name: Delete the AWX session token for executing modules - name: Delete the AWX session token for executing modules

View File

@ -25,47 +25,47 @@
shell: | shell: |
curl -s localhost:9000 | grep "^synapse_admin_mau_current " curl -s localhost:9000 | grep "^synapse_admin_mau_current "
register: awx_mau_stat register: awx_mau_stat
no_log: True no_log: true
- name: Calculate CPU usage statistics - name: Calculate CPU usage statistics
shell: iostat -c shell: iostat -c
register: awx_cpu_usage_stat register: awx_cpu_usage_stat
no_log: True no_log: true
- name: Calculate RAM usage statistics - name: Calculate RAM usage statistics
shell: free -mh shell: free -mh
register: awx_ram_usage_stat register: awx_ram_usage_stat
no_log: True no_log: true
- name: Calculate free disk space - name: Calculate free disk space
shell: df -h shell: df -h
register: awx_disk_space_stat register: awx_disk_space_stat
no_log: True no_log: true
- name: Calculate size of Synapse database - name: Calculate size of Synapse database
shell: du -sh /matrix/postgres/data shell: du -sh /matrix/postgres/data
register: awx_db_size_stat register: awx_db_size_stat
no_log: True no_log: true
- name: Calculate size of local media repository - name: Calculate size of local media repository
shell: du -sh /matrix/synapse/storage/media-store/local* shell: du -sh /matrix/synapse/storage/media-store/local*
register: awx_local_media_size_stat register: awx_local_media_size_stat
async: 600 async: 600
ignore_errors: yes ignore_errors: true
no_log: True no_log: true
- name: Calculate size of remote media repository - name: Calculate size of remote media repository
shell: du -sh /matrix/synapse/storage/media-store/remote* shell: du -sh /matrix/synapse/storage/media-store/remote*
register: awx_remote_media_size_stat register: awx_remote_media_size_stat
async: 600 async: 600
ignore_errors: yes ignore_errors: true
no_log: True no_log: true
- name: Calculate docker container statistics - name: Calculate docker container statistics
shell: docker stats --all --no-stream shell: docker stats --all --no-stream
register: awx_docker_stats register: awx_docker_stats
ignore_errors: yes ignore_errors: true
no_log: True no_log: true
- name: Print size of remote media repository - name: Print size of remote media repository
debug: debug:

View File

@ -235,9 +235,9 @@
credential: "{{ member_id }} - AWX SSH Key" credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json') }}" survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json') }}"
become_enabled: yes become_enabled: true
state: present state: present
verbosity: 1 verbosity: 1
tower_host: "https://{{ awx_host }}" tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: yes validate_certs: true

View File

@ -3,7 +3,7 @@
- name: Include vars in matrix_vars.yml - name: Include vars in matrix_vars.yml
include_vars: include_vars:
file: '{{ awx_cached_matrix_vars }}' file: '{{ awx_cached_matrix_vars }}'
no_log: True no_log: true
- name: Install jq and curl on remote machine - name: Install jq and curl on remote machine
apt: apt:
@ -14,7 +14,7 @@
- name: Collect access token of @admin-dimension user - name: Collect access token of @admin-dimension user
shell: | shell: |
curl -X POST --header 'Content-Type: application/json' -d '{ "identifier": { "type": "m.id.user","user": "admin-dimension" }, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//' curl -X POST --header 'Content-Type: application/json' -d '{"identifier": {"type": "m.id.user","user": "admin-dimension"}, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//'
register: awx_dimension_user_access_token register: awx_dimension_user_access_token
- name: Record Synapse variables locally on AWX - name: Record Synapse variables locally on AWX
@ -97,9 +97,9 @@
credential: "{{ member_id }} - AWX SSH Key" credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json') }}" survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json') }}"
become_enabled: yes become_enabled: true
state: present state: present
verbosity: 1 verbosity: 1
tower_host: "https://{{ awx_host }}" tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: yes validate_certs: true

View File

@ -172,9 +172,9 @@
credential: "{{ member_id }} - AWX SSH Key" credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json') }}" survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json') }}"
become_enabled: yes become_enabled: true
state: present state: present
verbosity: 1 verbosity: 1
tower_host: "https://{{ awx_host }}" tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: yes validate_certs: true

View File

@ -40,4 +40,4 @@
verbosity: 1 verbosity: 1
tower_host: "https://{{ awx_host }}" tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: yes validate_certs: true

View File

@ -37,9 +37,9 @@
credential: "{{ member_id }} - AWX SSH Key" credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json') }}" survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json') }}"
become_enabled: yes become_enabled: true
state: present state: present
verbosity: 1 verbosity: 1
tower_host: "https://{{ awx_host }}" tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: yes validate_certs: true

View File

@ -66,7 +66,7 @@
with_dict: with_dict:
'awx_matrix_ma1sd_auth_store': '{{ awx_matrix_ma1sd_auth_store }}' 'awx_matrix_ma1sd_auth_store': '{{ awx_matrix_ma1sd_auth_store }}'
'awx_matrix_ma1sd_configuration_extension_yaml': '{{ awx_matrix_ma1sd_configuration_extension_yaml.splitlines() | to_json }}' 'awx_matrix_ma1sd_configuration_extension_yaml': '{{ awx_matrix_ma1sd_configuration_extension_yaml.splitlines() | to_json }}'
no_log: True no_log: true
- name: Save new 'Configure ma1sd' survey.json to the AWX tower, template - name: Save new 'Configure ma1sd' survey.json to the AWX tower, template
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1
@ -94,10 +94,9 @@
credential: "{{ member_id }} - AWX SSH Key" credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json') }}" survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json') }}"
become_enabled: yes become_enabled: true
state: present state: present
verbosity: 1 verbosity: 1
tower_host: "https://{{ awx_host }}" tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: yes validate_certs: true

View File

@ -36,9 +36,9 @@
credential: "{{ member_id }} - AWX SSH Key" credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json') }}" survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json') }}"
become_enabled: yes become_enabled: true
state: present state: present
verbosity: 1 verbosity: 1
tower_host: "https://{{ awx_host }}" tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: yes validate_certs: true

View File

@ -1,3 +1,4 @@
---
- name: Limit max upload size to 200MB part 1 - name: Limit max upload size to 200MB part 1
set_fact: set_fact:
@ -214,9 +215,9 @@
credential: "{{ member_id }} - AWX SSH Key" credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json') }}" survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json') }}"
become_enabled: yes become_enabled: true
state: present state: present
verbosity: 1 verbosity: 1
tower_host: "https://{{ awx_host }}" tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: yes validate_certs: true

View File

@ -36,9 +36,9 @@
credential: "{{ member_id }} - AWX SSH Key" credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json') }}" survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json') }}"
become_enabled: yes become_enabled: true
state: present state: present
verbosity: 1 verbosity: 1
tower_host: "https://{{ awx_host }}" tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}" tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: yes validate_certs: true

View File

@ -7,15 +7,21 @@
regexp: 'matrix_synapse_use_presence' regexp: 'matrix_synapse_use_presence'
replace: 'matrix_synapse_presence_enabled' replace: 'matrix_synapse_presence_enabled'
- name: Generate matrix_homeserver_generic_secret_key variable - name: Search for matrix_homeserver_generic_secret_key variable in matrix_vars.yml
delegate_to: 127.0.0.1
register: presence
shell: "grep -i 'matrix_homeserver_generic_secret_key' /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml"
no_log: true
- name: Generate matrix_homeserver_generic_secret_key variable if not present
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1
command: | command: |
openssl rand -hex 16 openssl rand -hex 16
register: generic_secret register: generic_secret
no_log: True no_log: true
when: ( matrix_homeserver_generic_secret_key is undefined ) or ( matrix_homeserver_generic_secret_key | length == 0 ) when: presence is not changed
- name: Add new matrix_homeserver_generic_secret_key variable - name: Add new matrix_homeserver_generic_secret_key variable if not present
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1
lineinfile: lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
@ -23,4 +29,4 @@
insertbefore: '# Basic Settings End' insertbefore: '# Basic Settings End'
mode: '0600' mode: '0600'
state: present state: present
when: ( matrix_homeserver_generic_secret_key is undefined ) or ( matrix_homeserver_generic_secret_key | length == 0 ) when: presence is not changed

View File

@ -1,3 +1,4 @@
---
# The bare domain name which represents your Matrix identity. # The bare domain name which represents your Matrix identity.
# Matrix user ids for your server will be of the form (`@user:<matrix-domain>`). # Matrix user ids for your server will be of the form (`@user:<matrix-domain>`).
# #
@ -98,8 +99,8 @@ matrix_host_command_openssl: "/usr/bin/env openssl"
matrix_host_command_systemctl: "/usr/bin/env systemctl" matrix_host_command_systemctl: "/usr/bin/env systemctl"
matrix_host_command_sh: "/usr/bin/env sh" matrix_host_command_sh: "/usr/bin/env sh"
matrix_ntpd_package: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version > '7') or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version > '18') else ( 'systemd' if ansible_os_family == 'Suse' else 'ntp' ) }}" matrix_ntpd_package: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 7) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version|int > 18) else ( 'systemd' if ansible_os_family == 'Suse' else 'ntp' ) }}"
matrix_ntpd_service: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version > '7') or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version > '18') or ansible_distribution == 'Archlinux' or ansible_os_family == 'Suse' else ('ntpd' if ansible_os_family == 'RedHat' else 'ntp') }}" matrix_ntpd_service: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 7) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version|int > 18) or ansible_distribution == 'Archlinux' or ansible_os_family == 'Suse' else ('ntpd' if ansible_os_family == 'RedHat' else 'ntp') }}"
matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}" matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}"

View File

@ -0,0 +1,62 @@
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://download.docker.com/linux/fedora/gpg
[docker-ce-stable-debuginfo]
name=Docker CE Stable - Debuginfo $basearch
baseurl=https://download.docker.com/linux/fedora/$releasever/debug-$basearch/stable
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/fedora/gpg
[docker-ce-stable-source]
name=Docker CE Stable - Sources
baseurl=https://download.docker.com/linux/fedora/$releasever/source/stable
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/fedora/gpg
[docker-ce-test]
name=Docker CE Test - $basearch
baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/fedora/gpg
[docker-ce-test-debuginfo]
name=Docker CE Test - Debuginfo $basearch
baseurl=https://download.docker.com/linux/fedora/$releasever/debug-$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/fedora/gpg
[docker-ce-test-source]
name=Docker CE Test - Sources
baseurl=https://download.docker.com/linux/fedora/$releasever/source/test
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/fedora/gpg
[docker-ce-nightly]
name=Docker CE Nightly - $basearch
baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/fedora/gpg
[docker-ce-nightly-debuginfo]
name=Docker CE Nightly - Debuginfo $basearch
baseurl=https://download.docker.com/linux/fedora/$releasever/debug-$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/fedora/gpg
[docker-ce-nightly-source]
name=Docker CE Nightly - Sources
baseurl=https://download.docker.com/linux/fedora/$releasever/source/nightly
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/fedora/gpg

View File

@ -1,3 +1,5 @@
---
- import_tasks: "{{ role_path }}/tasks/sanity_check.yml" - import_tasks: "{{ role_path }}/tasks/sanity_check.yml"
tags: tags:
- always - always

View File

@ -1,10 +1,13 @@
--- ---
- include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat.yml" - include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat.yml"
when: ansible_os_family == 'RedHat' and ansible_distribution_major_version < '8' when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int < 8
- include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat8.yml" - include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat8.yml"
when: ansible_os_family == 'RedHat' and ansible_distribution_major_version > '7' when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 7 and ansible_distribution_major_version|int < 30
- include_tasks: "{{ role_path }}/tasks/server_base/setup_fedora.yml"
when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 30
- block: - block:
# ansible_lsb is only available if lsb-release is installed. # ansible_lsb is only available if lsb-release is installed.
@ -13,7 +16,7 @@
name: name:
- lsb-release - lsb-release
state: present state: present
update_cache: yes update_cache: true
register: lsb_release_installation_result register: lsb_release_installation_result
- name: Reread ansible_lsb facts if lsb-release got installed - name: Reread ansible_lsb facts if lsb-release got installed
@ -34,10 +37,10 @@
service: service:
name: docker name: docker
state: started state: started
enabled: yes enabled: true
- name: "Ensure {{ matrix_ntpd_service }} is started and autoruns" - name: "Ensure {{ matrix_ntpd_service }} is started and autoruns"
service: service:
name: "{{ matrix_ntpd_service }}" name: "{{ matrix_ntpd_service }}"
state: started state: started
enabled: yes enabled: true

View File

@ -6,7 +6,7 @@
- python-docker - python-docker
- python-dnspython - python-dnspython
state: latest state: latest
update_cache: yes update_cache: true
- name: Ensure Docker is installed - name: Ensure Docker is installed
pacman: pacman:

View File

@ -7,7 +7,7 @@
- ca-certificates - ca-certificates
- gnupg - gnupg
state: present state: present
update_cache: yes update_cache: true
- name: Ensure Docker's APT key is trusted - name: Ensure Docker's APT key is trusted
apt_key: apt_key:
@ -22,7 +22,7 @@
apt_repository: apt_repository:
repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable" repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable"
state: present state: present
update_cache: yes update_cache: true
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
- name: Ensure APT packages are installed - name: Ensure APT packages are installed
@ -30,7 +30,7 @@
name: name:
- "{{ matrix_ntpd_package }}" - "{{ matrix_ntpd_package }}"
state: latest state: latest
update_cache: yes update_cache: true
- name: Ensure Docker is installed - name: Ensure Docker is installed
apt: apt:

View File

@ -0,0 +1,39 @@
---
- name: Ensure Docker repository is enabled
template:
src: "{{ role_path }}/files/yum.repos.d/{{ item }}"
dest: "/etc/yum.repos.d/docker-ce.repo"
owner: "root"
group: "root"
mode: 0644
with_items:
- docker-ce-fedora.repo
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
- name: Ensure Docker's RPM key is trusted
rpm_key:
state: present
key: https://download.docker.com/linux/fedora/gpg
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
- name: Ensure yum packages are installed
yum:
name:
- "{{ matrix_ntpd_package }}"
state: latest
update_cache: true
- name: Ensure Docker is installed
yum:
name:
- "{{ matrix_docker_package_name }}"
- python3-pip
state: latest
when: matrix_docker_installation_enabled|bool
- name: Ensure Docker-Py is installed
pip:
name: docker-py
state: latest
when: matrix_docker_installation_enabled|bool

View File

@ -7,7 +7,7 @@
- ca-certificates - ca-certificates
- gnupg - gnupg
state: present state: present
update_cache: yes update_cache: true
- name: Ensure Docker's APT key is trusted - name: Ensure Docker's APT key is trusted
apt_key: apt_key:
@ -22,7 +22,7 @@
apt_repository: apt_repository:
repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/raspbian {{ ansible_distribution_release }} stable" repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/raspbian {{ ansible_distribution_release }} stable"
state: present state: present
update_cache: yes update_cache: true
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
- name: Ensure APT packages are installed - name: Ensure APT packages are installed
@ -30,7 +30,7 @@
name: name:
- "{{ matrix_ntpd_package }}" - "{{ matrix_ntpd_package }}"
state: latest state: latest
update_cache: yes update_cache: true
- name: Ensure Docker is installed - name: Ensure Docker is installed
apt: apt:

View File

@ -2,13 +2,11 @@
- name: Ensure Docker repository is enabled - name: Ensure Docker repository is enabled
template: template:
src: "{{ role_path }}/files/yum.repos.d/{{ item }}" src: "{{ role_path }}/files/yum.repos.d/docker-ce-centos.repo"
dest: "/etc/yum.repos.d/{{ item }}" dest: "/etc/yum.repos.d/docker-ce.repo"
owner: "root" owner: "root"
group: "root" group: "root"
mode: 0644 mode: 0644
with_items:
- docker-ce.repo
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
- name: Ensure Docker's RPM key is trusted - name: Ensure Docker's RPM key is trusted
@ -22,7 +20,7 @@
name: name:
- "{{ matrix_ntpd_package }}" - "{{ matrix_ntpd_package }}"
state: latest state: latest
update_cache: yes update_cache: true
- name: Ensure Docker is installed - name: Ensure Docker is installed
yum: yum:

View File

@ -2,13 +2,11 @@
- name: Ensure Docker repository is enabled - name: Ensure Docker repository is enabled
template: template:
src: "{{ role_path }}/files/yum.repos.d/{{ item }}" src: "{{ role_path }}/files/yum.repos.d/docker-ce-centos.repo"
dest: "/etc/yum.repos.d/{{ item }}" dest: "/etc/yum.repos.d/docker-ce.repo"
owner: "root" owner: "root"
group: "root" group: "root"
mode: 0644 mode: 0644
with_items:
- docker-ce.repo
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce' when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
- name: Ensure Docker's RPM key is trusted - name: Ensure Docker's RPM key is trusted
@ -22,14 +20,14 @@
name: name:
- epel-release - epel-release
state: latest state: latest
update_cache: yes update_cache: true
- name: Ensure yum packages are installed - name: Ensure yum packages are installed
yum: yum:
name: name:
- "{{ matrix_ntpd_package }}" - "{{ matrix_ntpd_package }}"
state: latest state: latest
update_cache: yes update_cache: true
- name: Ensure Docker is installed - name: Ensure Docker is installed
yum: yum:

View File

@ -18,8 +18,8 @@
state: present state: present
group: "{{ matrix_user_groupname }}" group: "{{ matrix_user_groupname }}"
home: "{{ matrix_base_data_path }}" home: "{{ matrix_base_data_path }}"
create_home: no create_home: false
system: yes system: true
register: matrix_user register: matrix_user
- name: Set Matrix Group UID Variable - name: Set Matrix Group UID Variable

View File

@ -1,3 +1,4 @@
---
# We need others to be able to read these directories too, # We need others to be able to read these directories too,
# so that matrix-nginx-proxy's nginx user can access the files. # so that matrix-nginx-proxy's nginx user can access the files.
# #

View File

@ -1,4 +1,4 @@
---
# This is for both RedHat 7 and 8 # This is for both RedHat 7 and 8
- name: Ensure fuse installed (RedHat) - name: Ensure fuse installed (RedHat)
yum: yum:

View File

@ -1,4 +1,4 @@
---
# This is for both RedHat 7 and 8 # This is for both RedHat 7 and 8
- name: Ensure openssl installed (RedHat) - name: Ensure openssl installed (RedHat)
yum: yum:

View File

@ -1,3 +1,4 @@
---
# This will contain a list of enabled services that the playbook is managing. # This will contain a list of enabled services that the playbook is managing.
# Each component is expected to append its service name to this list. # Each component is expected to append its service name to this list.
matrix_systemd_services_list: [] matrix_systemd_services_list: []

View File

@ -1,3 +1,4 @@
---
# Go-NEB is a Matrix bot written in Go. It is the successor to Matrix-NEB, the original Matrix bot written in Python. # Go-NEB is a Matrix bot written in Go. It is the successor to Matrix-NEB, the original Matrix bot written in Python.
# See: https://github.com/matrix-org/go-neb # See: https://github.com/matrix-org/go-neb
@ -203,8 +204,8 @@ matrix_bot_go_neb_services: []
# # Each room will get the notification with the alert rendered with the given template # # Each room will get the notification with the alert rendered with the given template
# rooms: # rooms:
# "!someroomid:domain.tld": # "!someroomid:domain.tld":
# text_template: "{% raw %}{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\" }}: {{index .Annotations \"description\"}} {{ end -}}{% endraw %}" # text_template: "{% raw %}{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\"}}: {{index .Annotations \"description\"}} {{ end -}}{% endraw %}"
# html_template: "{% raw %}{{range .Alerts -}} {{ $severity := index .Labels \"severity\" }} {{ if eq .Status \"firing\" }} {{ if eq $severity \"critical\"}} <font color='red'><b>[FIRING - CRITICAL]</b></font> {{ else if eq $severity \"warning\"}} <font color='orange'><b>[FIRING - WARNING]</b></font> {{ else }} <b>[FIRING - {{ $severity }}]</b> {{ end }} {{ else }} <font color='green'><b>[RESOLVED]</b></font> {{ end }} {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}} <a href=\"{{ .GeneratorURL }}\">source</a><br/>{{end -}}{% endraw %}" # html_template: "{% raw %}{{range .Alerts -}} {{ $severity := index .Labels \"severity\"}} {{ if eq .Status \"firing\"}} {{ if eq $severity \"critical\"}} <font color='red'><b>[FIRING - CRITICAL]</b></font> {{ else if eq $severity \"warning\"}} <font color='orange'><b>[FIRING - WARNING]</b></font> {{ else }} <b>[FIRING - {{ $severity }}]</b> {{ end }} {{ else }} <font color='green'><b>[RESOLVED]</b></font> {{ end }} {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}} <a href=\"{{ .GeneratorURL }}\">source</a><br/>{{end -}}{% endraw %}"
# msg_type: "m.text" # Must be either `m.text` or `m.notice` # msg_type: "m.text" # Must be either `m.text` or `m.notice`
# Default configuration template which covers the generic use case. # Default configuration template which covers the generic use case.
@ -228,4 +229,3 @@ matrix_bot_go_neb_configuration_extension: "{{ matrix_bot_go_neb_configuration_e
# Holds the final configuration (a combination of the default and its extension). # Holds the final configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_bot_go_neb_configuration_yaml`. # You most likely don't need to touch this variable. Instead, see `matrix_bot_go_neb_configuration_yaml`.
matrix_bot_go_neb_configuration: "{{ matrix_bot_go_neb_configuration_yaml|from_yaml|combine(matrix_bot_go_neb_configuration_extension, recursive=True) }}" matrix_bot_go_neb_configuration: "{{ matrix_bot_go_neb_configuration_yaml|from_yaml|combine(matrix_bot_go_neb_configuration_extension, recursive=True) }}"

View File

@ -1,3 +1,5 @@
---
- set_fact: - set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-go-neb.service'] }}" matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-go-neb.service'] }}"
when: matrix_bot_go_neb_enabled|bool when: matrix_bot_go_neb_enabled|bool

View File

@ -1,3 +1,5 @@
---
- import_tasks: "{{ role_path }}/tasks/init.yml" - import_tasks: "{{ role_path }}/tasks/init.yml"
tags: tags:
- always - always

View File

@ -11,9 +11,9 @@
owner: "{{ matrix_user_username }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}" group: "{{ matrix_user_groupname }}"
with_items: with_items:
- { path: "{{ matrix_bot_go_neb_config_path }}", when: true } - {path: "{{ matrix_bot_go_neb_config_path }}", when: true}
- { path: "{{ matrix_bot_go_neb_data_path }}", when: true } - {path: "{{ matrix_bot_go_neb_data_path }}", when: true}
- { path: "{{ matrix_bot_go_neb_data_store_path }}", when: true } - {path: "{{ matrix_bot_go_neb_data_store_path }}", when: true}
when: "item.when|bool" when: "item.when|bool"
- name: Ensure go-neb image is pulled - name: Ensure go-neb image is pulled
@ -40,7 +40,7 @@
- name: Ensure systemd reloaded after matrix-bot-go-neb.service installation - name: Ensure systemd reloaded after matrix-bot-go-neb.service installation
service: service:
daemon_reload: yes daemon_reload: true
when: "matrix_bot_go_neb_systemd_service_result.changed|bool" when: "matrix_bot_go_neb_systemd_service_result.changed|bool"
- name: Ensure matrix-bot-go-neb.service restarted, if necessary - name: Ensure matrix-bot-go-neb.service restarted, if necessary

View File

@ -9,8 +9,8 @@
service: service:
name: matrix-bot-go-neb name: matrix-bot-go-neb
state: stopped state: stopped
enabled: no enabled: false
daemon_reload: yes daemon_reload: true
register: stopping_result register: stopping_result
when: "matrix_bot_go_neb_service_stat.stat.exists|bool" when: "matrix_bot_go_neb_service_stat.stat.exists|bool"
@ -22,7 +22,7 @@
- name: Ensure systemd reloaded after matrix-bot-go-neb.service removal - name: Ensure systemd reloaded after matrix-bot-go-neb.service removal
service: service:
daemon_reload: yes daemon_reload: true
when: "matrix_bot_go_neb_service_stat.stat.exists|bool" when: "matrix_bot_go_neb_service_stat.stat.exists|bool"
- name: Ensure Matrix go-neb paths don't exist - name: Ensure Matrix go-neb paths don't exist

View File

@ -1,3 +1,4 @@
---
# honoroit is a helpdesk bot # honoroit is a helpdesk bot
# See: https://gitlab.com/etke.cc/honoroit # See: https://gitlab.com/etke.cc/honoroit

View File

@ -1,3 +1,5 @@
---
- set_fact: - set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-honoroit.service'] }}" matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-honoroit.service'] }}"
when: matrix_bot_honoroit_enabled|bool when: matrix_bot_honoroit_enabled|bool

View File

@ -1,3 +1,5 @@
---
- import_tasks: "{{ role_path }}/tasks/init.yml" - import_tasks: "{{ role_path }}/tasks/init.yml"
tags: tags:
- always - always

View File

@ -33,10 +33,10 @@
owner: "{{ matrix_user_username }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}" group: "{{ matrix_user_groupname }}"
with_items: with_items:
- { path: "{{ matrix_bot_honoroit_config_path }}", when: true } - {path: "{{ matrix_bot_honoroit_config_path }}", when: true}
- { path: "{{ matrix_bot_honoroit_data_path }}", when: true } - {path: "{{ matrix_bot_honoroit_data_path }}", when: true}
- { path: "{{ matrix_bot_honoroit_data_store_path }}", when: true } - {path: "{{ matrix_bot_honoroit_data_store_path }}", when: true}
- { path: "{{ matrix_bot_honoroit_docker_src_files_path }}", when: true} - {path: "{{ matrix_bot_honoroit_docker_src_files_path }}", when: true}
when: "item.when|bool" when: "item.when|bool"
- name: Ensure honoroit environment variables file created - name: Ensure honoroit environment variables file created
@ -70,7 +70,7 @@
build: build:
dockerfile: Dockerfile dockerfile: Dockerfile
path: "{{ matrix_bot_honoroit_docker_src_files_path }}" path: "{{ matrix_bot_honoroit_docker_src_files_path }}"
pull: yes pull: true
when: "matrix_bot_honoroit_container_image_self_build|bool" when: "matrix_bot_honoroit_container_image_self_build|bool"
- name: Ensure matrix-bot-honoroit.service installed - name: Ensure matrix-bot-honoroit.service installed
@ -82,7 +82,7 @@
- name: Ensure systemd reloaded after matrix-bot-honoroit.service installation - name: Ensure systemd reloaded after matrix-bot-honoroit.service installation
service: service:
daemon_reload: yes daemon_reload: true
when: "matrix_bot_honoroit_systemd_service_result.changed|bool" when: "matrix_bot_honoroit_systemd_service_result.changed|bool"
- name: Ensure matrix-bot-honoroit.service restarted, if necessary - name: Ensure matrix-bot-honoroit.service restarted, if necessary

View File

@ -9,8 +9,8 @@
service: service:
name: matrix-bot-honoroit name: matrix-bot-honoroit
state: stopped state: stopped
enabled: no enabled: false
daemon_reload: yes daemon_reload: true
register: stopping_result register: stopping_result
when: "matrix_bot_honoroit_service_stat.stat.exists|bool" when: "matrix_bot_honoroit_service_stat.stat.exists|bool"
@ -22,7 +22,7 @@
- name: Ensure systemd reloaded after matrix-bot-honoroit.service removal - name: Ensure systemd reloaded after matrix-bot-honoroit.service removal
service: service:
daemon_reload: yes daemon_reload: true
when: "matrix_bot_honoroit_service_stat.stat.exists|bool" when: "matrix_bot_honoroit_service_stat.stat.exists|bool"
- name: Ensure Matrix honoroit paths don't exist - name: Ensure Matrix honoroit paths don't exist

View File

@ -1,3 +1,4 @@
---
# matrix-reminder-bot is a bot for one-off and recurring reminders # matrix-reminder-bot is a bot for one-off and recurring reminders
# See: https://github.com/anoadragon453/matrix-reminder-bot # See: https://github.com/anoadragon453/matrix-reminder-bot

View File

@ -1,3 +1,5 @@
---
- set_fact: - set_fact:
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-matrix-reminder-bot.service'] }}" matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-matrix-reminder-bot.service'] }}"
when: matrix_bot_matrix_reminder_bot_enabled|bool when: matrix_bot_matrix_reminder_bot_enabled|bool

View File

@ -1,3 +1,5 @@
---
- import_tasks: "{{ role_path }}/tasks/init.yml" - import_tasks: "{{ role_path }}/tasks/init.yml"
tags: tags:
- always - always

View File

@ -34,10 +34,10 @@
owner: "{{ matrix_user_username }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}" group: "{{ matrix_user_groupname }}"
with_items: with_items:
- { path: "{{ matrix_bot_matrix_reminder_bot_config_path }}", when: true } - {path: "{{ matrix_bot_matrix_reminder_bot_config_path }}", when: true}
- { path: "{{ matrix_bot_matrix_reminder_bot_data_path }}", when: true } - {path: "{{ matrix_bot_matrix_reminder_bot_data_path }}", when: true}
- { path: "{{ matrix_bot_matrix_reminder_bot_data_store_path }}", when: true } - {path: "{{ matrix_bot_matrix_reminder_bot_data_store_path }}", when: true}
- { path: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}", when: true} - {path: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}", when: true}
when: "item.when|bool" when: "item.when|bool"
- name: Ensure matrix-reminder-bot image is pulled - name: Ensure matrix-reminder-bot image is pulled
@ -65,7 +65,7 @@
build: build:
dockerfile: docker/Dockerfile dockerfile: docker/Dockerfile
path: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}" path: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}"
pull: yes pull: true
when: "matrix_bot_matrix_reminder_bot_container_image_self_build|bool" when: "matrix_bot_matrix_reminder_bot_container_image_self_build|bool"
- name: Ensure matrix-reminder-bot config installed - name: Ensure matrix-reminder-bot config installed
@ -85,7 +85,7 @@
- name: Ensure systemd reloaded after matrix-bot-matrix-reminder-bot.service installation - name: Ensure systemd reloaded after matrix-bot-matrix-reminder-bot.service installation
service: service:
daemon_reload: yes daemon_reload: true
when: "matrix_bot_matrix_reminder_bot_systemd_service_result.changed|bool" when: "matrix_bot_matrix_reminder_bot_systemd_service_result.changed|bool"
- name: Ensure matrix-bot-matrix-reminder-bot.service restarted, if necessary - name: Ensure matrix-bot-matrix-reminder-bot.service restarted, if necessary

View File

@ -9,8 +9,8 @@
service: service:
name: matrix-bot-matrix-reminder-bot name: matrix-bot-matrix-reminder-bot
state: stopped state: stopped
enabled: no enabled: false
daemon_reload: yes daemon_reload: true
register: stopping_result register: stopping_result
when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists|bool" when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists|bool"
@ -22,7 +22,7 @@
- name: Ensure systemd reloaded after matrix-bot-matrix-reminder-bot.service removal - name: Ensure systemd reloaded after matrix-bot-matrix-reminder-bot.service removal
service: service:
daemon_reload: yes daemon_reload: true
when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists|bool" when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists|bool"
- name: Ensure Matrix matrix-reminder-bot paths don't exist - name: Ensure Matrix matrix-reminder-bot paths don't exist

View File

@ -1,3 +1,4 @@
---
# A moderation tool for Matrix # A moderation tool for Matrix
# See: https://github.com/matrix-org/mjolnir # See: https://github.com/matrix-org/mjolnir
@ -56,4 +57,3 @@ matrix_bot_mjolnir_configuration_extension: "{{ matrix_bot_mjolnir_configuration
# Holds the final configuration (a combination of the default and its extension). # Holds the final configuration (a combination of the default and its extension).
# You most likely don't need to touch this variable. Instead, see `matrix_bot_mjolnir_configuration_yaml`. # You most likely don't need to touch this variable. Instead, see `matrix_bot_mjolnir_configuration_yaml`.
matrix_bot_mjolnir_configuration: "{{ matrix_bot_mjolnir_configuration_yaml|from_yaml|combine(matrix_bot_mjolnir_configuration_extension, recursive=True) }}" matrix_bot_mjolnir_configuration: "{{ matrix_bot_mjolnir_configuration_yaml|from_yaml|combine(matrix_bot_mjolnir_configuration_extension, recursive=True) }}"

View File

@ -1,3 +1,4 @@
---
# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
- name: Fail if trying to self-build on Ansible < 2.8 - name: Fail if trying to self-build on Ansible < 2.8

View File

@ -1,3 +1,5 @@
---
- import_tasks: "{{ role_path }}/tasks/init.yml" - import_tasks: "{{ role_path }}/tasks/init.yml"
tags: tags:
- always - always

View File

@ -11,10 +11,10 @@
owner: "{{ matrix_user_username }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}" group: "{{ matrix_user_groupname }}"
with_items: with_items:
- { path: "{{ matrix_bot_mjolnir_base_path }}", when: true } - {path: "{{ matrix_bot_mjolnir_base_path }}", when: true}
- { path: "{{ matrix_bot_mjolnir_config_path }}", when: true } - {path: "{{ matrix_bot_mjolnir_config_path }}", when: true}
- { path: "{{ matrix_bot_mjolnir_data_path }}", when: true } - {path: "{{ matrix_bot_mjolnir_data_path }}", when: true}
- { path: "{{ matrix_bot_mjolnir_docker_src_files_path }}", when: "{{ matrix_bot_mjolnir_container_image_self_build }}" } - {path: "{{ matrix_bot_mjolnir_docker_src_files_path }}", when: "{{ matrix_bot_mjolnir_container_image_self_build }}"}
when: "item.when|bool" when: "item.when|bool"
- name: Ensure mjolnir Docker image is pulled - name: Ensure mjolnir Docker image is pulled
@ -42,7 +42,7 @@
build: build:
dockerfile: Dockerfile dockerfile: Dockerfile
path: "{{ matrix_bot_mjolnir_docker_src_files_path }}" path: "{{ matrix_bot_mjolnir_docker_src_files_path }}"
pull: yes pull: true
when: "matrix_bot_mjolnir_container_image_self_build|bool" when: "matrix_bot_mjolnir_container_image_self_build|bool"
- name: Ensure matrix-bot-mjolnir config installed - name: Ensure matrix-bot-mjolnir config installed
@ -62,7 +62,7 @@
- name: Ensure systemd reloaded after matrix-bot-mjolnir.service installation - name: Ensure systemd reloaded after matrix-bot-mjolnir.service installation
service: service:
daemon_reload: yes daemon_reload: true
when: "matrix_bot_mjolnir_systemd_service_result.changed|bool" when: "matrix_bot_mjolnir_systemd_service_result.changed|bool"
- name: Ensure matrix-bot-mjolnir.service restarted, if necessary - name: Ensure matrix-bot-mjolnir.service restarted, if necessary

View File

@ -9,8 +9,8 @@
service: service:
name: matrix-bot-mjolnir name: matrix-bot-mjolnir
state: stopped state: stopped
enabled: no enabled: false
daemon_reload: yes daemon_reload: true
register: stopping_result register: stopping_result
when: "matrix_bot_mjolnir_service_stat.stat.exists|bool" when: "matrix_bot_mjolnir_service_stat.stat.exists|bool"
@ -22,7 +22,7 @@
- name: Ensure systemd reloaded after matrix-bot-mjolnir.service removal - name: Ensure systemd reloaded after matrix-bot-mjolnir.service removal
service: service:
daemon_reload: yes daemon_reload: true
when: "matrix_bot_mjolnir_service_stat.stat.exists|bool" when: "matrix_bot_mjolnir_service_stat.stat.exists|bool"
- name: Ensure matrix-bot-mjolnir paths don't exist - name: Ensure matrix-bot-mjolnir paths don't exist

View File

@ -1,3 +1,4 @@
---
# matrix-appservice-discord is a Matrix <-> Discord bridge # matrix-appservice-discord is a Matrix <-> Discord bridge
# See: https://github.com/Half-Shot/matrix-appservice-discord # See: https://github.com/Half-Shot/matrix-appservice-discord

View File

@ -1,3 +1,4 @@
---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases. # We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed - name: Fail if matrix-synapse role already executed

View File

@ -1,3 +1,5 @@
---
- import_tasks: "{{ role_path }}/tasks/init.yml" - import_tasks: "{{ role_path }}/tasks/init.yml"
tags: tags:
- always - always

View File

@ -54,8 +54,8 @@
service: service:
name: matrix-appservice-discord name: matrix-appservice-discord
state: stopped state: stopped
enabled: no enabled: false
daemon_reload: yes daemon_reload: true
failed_when: false failed_when: false
when: "matrix_appservice_discord_stat_db.stat.exists" when: "matrix_appservice_discord_stat_db.stat.exists"
@ -105,7 +105,7 @@
- name: Ensure systemd reloaded after matrix-appservice-discord.service installation - name: Ensure systemd reloaded after matrix-appservice-discord.service installation
service: service:
daemon_reload: yes daemon_reload: true
when: "matrix_appservice_discord_systemd_service_result.changed" when: "matrix_appservice_discord_systemd_service_result.changed"
- name: Ensure matrix-appservice-discord.service restarted, if necessary - name: Ensure matrix-appservice-discord.service restarted, if necessary

View File

@ -9,8 +9,8 @@
service: service:
name: matrix-appservice-discord name: matrix-appservice-discord
state: stopped state: stopped
enabled: no enabled: false
daemon_reload: yes daemon_reload: true
when: "matrix_appservice_discord_service_stat.stat.exists" when: "matrix_appservice_discord_service_stat.stat.exists"
- name: Ensure matrix-appservice-discord.service doesn't exist - name: Ensure matrix-appservice-discord.service doesn't exist
@ -21,5 +21,5 @@
- name: Ensure systemd reloaded after matrix-appservice-discord.service removal - name: Ensure systemd reloaded after matrix-appservice-discord.service removal
service: service:
daemon_reload: yes daemon_reload: true
when: "matrix_appservice_discord_service_stat.stat.exists" when: "matrix_appservice_discord_service_stat.stat.exists"

View File

@ -1,3 +1,4 @@
---
# Matrix Appservice IRC is a Matrix <-> IRC bridge # Matrix Appservice IRC is a Matrix <-> IRC bridge
# See: https://github.com/matrix-org/matrix-appservice-irc # See: https://github.com/matrix-org/matrix-appservice-irc

View File

@ -1,3 +1,4 @@
---
# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
- name: Fail if trying to self-build on Ansible < 2.8 - name: Fail if trying to self-build on Ansible < 2.8

View File

@ -1,3 +1,5 @@
---
- import_tasks: "{{ role_path }}/tasks/init.yml" - import_tasks: "{{ role_path }}/tasks/init.yml"
tags: tags:
- always - always

View File

@ -1,3 +1,5 @@
---
- name: Fail if Postgres not enabled - name: Fail if Postgres not enabled
fail: fail:
msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot migrate." msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot migrate."
@ -16,7 +18,7 @@
service: service:
name: matrix-postgres name: matrix-postgres
state: started state: started
daemon_reload: yes daemon_reload: true
register: matrix_postgres_service_start_result register: matrix_postgres_service_start_result
- name: Wait a bit, so that Postgres can start - name: Wait a bit, so that Postgres can start

View File

@ -10,10 +10,10 @@
owner: "{{ matrix_user_username }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}" group: "{{ matrix_user_groupname }}"
with_items: with_items:
- { path: "{{ matrix_appservice_irc_base_path }}", when: true } - {path: "{{ matrix_appservice_irc_base_path }}", when: true}
- { path: "{{ matrix_appservice_irc_config_path }}", when: true } - {path: "{{ matrix_appservice_irc_config_path }}", when: true}
- { path: "{{ matrix_appservice_irc_data_path }}", when: true } - {path: "{{ matrix_appservice_irc_data_path }}", when: true}
- { path: "{{ matrix_appservice_irc_docker_src_files_path }}", when: "{{ matrix_appservice_irc_container_image_self_build }}" } - {path: "{{ matrix_appservice_irc_docker_src_files_path }}", when: "{{ matrix_appservice_irc_container_image_self_build }}"}
when: item.when|bool when: item.when|bool
- name: Check if an old passkey file already exists - name: Check if an old passkey file already exists
@ -26,7 +26,7 @@
service: service:
name: matrix-appservice-irc name: matrix-appservice-irc
state: stopped state: stopped
daemon_reload: yes daemon_reload: true
failed_when: false failed_when: false
- name: (Data relocation) Move AppService IRC passkey.pem file to ./data directory - name: (Data relocation) Move AppService IRC passkey.pem file to ./data directory
@ -82,7 +82,7 @@
build: build:
dockerfile: Dockerfile dockerfile: Dockerfile
path: "{{ matrix_appservice_irc_docker_src_files_path }}" path: "{{ matrix_appservice_irc_docker_src_files_path }}"
pull: yes pull: true
when: "matrix_appservice_irc_enabled|bool and matrix_appservice_irc_container_image_self_build|bool and matrix_appservice_irc_git_pull_results.changed" when: "matrix_appservice_irc_enabled|bool and matrix_appservice_irc_container_image_self_build|bool and matrix_appservice_irc_git_pull_results.changed"
- name: Ensure Matrix Appservice IRC config installed - name: Ensure Matrix Appservice IRC config installed
@ -186,7 +186,7 @@
- name: Ensure systemd reloaded after matrix-appservice-irc.service installation - name: Ensure systemd reloaded after matrix-appservice-irc.service installation
service: service:
daemon_reload: yes daemon_reload: true
when: "matrix_appservice_irc_systemd_service_result.changed" when: "matrix_appservice_irc_systemd_service_result.changed"
- name: Ensure matrix-appservice-irc.service restarted, if necessary - name: Ensure matrix-appservice-irc.service restarted, if necessary

View File

@ -9,8 +9,8 @@
service: service:
name: matrix-appservice-irc name: matrix-appservice-irc
state: stopped state: stopped
enabled: no enabled: false
daemon_reload: yes daemon_reload: true
when: "matrix_appservice_irc_service_stat.stat.exists" when: "matrix_appservice_irc_service_stat.stat.exists"
- name: Ensure matrix-appservice-irc.service doesn't exist - name: Ensure matrix-appservice-irc.service doesn't exist
@ -21,5 +21,5 @@
- name: Ensure systemd reloaded after matrix-appservice-irc.service removal - name: Ensure systemd reloaded after matrix-appservice-irc.service removal
service: service:
daemon_reload: yes daemon_reload: true
when: "matrix_appservice_irc_service_stat.stat.exists" when: "matrix_appservice_irc_service_stat.stat.exists"

View File

@ -1,3 +1,4 @@
---
# matrix-appservice-slack is a Matrix <-> Slack bridge # matrix-appservice-slack is a Matrix <-> Slack bridge
# See: https://github.com/matrix-org/matrix-appservice-slack # See: https://github.com/matrix-org/matrix-appservice-slack

View File

@ -1,3 +1,4 @@
---
# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070 # See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407 # and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
- name: Fail if trying to self-build on Ansible < 2.8 - name: Fail if trying to self-build on Ansible < 2.8

View File

@ -1,3 +1,5 @@
---
- import_tasks: "{{ role_path }}/tasks/init.yml" - import_tasks: "{{ role_path }}/tasks/init.yml"
tags: tags:
- always - always

View File

@ -1,3 +1,5 @@
---
- name: Fail if Postgres not enabled - name: Fail if Postgres not enabled
fail: fail:
msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot migrate." msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot migrate."
@ -16,7 +18,7 @@
service: service:
name: matrix-postgres name: matrix-postgres
state: started state: started
daemon_reload: yes daemon_reload: true
register: matrix_postgres_service_start_result register: matrix_postgres_service_start_result
- name: Wait a bit, so that Postgres can start - name: Wait a bit, so that Postgres can start

View File

@ -8,10 +8,10 @@
owner: "{{ matrix_user_username }}" owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}" group: "{{ matrix_user_groupname }}"
with_items: with_items:
- { path: "{{ matrix_appservice_slack_base_path }}", when: true } - {path: "{{ matrix_appservice_slack_base_path }}", when: true}
- { path: "{{ matrix_appservice_slack_config_path }}", when: true } - {path: "{{ matrix_appservice_slack_config_path }}", when: true}
- { path: "{{ matrix_appservice_slack_data_path }}", when: true } - {path: "{{ matrix_appservice_slack_data_path }}", when: true}
- { path: "{{ matrix_appservice_slack_docker_src_files_path }}", when: "{{ matrix_appservice_slack_container_image_self_build }}" } - {path: "{{ matrix_appservice_slack_docker_src_files_path }}", when: "{{ matrix_appservice_slack_container_image_self_build }}"}
when: item.when|bool when: item.when|bool
- set_fact: - set_fact:
@ -56,7 +56,7 @@
build: build:
dockerfile: Dockerfile dockerfile: Dockerfile
path: "{{ matrix_appservice_slack_docker_src_files_path }}" path: "{{ matrix_appservice_slack_docker_src_files_path }}"
pull: yes pull: true
when: "matrix_appservice_slack_container_image_self_build|bool and matrix_appservice_slack_git_pull_results.changed" when: "matrix_appservice_slack_container_image_self_build|bool and matrix_appservice_slack_git_pull_results.changed"
- name: Ensure Matrix Appservice Slack config installed - name: Ensure Matrix Appservice Slack config installed
@ -84,7 +84,7 @@
- name: Ensure systemd reloaded after matrix-appservice-slack.service installation - name: Ensure systemd reloaded after matrix-appservice-slack.service installation
service: service:
daemon_reload: yes daemon_reload: true
when: "matrix_appservice_slack_systemd_service_result.changed" when: "matrix_appservice_slack_systemd_service_result.changed"
- name: Ensure matrix-appservice-slack.service restarted, if necessary - name: Ensure matrix-appservice-slack.service restarted, if necessary

View File

@ -9,8 +9,8 @@
service: service:
name: matrix-appservice-slack name: matrix-appservice-slack
state: stopped state: stopped
enabled: no enabled: false
daemon_reload: yes daemon_reload: true
when: "matrix_appservice_slack_service_stat.stat.exists" when: "matrix_appservice_slack_service_stat.stat.exists"
- name: Ensure matrix-appservice-slack.service doesn't exist - name: Ensure matrix-appservice-slack.service doesn't exist
@ -21,5 +21,5 @@
- name: Ensure systemd reloaded after matrix-appservice-slack.service removal - name: Ensure systemd reloaded after matrix-appservice-slack.service removal
service: service:
daemon_reload: yes daemon_reload: true
when: "matrix_appservice_slack_service_stat.stat.exists" when: "matrix_appservice_slack_service_stat.stat.exists"

View File

@ -1,3 +1,4 @@
---
# matrix-appservice-webhooks is a Matrix <-> webhook bridge # matrix-appservice-webhooks is a Matrix <-> webhook bridge
# See: https://github.com/redoonetworks/matrix-appservice-webhooks # See: https://github.com/redoonetworks/matrix-appservice-webhooks

View File

@ -1,3 +1,4 @@
---
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist. # If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
# We don't want to fail in such cases. # We don't want to fail in such cases.
- name: Fail if matrix-synapse role already executed - name: Fail if matrix-synapse role already executed

View File

@ -1,3 +1,5 @@
---
- import_tasks: "{{ role_path }}/tasks/init.yml" - import_tasks: "{{ role_path }}/tasks/init.yml"
tags: tags:
- always - always

Some files were not shown because too many files have changed in this diff Show More