Compare commits
74 Commits
55a57de93e
...
f3553dd154
Author | SHA1 | Date | |
---|---|---|---|
f3553dd154 | |||
1755867a2d | |||
3854c3ab86 | |||
|
87c9ea0dc6 | ||
|
d714ee624b | ||
|
c640799864 | ||
|
dae5240b0c | ||
|
46f74c3ac0 | ||
|
ef7acce94b | ||
|
eca7c277b4 | ||
|
0e6781fba1 | ||
|
389f96b45b | ||
|
28df88643a | ||
|
22b82001d6 | ||
|
8ca98582ef | ||
|
f22b6e6e95 | ||
|
b8f6f6a51a | ||
|
7f4d7444a3 | ||
|
728123b9ab | ||
|
e53cc026d0 | ||
|
0f251a2104 | ||
|
5b96dd609b | ||
|
a4ba2ba601 | ||
|
906f192cf3 | ||
|
b711189e47 | ||
|
31d3706166 | ||
|
6089c8b47b | ||
|
cb5a8e8736 | ||
|
b9bc2c4eb7 | ||
|
a6e766a06a | ||
|
2f722e8625 | ||
|
fe389bd11a | ||
|
0d4d476cd8 | ||
|
f0e30c76f3 | ||
|
c7885e85aa | ||
|
6b4afd1051 | ||
|
1ed46f0a86 | ||
|
8b3fad45f9 | ||
|
241e21c702 | ||
|
f0ab2ec506 | ||
|
cfba9b2cf5 | ||
|
5eeb0156b1 | ||
|
fb4c6961e9 | ||
|
f44ca0c7c2 | ||
|
c8d924147c | ||
|
cc412dfffe | ||
|
85c66a944f | ||
|
0ce68b1ca5 | ||
|
5a69c899a3 | ||
|
fa9b69e213 | ||
|
e2e5db3b89 | ||
|
6c47b447e3 | ||
|
b7df6ceebb | ||
|
6576d4596e | ||
|
a24f7626bd | ||
|
7330992b20 | ||
|
e09694f5ef | ||
|
3ad454e06d | ||
|
43a7cd2efc | ||
|
e0df99a7de | ||
|
f92e6ad7b9 | ||
|
156a03d93d | ||
|
94c9780f7a | ||
|
5addb889b1 | ||
|
d27e623c71 | ||
|
8e8bf55e15 | ||
|
902b40fa1b | ||
|
de025425b5 | ||
|
819574b8ba | ||
|
8de4e061e1 | ||
|
7e5b88c3b7 | ||
|
ad8d4740a7 | ||
|
3001b2d32d | ||
|
a1cbd5459c |
1
.github/FUNDING.yml
vendored
1
.github/FUNDING.yml
vendored
@ -1,3 +1,4 @@
|
|||||||
|
---
|
||||||
# These are supported funding model platforms
|
# These are supported funding model platforms
|
||||||
|
|
||||||
# https://liberapay.com/s.pantaleev/
|
# https://liberapay.com/s.pantaleev/
|
||||||
|
7
.github/dependabot.yaml
vendored
Normal file
7
.github/dependabot.yaml
vendored
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
version: 2
|
||||||
|
updates:
|
||||||
|
- package-ecosystem: "github-actions"
|
||||||
|
directory: "/"
|
||||||
|
schedule:
|
||||||
|
interval: daily
|
16
.github/workflows/matrix.yml
vendored
Normal file
16
.github/workflows/matrix.yml
vendored
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
---
|
||||||
|
name: Matrix CI
|
||||||
|
|
||||||
|
on: # yamllint disable-line rule:truthy
|
||||||
|
push:
|
||||||
|
pull_request:
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
yamllint:
|
||||||
|
name: 🧹 yamllint
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: ⤵️ Check out configuration from GitHub
|
||||||
|
uses: actions/checkout@v2.4.0
|
||||||
|
- name: 🚀 Run yamllint
|
||||||
|
uses: frenck/action-yamllint@v1.1.2
|
4
.gitignore
vendored
4
.gitignore
vendored
@ -1,7 +1,3 @@
|
|||||||
/inventory/*
|
|
||||||
!/inventory/.gitkeep
|
|
||||||
!/inventory/host_vars/.gitkeep
|
|
||||||
!/inventory/scripts
|
|
||||||
/roles/*/files/scratchpad
|
/roles/*/files/scratchpad
|
||||||
.DS_Store
|
.DS_Store
|
||||||
.python-version
|
.python-version
|
||||||
|
8
.yamllint
Normal file
8
.yamllint
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
extends: default
|
||||||
|
|
||||||
|
ignore: |
|
||||||
|
roles/matrix-synapse/vars/workers.yml
|
||||||
|
|
||||||
|
rules:
|
||||||
|
line-length: disable
|
@ -1,3 +1,12 @@
|
|||||||
|
# 2022-02-12
|
||||||
|
|
||||||
|
## matrix_encryption_disabler support
|
||||||
|
|
||||||
|
We now support installing the [matrix_encryption_disabler](https://github.com/digitalentity/matrix_encryption_disabler) Synapse module, which lets you prevent End-to-End-Encryption from being enabled by users on your homeserver. The popular opinion is that this is dangerous and shouldn't be done, but there are valid use cases for disabling encryption discussed [here](https://github.com/matrix-org/synapse/issues/4401).
|
||||||
|
|
||||||
|
To enable this module (and prevent encryption from being used on your homserver), add `matrix_synapse_ext_encryption_disabler_enabled: true` to your configuration. This module provides further customization. Check its other configuration settings (and defaults) in `roles/matrix-synapse/defaults/main.yml`.
|
||||||
|
|
||||||
|
|
||||||
# 2022-02-01
|
# 2022-02-01
|
||||||
|
|
||||||
## matrix-hookshot bridging support
|
## matrix-hookshot bridging support
|
||||||
|
@ -1,6 +1,11 @@
|
|||||||
[defaults]
|
[defaults]
|
||||||
|
|
||||||
|
vault_password_file = gpg/open_vault.sh
|
||||||
|
|
||||||
retry_files_enabled = False
|
retry_files_enabled = False
|
||||||
stdout_callback = yaml
|
stdout_callback = yaml
|
||||||
|
|
||||||
|
inventory = inventory/hosts
|
||||||
|
|
||||||
[connection]
|
[connection]
|
||||||
pipelining = True
|
pipelining = True
|
||||||
|
@ -47,3 +47,20 @@ matrix_synapse_federation_port_enabled: false
|
|||||||
# This removes the `8448` virtual host from the matrix-nginx-proxy reverse-proxy server.
|
# This removes the `8448` virtual host from the matrix-nginx-proxy reverse-proxy server.
|
||||||
matrix_nginx_proxy_proxy_matrix_federation_api_enabled: false
|
matrix_nginx_proxy_proxy_matrix_federation_api_enabled: false
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Changing the federation port from 8448 to a different port to use a CDN that only accepts 443/80 ports
|
||||||
|
|
||||||
|
Why? This change could be useful for people running small Synapse instances on small severs/VPSes to avoid being impacted by a simple DOS/DDOS when bandwidth, RAM, an CPU resources are limited and if your hosting provider does not provide a DOS/DDOS protection.
|
||||||
|
|
||||||
|
The following changes in the configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`) will allow this and make it possible to proxy the federation through a CDN such as CloudFlare or any other:
|
||||||
|
|
||||||
|
```
|
||||||
|
matrix_synapse_http_listener_resource_names: ["client","federation"]
|
||||||
|
# Any port can be used but in this case we use 443
|
||||||
|
matrix_federation_public_port: 443
|
||||||
|
matrix_synapse_federation_port_enabled: false
|
||||||
|
# Note that the following change might not be "required per se" but probably will be due to the proxying of the traffic through the CDN proxy servers (CloudFlare for instance). The security impact of doing this should be minimal as your CDN itself will encrypt the traffic no matter what on their proxy servers. You could however first try and see if federation works while setting the following to true.
|
||||||
|
matrix_synapse_tls_federation_listener_enabled: false
|
||||||
|
```
|
||||||
|
|
||||||
|
**Use this at you own risk as all the possible side-effects of doing this are not fully known. However, it has been tested and works fine and passes all the tests on <https://federationtester.matrix.org/> without issues.**
|
||||||
|
@ -67,8 +67,13 @@ By default, it obtains certificates for:
|
|||||||
- `matrix.<your-domain>` (`matrix_server_fqn_matrix`)
|
- `matrix.<your-domain>` (`matrix_server_fqn_matrix`)
|
||||||
- possibly for `element.<your-domain>`, unless you have disabled the [Element client component](configuring-playbook-client-element.md) using `matrix_client_element_enabled: false`
|
- possibly for `element.<your-domain>`, unless you have disabled the [Element client component](configuring-playbook-client-element.md) using `matrix_client_element_enabled: false`
|
||||||
- possibly for `riot.<your-domain>`, if you have explicitly enabled Riot to Element redirection (for background compatibility) using `matrix_nginx_proxy_proxy_riot_compat_redirect_enabled: true`
|
- possibly for `riot.<your-domain>`, if you have explicitly enabled Riot to Element redirection (for background compatibility) using `matrix_nginx_proxy_proxy_riot_compat_redirect_enabled: true`
|
||||||
|
- possibly for `hydrogen.<your-domain>`, if you have explicitly [set up Hydrogen client](configuring-playbook-client-hydrogen.md).
|
||||||
|
- possibly for `cinny.<your-domain>`, if you have explicitly [set up Cinny client](configuring-playbook-client-cinny.md).
|
||||||
- possibly for `dimension.<your-domain>`, if you have explicitly [set up Dimension](configuring-playbook-dimension.md).
|
- possibly for `dimension.<your-domain>`, if you have explicitly [set up Dimension](configuring-playbook-dimension.md).
|
||||||
|
- possibly for `goneb.<your-domain>`, if you have explicitly [set up Go-NEB bot](configuring-playbook-bot-go-neb.md).
|
||||||
- possibly for `jitsi.<your-domain>`, if you have explicitly [set up Jitsi](configuring-playbook-jitsi.md).
|
- possibly for `jitsi.<your-domain>`, if you have explicitly [set up Jitsi](configuring-playbook-jitsi.md).
|
||||||
|
- possibly for `stats.<your-domain>`, if you have explicitly [set up Grafana](configuring-playbook-prometheus-grafana.md).
|
||||||
|
- possibly for `sygnal.<your-domain>`, if you have explicitly [set up Sygnal](configuring-playbook-sygnal.md).
|
||||||
- possibly for your base domain (`<your-domain>`), if you have explicitly configured [Serving the base domain](configuring-playbook-base-domain-serving.md)
|
- possibly for your base domain (`<your-domain>`), if you have explicitly configured [Serving the base domain](configuring-playbook-base-domain-serving.md)
|
||||||
|
|
||||||
If you are hosting other domains on the Matrix machine, you can make the playbook obtain and renew certificates for those other domains too.
|
If you are hosting other domains on the Matrix machine, you can make the playbook obtain and renew certificates for those other domains too.
|
||||||
|
@ -226,7 +226,7 @@ Using a separate domain name is easier to manage (although it's a little hard to
|
|||||||
|
|
||||||
We allow `matrix.DOMAIN` to be the Matrix server handling Matrix stuff for `DOMAIN` by [Server Delegation](howto-server-delegation.md). During the installation procedure, we recommend that you set up server delegation using the [.well-known](configuring-well-known.md) method.
|
We allow `matrix.DOMAIN` to be the Matrix server handling Matrix stuff for `DOMAIN` by [Server Delegation](howto-server-delegation.md). During the installation procedure, we recommend that you set up server delegation using the [.well-known](configuring-well-known.md) method.
|
||||||
|
|
||||||
If you'd really like to install Matrix services directly on the base domain, see [How do I install on matrix.DOMAIN without involving the base DOMAIN?](#how-do-i-install-on-matrixdomain-without-involving-the-base-domain).
|
If you'd really like to install Matrix services directly on the base domain, see [How do I install on matrix.DOMAIN without involving the base DOMAIN?](#how-do-i-install-on-matrixdomain-without-involving-the-base-domain)
|
||||||
|
|
||||||
### I don't control anything on the base domain and can't set up delegation to matrix.DOMAIN. What do I do?
|
### I don't control anything on the base domain and can't set up delegation to matrix.DOMAIN. What do I do?
|
||||||
|
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
---
|
||||||
version: '3'
|
version: '3'
|
||||||
services:
|
services:
|
||||||
nginx:
|
nginx:
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
---
|
||||||
# The bare domain name which represents your Matrix identity.
|
# The bare domain name which represents your Matrix identity.
|
||||||
# Matrix user ids for your server will be of the form (`@user:<matrix-domain>`).
|
# Matrix user ids for your server will be of the form (`@user:<matrix-domain>`).
|
||||||
#
|
#
|
||||||
|
5
gpg/open_vault.sh
Executable file
5
gpg/open_vault.sh
Executable file
@ -0,0 +1,5 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -e -u
|
||||||
|
|
||||||
|
gpg2 --batch --use-agent --decrypt $(dirname $0)/vault_passphrase.gpg 2>/dev/null
|
18
gpg/vault_passphrase.gpg
Normal file
18
gpg/vault_passphrase.gpg
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAxEs7W/4x4lxARAAssinIzR2rGs+Qkm0Q2tRdSXSXRx3OhH+2T5p0Rz3YkqU
|
||||||
|
iyiUtyT/Ll7RMUAlAEDZITvirXe4ZZImDcxQegEzFgO7BowQYJDRdhaRmLKZpiuQ
|
||||||
|
foRnJAAR12sf49arjJjaBQb91ViOp5MkxAtXiiqWyXwSSII+cV88flMq143cFmfC
|
||||||
|
C5OdIQd3SqrbFhGRTjUzoIMqnJH8xksjwph9GS811dY14rQv5X1Ybt5zehMJ7/m/
|
||||||
|
luLNg2zgQgYOUxcovddCVMI54ThXyDubDox/5xLvVjyVOFHgwC/VLn+QXHuPY/r5
|
||||||
|
+rVzz/30eq0uOLKD3LnDBQskCWRVWGC2ulKaZtlylBq6KRzIM6c6+VPSHCjoFyES
|
||||||
|
RRpRHeIXGLs31eLkr8dc+VNbPKpMsjm/E/4ZVE2JBpy7S/kh1XYVQxT6ahDKT1tD
|
||||||
|
4YN9O0JyNXzjiyNaTTLwNGh5+ICEd3ZCfa4O/og2LySGPOw6mX8ukgP029LHVp6+
|
||||||
|
0tRwSWiIM3US/NIVGA+o9e9I/I5Bp/cnzJgd7faUIlzcVPP+euCbo4GsYWpX3Nca
|
||||||
|
eRcr7AVY3wwuZtl7/s8KbQKk0ulLxS4Lo2XmdpQl8CPGwASdbMf/H8B256+xiUQ3
|
||||||
|
ml400ZaCC7Loeduwl1ez1H/dFFzmpUziaxxtWW4aFtOUYhGeSCTu6ZIgxVq3eBnS
|
||||||
|
jAGv8bt+0Xnrpih3mZWM92cw2VKfzYD9WG+dCB4DtZMKhl1ub2bkeTC/B9F+QuP6
|
||||||
|
anlonYHs2wmPXzjcx8ajonbYrYXanoNRHDId6OqVAbjYqbua6TG6H9LUFweIj1RV
|
||||||
|
yhUPejzhA8xEB0nUcKJZKLvuqvwPbr06GODnAKY5TQ4yILMAnBx0pNzfQNzo
|
||||||
|
=Cecg
|
||||||
|
-----END PGP MESSAGE-----
|
@ -1128,8 +1128,6 @@ matrix_corporal_matrix_registration_shared_secret: "{{ matrix_synapse_registrati
|
|||||||
#
|
#
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
# matrix-coturn
|
# matrix-coturn
|
||||||
@ -1164,8 +1162,6 @@ matrix_coturn_container_additional_volumes: |
|
|||||||
#
|
#
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
# matrix-dimension
|
# matrix-dimension
|
||||||
@ -1243,8 +1239,6 @@ matrix_dynamic_dns_enabled: false
|
|||||||
#
|
#
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
# matrix-email2matrix
|
# matrix-email2matrix
|
||||||
@ -1261,8 +1255,6 @@ matrix_email2matrix_container_image_self_build: "{{ matrix_architecture not in [
|
|||||||
#
|
#
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
# matrix-jitsi
|
# matrix-jitsi
|
||||||
@ -1307,8 +1299,6 @@ matrix_jitsi_etherpad_base: "{{ matrix_etherpad_base_url if matrix_etherpad_enab
|
|||||||
#
|
#
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
# matrix-mailer
|
# matrix-mailer
|
||||||
@ -1328,8 +1318,6 @@ matrix_mailer_container_image_self_build: "{{ matrix_architecture not in ['amd64
|
|||||||
#
|
#
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
# matrix-ma1sd
|
# matrix-ma1sd
|
||||||
@ -1393,8 +1381,6 @@ matrix_ma1sd_database_password: "{{ '%s' | format(matrix_homeserver_generic_secr
|
|||||||
#
|
#
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
# matrix-nginx-proxy
|
# matrix-nginx-proxy
|
||||||
@ -1570,8 +1556,6 @@ matrix_ssl_pre_obtaining_required_service_name: "{{ 'matrix-dynamic-dns' if matr
|
|||||||
#
|
#
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
# matrix-postgres
|
# matrix-postgres
|
||||||
@ -1820,8 +1804,6 @@ matrix_postgres_import_databases_to_ignore: |
|
|||||||
#
|
#
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
# matrix-sygnal
|
# matrix-sygnal
|
||||||
@ -1842,8 +1824,6 @@ matrix_sygnal_container_http_host_bind_port: "{{ '' if matrix_nginx_proxy_enable
|
|||||||
#
|
#
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
# matrix-redis
|
# matrix-redis
|
||||||
@ -1858,8 +1838,6 @@ matrix_redis_enabled: "{{ matrix_synapse_workers_enabled }}"
|
|||||||
#
|
#
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
# matrix-client-element
|
# matrix-client-element
|
||||||
@ -1907,8 +1885,6 @@ matrix_client_element_jitsi_preferredDomain: "{{ matrix_server_fqn_jitsi if matr
|
|||||||
#
|
#
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
# matrix-client-hydrogen
|
# matrix-client-hydrogen
|
||||||
@ -1932,8 +1908,6 @@ matrix_client_hydrogen_self_check_validate_certificates: "{{ false if matrix_ssl
|
|||||||
#
|
#
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
# matrix-client-cinny
|
# matrix-client-cinny
|
||||||
@ -1959,8 +1933,6 @@ matrix_client_cinny_self_check_validate_certificates: "{{ false if matrix_ssl_re
|
|||||||
#
|
#
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
# matrix-synapse
|
# matrix-synapse
|
||||||
@ -2071,8 +2043,6 @@ matrix_synapse_redis_password: "{{ matrix_redis_connection_password if matrix_re
|
|||||||
#
|
#
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
# matrix-synapse-admin
|
# matrix-synapse-admin
|
||||||
@ -2094,8 +2064,6 @@ matrix_synapse_admin_container_image_self_build: "{{ matrix_architecture != 'amd
|
|||||||
#
|
#
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
# matrix-prometheus-node-exporter
|
# matrix-prometheus-node-exporter
|
||||||
@ -2110,8 +2078,6 @@ matrix_prometheus_node_exporter_enabled: false
|
|||||||
#
|
#
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
# matrix-prometheus
|
# matrix-prometheus
|
||||||
@ -2145,7 +2111,6 @@ matrix_prometheus_scraper_hookshot_targets: "{{ [matrix_hookshot_container_url|s
|
|||||||
#
|
#
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
# matrix-prometheus-postgres-exporter
|
# matrix-prometheus-postgres-exporter
|
||||||
@ -2201,8 +2166,6 @@ matrix_grafana_systemd_wanted_services_list: |
|
|||||||
#
|
#
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
# matrix-registration
|
# matrix-registration
|
||||||
|
339
inventory/host_vars/matrix.finallycoffee.eu/vars.yml
Normal file
339
inventory/host_vars/matrix.finallycoffee.eu/vars.yml
Normal file
@ -0,0 +1,339 @@
|
|||||||
|
#
|
||||||
|
# General config
|
||||||
|
# Domain of the matrix server and SSL config
|
||||||
|
#
|
||||||
|
matrix_domain: finallycoffee.eu
|
||||||
|
matrix_ssl_retrieval_method: none
|
||||||
|
matrix_nginx_proxy_enabled: false
|
||||||
|
matrix_base_data_path: "{{ vault_matrix_base_data_path }}"
|
||||||
|
matrix_server_fqn_element: "chat.{{ matrix_domain }}"
|
||||||
|
|
||||||
|
web_user: "web"
|
||||||
|
revproxy_autoload_dir: "/vault/services/web/sites.d"
|
||||||
|
|
||||||
|
#matrix_client_element_version: v1.8.4
|
||||||
|
#matrix_synapse_docker_image: "{{ matrix_synapse_docker_image_name_prefix }}matrixdotorg/synapse:v1.37.1"
|
||||||
|
#matrix_mautrix_telegram_version: v0.10.0
|
||||||
|
|
||||||
|
#
|
||||||
|
# General Synapse config
|
||||||
|
#
|
||||||
|
matrix_postgres_connection_password: "{{ vault_matrix_postgres_connection_password }}"
|
||||||
|
# A secret used to protect access keys issued by the server.
|
||||||
|
matrix_homeserver_generic_secret_key: "{{ vault_homeserver_generic_secret_key }}"
|
||||||
|
# Make synapse accept larger media aswell
|
||||||
|
matrix_synapse_max_upload_size_mb: 100
|
||||||
|
# Enable metrics at (default) :9100/_synapse/metrics
|
||||||
|
matrix_synapse_metrics_enabled: true
|
||||||
|
matrix_synapse_enable_group_creation: true
|
||||||
|
matrix_synapse_turn_shared_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
|
||||||
|
matrix_synapse_turn_uris:
|
||||||
|
- "turns:voip.matrix.finallycoffee.eu?transport=udp"
|
||||||
|
- "turns:voip.matrix.finallycoffee.eu?transport=tcp"
|
||||||
|
# Auto-join all users into those rooms
|
||||||
|
matrix_synapse_auto_join_rooms:
|
||||||
|
- "#welcome:finallycoffee.eu"
|
||||||
|
- "#announcements:finallycoffee.eu"
|
||||||
|
|
||||||
|
## Synapse rate limits
|
||||||
|
matrix_synapse_rc_federation:
|
||||||
|
window_size: 1000
|
||||||
|
sleep_limit: 25
|
||||||
|
sleep_delay: 500
|
||||||
|
reject_limit: 50
|
||||||
|
concurrent: 5
|
||||||
|
matrix_synapse_rc_message:
|
||||||
|
per_second: 0.5
|
||||||
|
burst_count: 25
|
||||||
|
|
||||||
|
## Synapse cache tuning
|
||||||
|
matrix_synapse_caches_global_factor: 0.7
|
||||||
|
matrix_synapse_event_cache_size: "200K"
|
||||||
|
|
||||||
|
## Synapse workers
|
||||||
|
matrix_synapse_workers_enabled: true
|
||||||
|
matrix_synapse_workers_preset: "little-federation-helper"
|
||||||
|
matrix_synapse_workers_generic_worker_client_server_count: 0
|
||||||
|
matrix_synapse_workers_media_repository_workers_count: 0
|
||||||
|
matrix_synapse_workers_federation_sender_workers_count: 1
|
||||||
|
matrix_synapse_workers_pusher_workers_count: 0
|
||||||
|
matrix_synapse_workers_appservice_workers_count: 1
|
||||||
|
|
||||||
|
# Static secret auth for matrix-synapse-shared-secret-auth
|
||||||
|
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
|
||||||
|
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: "{{ vault_matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
|
||||||
|
matrix_synapse_ext_password_provider_rest_auth_enabled: true
|
||||||
|
matrix_synapse_ext_password_provider_rest_auth_endpoint: "http://matrix-ma1sd:8090"
|
||||||
|
matrix_synapse_ext_password_provider_rest_auth_registration_enforce_lowercase: false
|
||||||
|
matrix_synapse_ext_password_provider_rest_auth_registration_profile_name_autofill: true
|
||||||
|
matrix_synapse_ext_password_provider_rest_auth_login_profile_name_autofill: false
|
||||||
|
|
||||||
|
# Enable experimental spaces support
|
||||||
|
matrix_synapse_configuration_extension_yaml: |
|
||||||
|
experimental_features:
|
||||||
|
spaces_enabled: true
|
||||||
|
|
||||||
|
#
|
||||||
|
# synapse-admin tool
|
||||||
|
#
|
||||||
|
matrix_synapse_admin_enabled: true
|
||||||
|
matrix_synapse_admin_container_http_host_bind_port: 8985
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# VoIP / CoTURN config
|
||||||
|
#
|
||||||
|
# A shared secret (between Synapse and Coturn) used for authentication.
|
||||||
|
matrix_coturn_turn_static_auth_secret: "{{ vault_matrix_coturn_turn_static_auth_secret }}"
|
||||||
|
# Disable coturn, as we use own instance
|
||||||
|
matrix_coturn_enabled: false
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# dimension (integration manager) config
|
||||||
|
#
|
||||||
|
matrix_dimension_enabled: true
|
||||||
|
matrix_dimension_admins: "{{ vault_matrix_dimension_admins }}"
|
||||||
|
matrix_server_fqn_dimension: "dimension.matrix.{{ matrix_domain }}"
|
||||||
|
matrix_dimension_access_token: "{{ vault_matrix_dimension_access_token }}"
|
||||||
|
matrix_dimension_configuration_extension_yaml: |
|
||||||
|
telegram:
|
||||||
|
botToken: "{{ vault_matrix_dimension_configuration_telegram_bot_token }}"
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# mautrix-whatsapp config
|
||||||
|
#
|
||||||
|
matrix_mautrix_whatsapp_enabled: true
|
||||||
|
matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port: 9402
|
||||||
|
matrix_mautrix_whatsapp_container_extra_arguments:
|
||||||
|
- "-p 127.0.0.1:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}"
|
||||||
|
matrix_mautrix_whatsapp_configuration_extension_yaml: |
|
||||||
|
bridge:
|
||||||
|
displayname_template: "{% raw %}{{.Name}} ({{if .Notify}}{{.Notify}}{{else}}{{.Jid}}{{end}}) (via WhatsApp){% endraw %}"
|
||||||
|
max_connection_attempts: 5
|
||||||
|
connection_timeout: 30
|
||||||
|
contact_wait_delay: 5
|
||||||
|
private_chat_portal_meta: true
|
||||||
|
login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
|
||||||
|
logging:
|
||||||
|
print_level: info
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
listen: 0.0.0.0:{{ matrix_mautrix_whatsapp_container_http_monitoring_host_bind_port }}
|
||||||
|
whatsapp:
|
||||||
|
os_name: Linux mautrix-whatsapp
|
||||||
|
browser_name: Chrome
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# mautrix-telegram config
|
||||||
|
#
|
||||||
|
matrix_mautrix_telegram_enabled: true
|
||||||
|
matrix_mautrix_telegram_api_id: "{{ vault_matrix_mautrix_telegram_api_id }}"
|
||||||
|
matrix_mautrix_telegram_api_hash: "{{ vault_matrix_mautrix_telegram_api_hash }}"
|
||||||
|
matrix_mautrix_telegram_public_endpoint: '/bridge/telegram'
|
||||||
|
matrix_mautrix_telegram_container_http_monitoring_host_bind_port: 9401
|
||||||
|
matrix_mautrix_telegram_container_http_host_bind_port_public: 8980
|
||||||
|
matrix_mautrix_telegram_container_extra_arguments:
|
||||||
|
- "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}"
|
||||||
|
- "-p 127.0.0.1:{{ matrix_mautrix_telegram_container_http_host_bind_port_public }}:80"
|
||||||
|
matrix_mautrix_telegram_configuration_extension_yaml: |
|
||||||
|
bridge:
|
||||||
|
displayname_template: "{displayname} (via Telegram)"
|
||||||
|
parallel_file_transfer: false
|
||||||
|
inline_images: false
|
||||||
|
image_as_file_size: 20
|
||||||
|
delivery_receipts: true
|
||||||
|
login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}"
|
||||||
|
animated_sticker:
|
||||||
|
target: webm
|
||||||
|
encryption:
|
||||||
|
allow: true
|
||||||
|
default: true
|
||||||
|
permissions:
|
||||||
|
"@transcaffeine:finallycoffee.eu": "admin"
|
||||||
|
"gruenhage.xyz": "full"
|
||||||
|
logging:
|
||||||
|
root:
|
||||||
|
level: INFO
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
listen_port: {{ matrix_mautrix_telegram_container_http_monitoring_host_bind_port }}
|
||||||
|
# permissions: "{{ vault_matrix_mautrix_telegram_permission_map | from_yaml }}"
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# mautrix-signal config
|
||||||
|
#
|
||||||
|
matrix_mautrix_signal_enabled: true
|
||||||
|
matrix_mautrix_signal_container_http_monitoring_host_bind_port: 9408
|
||||||
|
matrix_mautrix_signal_container_extra_arguments:
|
||||||
|
- "-p 127.0.0.1:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}:{{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}"
|
||||||
|
matrix_mautrix_signal_configuration_extension_yaml: |
|
||||||
|
bridge:
|
||||||
|
displayname_template: "{displayname} (via Signal)"
|
||||||
|
community_id: "+signal:finallycoffee.eu"
|
||||||
|
encryption:
|
||||||
|
allow: true
|
||||||
|
default: true
|
||||||
|
key_sharing:
|
||||||
|
allow: true
|
||||||
|
require_verification: false
|
||||||
|
delivery_receipts: true
|
||||||
|
logging:
|
||||||
|
root:
|
||||||
|
level: INFO
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
listen_port: {{ matrix_mautrix_signal_container_http_monitoring_host_bind_port }}
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# mx-puppet-instagram configuration
|
||||||
|
#
|
||||||
|
matrix_mx_puppet_instagram_enabled: true
|
||||||
|
matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port: 9403
|
||||||
|
matrix_mx_puppet_instagram_container_extra_arguments:
|
||||||
|
- "-p 127.0.0.1:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}"
|
||||||
|
matrix_mx_puppet_instagram_configuration_extension_yaml: |
|
||||||
|
bridge:
|
||||||
|
enableGroupSync: true
|
||||||
|
avatarUrl: mxc://finallycoffee.eu/acmiSAinuHDOULofFFeolTvr
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
port: {{ matrix_mx_puppet_instagram_container_http_monitoring_host_bind_port }}
|
||||||
|
path: /metrics
|
||||||
|
presence:
|
||||||
|
enabled: true
|
||||||
|
interval: 3000
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# mx-puppet-skype configuration
|
||||||
|
#
|
||||||
|
matrix_mx_puppet_skype_enabled: true
|
||||||
|
matrix_mx_puppet_skype_container_http_monitoring_host_bind_port: 9405
|
||||||
|
matrix_mx_puppet_skype_container_extra_arguments:
|
||||||
|
- "-p 127.0.0.1:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}"
|
||||||
|
matrix_mx_puppet_skype_configuration_extension_yaml: |
|
||||||
|
bridge:
|
||||||
|
enableGroupSync: true
|
||||||
|
avatarUrl: mxc://finallycoffee.eu/jjXDuFqtpFOBOnywoHgzTuYt
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
port: {{ matrix_mx_puppet_skype_container_http_monitoring_host_bind_port }}
|
||||||
|
path: /metrics
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# mx-puppet-discord configuration
|
||||||
|
#
|
||||||
|
matrix_mx_puppet_discord_enabled: true
|
||||||
|
matrix_mx_puppet_discord_client_id: "{{ vault_matrix_mx_puppet_discord_client_id }}"
|
||||||
|
matrix_mx_puppet_discord_client_secret: "{{ vault_matrix_mx_puppet_discord_client_secret }}"
|
||||||
|
matrix_mx_puppet_discord_container_http_monitoring_host_bind_port: 9404
|
||||||
|
matrix_mx_puppet_discord_container_extra_arguments:
|
||||||
|
- "-p 127.0.0.1:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}"
|
||||||
|
matrix_mx_puppet_discord_configuration_extension_yaml: |
|
||||||
|
bridge:
|
||||||
|
enableGroupSync: true
|
||||||
|
avatarUrl: mxc://finallycoffee.eu/BxcAAhjXmglMbtthStEHtCzd
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
port: {{ matrix_mx_puppet_discord_container_http_monitoring_host_bind_port }}
|
||||||
|
path: /metrics
|
||||||
|
limits:
|
||||||
|
maxAutojoinUsers: 500
|
||||||
|
roomUserAutojoinDelay: 50
|
||||||
|
presence:
|
||||||
|
enabled: true
|
||||||
|
interval: 3000
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# mx-puppet-slack configuration
|
||||||
|
#
|
||||||
|
matrix_mx_puppet_slack_enabled: true
|
||||||
|
matrix_mx_puppet_slack_client_id: "{{ vault_matrix_mx_puppet_slack_client_id }}"
|
||||||
|
matrix_mx_puppet_slack_client_secret: "{{ vault_matrix_mx_puppet_slack_client_secret }}"
|
||||||
|
matrix_mx_puppet_slack_redirect_path: '/bridge/slack/oauth'
|
||||||
|
matrix_mx_puppet_slack_container_http_auth_host_bind_port: 8981
|
||||||
|
matrix_mx_puppet_slack_container_http_monitoring_host_bind_port: 9406
|
||||||
|
matrix_mx_puppet_slack_container_extra_arguments:
|
||||||
|
- "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}:{{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}"
|
||||||
|
- "-p 127.0.0.1:{{ matrix_mx_puppet_slack_container_http_auth_host_bind_port }}:8008"
|
||||||
|
matrix_mx_puppet_slack_configuration_extension_yaml: |
|
||||||
|
bridge:
|
||||||
|
enableGroupSync: true
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
port: {{ matrix_mx_puppet_slack_container_http_monitoring_host_bind_port }}
|
||||||
|
path: /metrics
|
||||||
|
limits:
|
||||||
|
maxAutojoinUsers: 500
|
||||||
|
roomUserAutojoinDelay: 50
|
||||||
|
presence:
|
||||||
|
enabled: true
|
||||||
|
interval: 3000
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# Element web configuration
|
||||||
|
#
|
||||||
|
# Branding config
|
||||||
|
matrix_client_element_brand: "Chat"
|
||||||
|
matrix_client_element_default_theme: "dark"
|
||||||
|
matrix_client_element_themes_enabled: true
|
||||||
|
matrix_client_element_welcome_headline: "Welcome to chat.finallycoffee.eu"
|
||||||
|
matrix_client_element_welcome_text: |
|
||||||
|
Decentralised, encrypted chat & collaboration,<br />
|
||||||
|
hosted on finallycoffee.eu, powered by element.io &
|
||||||
|
<a href="https://matrix.org" target="_blank" rel="noreferrer noopener">
|
||||||
|
<img width="79" height="34" alt="[matrix]" style="padding-left: 1px;vertical-align: middle" src="welcome/images/matrix.svg" />
|
||||||
|
</a>
|
||||||
|
matrix_client_element_welcome_logo: "welcome/images/logo.png"
|
||||||
|
matrix_client_element_welcome_logo_link: "https://{{ matrix_domain }}"
|
||||||
|
matrix_client_element_branding_authHeaderLogoUrl: "welcome/images/logo.png"
|
||||||
|
matrix_client_element_branding_welcomeBackgroundUrl: "welcome/images/background.jpg"
|
||||||
|
matrix_client_element_container_extra_arguments:
|
||||||
|
- "-v {{ matrix_client_element_data_path }}/background.jpg:/app/{{ matrix_client_element_branding_welcomeBackgroundUrl }}:ro"
|
||||||
|
- "-v {{ matrix_client_element_data_path }}/logo.png:/app/{{ matrix_client_element_branding_authHeaderLogoUrl }}:ro"
|
||||||
|
# Integration and capabilites config
|
||||||
|
matrix_client_element_integrations_ui_url: "https://{{ matrix_server_fqn_dimension }}/element"
|
||||||
|
matrix_client_element_integrations_rest_url: "https://{{ matrix_server_fqn_dimension }}/api/v1/scalar"
|
||||||
|
matrix_client_element_integrations_widgets_urls:
|
||||||
|
- "https://{{ matrix_server_fqn_dimension }}/widgets"
|
||||||
|
- "https://scalar.vector.im/api"
|
||||||
|
matrix_client_element_integrations_jitsi_widget_url: "https://{{ matrix_server_fqn_dimension }}/widgets/jitsi"
|
||||||
|
matrix_client_element_disable_custom_urls: false
|
||||||
|
matrix_client_element_roomdir_servers:
|
||||||
|
- "matrix.org"
|
||||||
|
- "finallycoffee.eu"
|
||||||
|
- "entropia.de"
|
||||||
|
matrix_client_element_enable_presence_by_hs_url:
|
||||||
|
https://matrix.org: false
|
||||||
|
|
||||||
|
|
||||||
|
# Matrix ma1sd extended configuration
|
||||||
|
matrix_ma1sd_configuration_extension_yaml: |
|
||||||
|
hashing:
|
||||||
|
enabled: true
|
||||||
|
pepperLength: 20
|
||||||
|
rotationPolicy: per_requests
|
||||||
|
requests: 10
|
||||||
|
hashStorageType: sql
|
||||||
|
algorithms:
|
||||||
|
- none
|
||||||
|
- sha256
|
||||||
|
|
||||||
|
|
||||||
|
# Matrix mail notification relay setup
|
||||||
|
matrix_mailer_enabled: true
|
||||||
|
matrix_mailer_sender_address: "Matrix on finallycoffee.eu <system-matrix@{{ matrix_domain }}>"
|
||||||
|
matrix_mailer_relay_use: true
|
||||||
|
matrix_mailer_relay_host_name: "{{ vault_matrix_mailer_relay_host_name }}"
|
||||||
|
matrix_mailer_relay_host_port: 587
|
||||||
|
matrix_mailer_relay_auth: true
|
||||||
|
matrix_mailer_relay_auth_username: "{{ vault_matrix_mailer_relay_auth_username }}"
|
||||||
|
matrix_mailer_relay_auth_password: "{{ vault_matrix_mailer_relay_auth_password }}"
|
100
inventory/host_vars/matrix.finallycoffee.eu/vault.yml
Normal file
100
inventory/host_vars/matrix.finallycoffee.eu/vault.yml
Normal file
@ -0,0 +1,100 @@
|
|||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
39366364363633336238333130353832663162393038633665396333343732353964333363666539
|
||||||
|
6562346632343235623835643735386434316666393234360a383634616537393134613631383836
|
||||||
|
61333835363666623033306166376232303930306433343366373463653234623736643633383734
|
||||||
|
3330333665383539650a383132353032386230393031626361343764323034386230363066306331
|
||||||
|
34646236336262623435633566363033613737373064616266336237343233663066396163373034
|
||||||
|
62303765353066653737366539626461636531636438323932333134363136363134646164646531
|
||||||
|
63656638666233313437663261396665653736373164323433306435323336633938313164646264
|
||||||
|
33653661633965363833393031616463633761356234633630643562306366653133366637346166
|
||||||
|
38636433343736343461613731623538633361363934343764326466313261353633646230353065
|
||||||
|
37366134303164356433333961346663313963626165323966656536313532376162326565383539
|
||||||
|
65363333633964323838663461373666353665643236623839646664653661613838353239613137
|
||||||
|
39353061323131306365656261343630313665356165623064616436653566373663343733316237
|
||||||
|
34393666383465323463313838393465643830373632373938633763666636346539666233303265
|
||||||
|
38353337633833373331356663633936326334366337393135653030333531613565643666633038
|
||||||
|
64393862303765366632393137313432376563353335353231323464633637343334346634306534
|
||||||
|
35613330373336633031376263306466306437656635396133613335386130346163663438386136
|
||||||
|
61646437343938663431343736363564376238316666373531616231366132643864346538363866
|
||||||
|
35396433366137356162313963666134383134306462313336613735386639363936326131383939
|
||||||
|
66623833643433663039623837623133303336666233623935313438366136353332313165333936
|
||||||
|
31386632336535383533646639636164313331346630633366383739623261366465656632393062
|
||||||
|
63373332623738303364623437666531396331646666336230353333366261653438363861656466
|
||||||
|
39333762633037383336393164616563396564383232636533363864636230616664303330323932
|
||||||
|
66666234633362346132303932643464366466323535303835363430333737666661373534333934
|
||||||
|
61393362616438626636383564613335363634626231663234616438343464383461303632363033
|
||||||
|
39336362396339316661323662393665383031643931626333646335643335353661653939363538
|
||||||
|
38666561313539613566386132336630643237333432656236356132616230663561343665353938
|
||||||
|
33366663353834356434366335373265373439363430636533303933656264366338623232613435
|
||||||
|
35356662383232386137313064313363303861326635333435393737643663336534363234623430
|
||||||
|
32376432353330613666396337303935376366613564353039396164383361616337656535346166
|
||||||
|
34396635356266326461613135303639643935363261396363636338636564643838313262326266
|
||||||
|
31663139343336376233303637373864363835313839326433656235616332333134306139623239
|
||||||
|
37636639356263646437373362333931613262363363313462666534643765313139386461623731
|
||||||
|
33376635653133353033333733613464396632636634313063326363313030376632643863336237
|
||||||
|
61636638353237313764313435626463633964643665313536326235343639663137373436303564
|
||||||
|
30636232626137376339303238653664346538356430306238633037366332316263623666373062
|
||||||
|
63646533646131303466653637346463613237323161313265613834383634626237323563653733
|
||||||
|
38656435303264346663663465333966376631666530333833353233376263336436613065366362
|
||||||
|
36366263343438393132326661623031316663663231663464383732343064383234616636306530
|
||||||
|
66613634626362316533303034393063666632343262613431613635663866636433623535363238
|
||||||
|
30643933613731363236346234336662613633323831633437613435326465383530653765616262
|
||||||
|
63373538396364316563343365303134373466663639386137663564356532353531343636613135
|
||||||
|
63316463353264316164306566326462333732316431643939626161346530636638636662303037
|
||||||
|
34346461313961613063336332333934383363373335616636363661396362613661383762663866
|
||||||
|
64303834636264376461396266663763336665356561376161333136336638646363313133353161
|
||||||
|
31643061623833623239373432633537663664636334623534326639616633616361333834366131
|
||||||
|
30376361656238353332656666316637643133623433333861653265636266376639666135383638
|
||||||
|
37363337326231656530363536393737383565666266306532626361633633353539363866376534
|
||||||
|
61303737326632303762626666306134343837376566343035386663613336626332383035383035
|
||||||
|
37633462373066373062313862323766316362393832666466396637363562353865303366323062
|
||||||
|
39346332383966313437646138623364656234663066663639663138626163656433363038323166
|
||||||
|
65613862386665643438323061323763306635666162303366323131363436633335356332393366
|
||||||
|
63373966383132303434633835333438333337303664346335643066623839343835643364306561
|
||||||
|
34643336346564363462396330643263653931376664386335313433376332653832323437376135
|
||||||
|
35383231386133363236653334393433306638303131323064343931623538323130343666653061
|
||||||
|
36353536383632333964343730346265626433303131346531303133663832363036333261386237
|
||||||
|
30363361356265356139323761623563396565336137333733656431636531333234323061343862
|
||||||
|
33623935346663333735613661363234646234356331323636386637343661373363363261646231
|
||||||
|
33643233343235323230393933616664623166666266333862323631653835666135303233653635
|
||||||
|
63373061656163353762636531613632366638383366303864343132376162643963366564363563
|
||||||
|
61336338613935613532636165383463633866633036393533313433643562313737383431353163
|
||||||
|
37623165373933376236393931363939633963666636303136373065376635623761346537643530
|
||||||
|
35363464313630376233633863306238616138666464316534363332333937343362343233346431
|
||||||
|
34643032323934353939666364323239653932363735373061633434653062326336353239633261
|
||||||
|
38306237336266663038656534393664646138343038323335633064616431386666613739326630
|
||||||
|
34383963666534313530376331366238343836303036306336343533666332386163643033643138
|
||||||
|
33336333333338353733383165306139623964303035653439623131633566356136386431613135
|
||||||
|
63616462386639303230343866346631346532353531373132613433363239646330653666633532
|
||||||
|
65393766333238383531313132633537633833363335303630376239396565373730646331313633
|
||||||
|
30383861303739343265623934643635633361623262356433323035393062353630346430646262
|
||||||
|
63303434353038646361353661616339313937323336303566303536366163623362356332383862
|
||||||
|
37326333393761633732653264646333653439363039323238383361336233323232613336303464
|
||||||
|
34393635633131313135313665363161306466643364393734346264633030373234306466653862
|
||||||
|
32336163666435636162343465386633653863363533616339636531306130383331376563393533
|
||||||
|
65366136626662343065383164646665613035393636373565346235656439303933343563366339
|
||||||
|
36643838393033353033396535613331303031646162316361613564323163633434633861356135
|
||||||
|
62343461616335323565636633383962316531316362396165366533346166336163623232366261
|
||||||
|
39376230376562626135346333326437373733373266393236383435343562653034313133376236
|
||||||
|
61666138346562613330633630373837653465393233613261353937336666646231366666393335
|
||||||
|
35393463333936323664323831396639333462626238613164616435363664643438653763623431
|
||||||
|
32663237363134353061373563396535653565636431366565386337653863316333343738343432
|
||||||
|
62303132636338303462313439376535363063333833363632613832303436353834376561333330
|
||||||
|
66633632383135646263626333643230343630326539663762633934316261633062663732373932
|
||||||
|
30306438386263626335373838343236643562326135663366353638353163346365396261313133
|
||||||
|
36333634306133353235316237343738623263333732343063356238333162323931346664346539
|
||||||
|
66323733643061386334306130633537353630663336313966663538373963313435666564316539
|
||||||
|
63613030366332363432303036396232306537663765653938353736376135316539613135623632
|
||||||
|
66356639623635663365323635646635383638346539323438336261393332373935383536333831
|
||||||
|
61306639343061333639336162366536366438356166396266666132303932333037613632623666
|
||||||
|
63616662343830303664353931306632323630316162643432653835313962633735626163366332
|
||||||
|
34373637633066333432383533316363613031393963373963386161663430623533383165653561
|
||||||
|
38343439633066366663643138326264653539336530393932386236366533663935353664343966
|
||||||
|
39323161646231353234633961633732613065323039663062313661386565366534623430356632
|
||||||
|
64343732336238393262363338363734643639353830646163343361653761633134303163616562
|
||||||
|
35633436393832393137383534613031303963613339333566343065336530623964636662353065
|
||||||
|
32366630353538383339346465376661323666333234373665613164633866363364613066643034
|
||||||
|
37616630366232353166366535633936366536626462353831643335306337353564316461653564
|
||||||
|
66663133373466333431336366346435623436656230376232613665633466333463636263373464
|
||||||
|
30386434336538303061666566383033616563303564666362346432663130306531613063363537
|
||||||
|
646635613236636563666161666630653836
|
22
inventory/hosts
Normal file
22
inventory/hosts
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
31336566376336626265653165306635633033376662656164383037383834653239656136333734
|
||||||
|
3833666339393037323035343565343235396163636166370a643933333933386133366564396465
|
||||||
|
30393637613164356564393337633361653432333232383664303739363736633435363764343530
|
||||||
|
3532313739363963660a343434356534316230623133636366386334323465376139363162616238
|
||||||
|
39396638366262313531653635326361616537396338363533303961623165343931373939306239
|
||||||
|
31336632643166633662653765333231393461643933306464303165633037343061323636313034
|
||||||
|
34376631656563646665373566633431366638383863666130323264316337663237343135306236
|
||||||
|
66323536346164663239343139623430303230333466633437643337343930363530653964626163
|
||||||
|
38336363633730393136333637383631636266396636646533356262376630646139303636666538
|
||||||
|
32366437353163663865623234643061313639646162643965393535353938313133326237313265
|
||||||
|
66646163333535396539646461356334633532313530653834623263386265383765356130333466
|
||||||
|
30373531306137393935363030313739666536363138363962646565306439393239303030643162
|
||||||
|
33333166663430393866666439653532623034396130313066383035396535646633366237303264
|
||||||
|
36356665366461323664373038366364623937386233313039323837666333653764616462333365
|
||||||
|
31326264633236373937313537633961633164323138356135633765663639323537656263633766
|
||||||
|
38653836323263386333376131333330326237393666363064326463663961633839393039323835
|
||||||
|
61306265333232623037356465393133323733363634646364336261326333366239346565366338
|
||||||
|
61646132333033373866623739343830336164316461646366666237313565626639323537623732
|
||||||
|
38323830656136323137323530343764666433633432366136643538323832653130376363653135
|
||||||
|
64376261386635636533353961613335663962306337353866616464613636303735336230623962
|
||||||
|
3336
|
@ -1,3 +1,5 @@
|
|||||||
|
---
|
||||||
|
|
||||||
- import_tasks: "{{ role_path }}/tasks/setup.yml"
|
- import_tasks: "{{ role_path }}/tasks/setup.yml"
|
||||||
when: run_stop|bool
|
when: run_stop|bool
|
||||||
tags:
|
tags:
|
||||||
|
@ -1,3 +1,5 @@
|
|||||||
|
---
|
||||||
|
|
||||||
matrix_awx_enabled: true
|
matrix_awx_enabled: true
|
||||||
|
|
||||||
# Defaults for 'Customise Website + Access Export' template
|
# Defaults for 'Customise Website + Access Export' template
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
---
|
||||||
|
|
||||||
- name: Record Backup Server variables locally on AWX
|
- name: Record Backup Server variables locally on AWX
|
||||||
delegate_to: 127.0.0.1
|
delegate_to: 127.0.0.1
|
||||||
@ -38,18 +39,18 @@
|
|||||||
credential: "{{ member_id }} - AWX SSH Key"
|
credential: "{{ member_id }} - AWX SSH Key"
|
||||||
survey_enabled: true
|
survey_enabled: true
|
||||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json') }}"
|
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json') }}"
|
||||||
become_enabled: yes
|
become_enabled: true
|
||||||
state: present
|
state: present
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
tower_host: "https://{{ awx_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: true
|
||||||
tags: use-survey
|
tags: use-survey
|
||||||
|
|
||||||
- name: Include vars in matrix_vars.yml
|
- name: Include vars in matrix_vars.yml
|
||||||
include_vars:
|
include_vars:
|
||||||
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||||
no_log: True
|
no_log: true
|
||||||
|
|
||||||
- name: Copy new 'matrix_vars.yml' to target machine
|
- name: Copy new 'matrix_vars.yml' to target machine
|
||||||
copy:
|
copy:
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
---
|
||||||
|
|
||||||
- name: Record Bridge Discord AppService variables locally on AWX
|
- name: Record Bridge Discord AppService variables locally on AWX
|
||||||
delegate_to: 127.0.0.1
|
delegate_to: 127.0.0.1
|
||||||
@ -54,4 +55,4 @@
|
|||||||
verbosity: 1
|
verbosity: 1
|
||||||
tower_host: "https://{{ awx_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: true
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
---
|
||||||
|
|
||||||
- name: Collect current datetime
|
- name: Collect current datetime
|
||||||
set_fact:
|
set_fact:
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
---
|
||||||
|
|
||||||
- name: Create a AWX session token for executing modules
|
- name: Create a AWX session token for executing modules
|
||||||
awx.awx.tower_token:
|
awx.awx.tower_token:
|
||||||
@ -7,4 +8,4 @@
|
|||||||
tower_host: "https://{{ awx_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ awx_master_token }}"
|
tower_oauthtoken: "{{ awx_master_token }}"
|
||||||
register: awx_session_token
|
register: awx_session_token
|
||||||
no_log: True
|
no_log: true
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
---
|
||||||
#
|
#
|
||||||
# Create user and define if they are admin
|
# Create user and define if they are admin
|
||||||
#
|
#
|
||||||
|
@ -48,7 +48,7 @@
|
|||||||
- name: Reload vars in matrix_vars.yml
|
- name: Reload vars in matrix_vars.yml
|
||||||
include_vars:
|
include_vars:
|
||||||
file: '{{ awx_cached_matrix_vars }}'
|
file: '{{ awx_cached_matrix_vars }}'
|
||||||
no_log: True
|
no_log: true
|
||||||
|
|
||||||
- name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template
|
- name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template
|
||||||
delegate_to: 127.0.0.1
|
delegate_to: 127.0.0.1
|
||||||
@ -92,12 +92,12 @@
|
|||||||
credential: "{{ member_id }} - AWX SSH Key"
|
credential: "{{ member_id }} - AWX SSH Key"
|
||||||
survey_enabled: true
|
survey_enabled: true
|
||||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json') }}"
|
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json') }}"
|
||||||
become_enabled: yes
|
become_enabled: true
|
||||||
state: present
|
state: present
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
tower_host: "https://{{ awx_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: true
|
||||||
when: awx_customise_base_domain_website is defined
|
when: awx_customise_base_domain_website is defined
|
||||||
|
|
||||||
- name: Recreate 'Access Export' job template
|
- name: Recreate 'Access Export' job template
|
||||||
@ -114,12 +114,12 @@
|
|||||||
credential: "{{ member_id }} - AWX SSH Key"
|
credential: "{{ member_id }} - AWX SSH Key"
|
||||||
survey_enabled: true
|
survey_enabled: true
|
||||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json') }}"
|
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json') }}"
|
||||||
become_enabled: yes
|
become_enabled: true
|
||||||
state: present
|
state: present
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
tower_host: "https://{{ awx_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: true
|
||||||
when: awx_customise_base_domain_website is undefined
|
when: awx_customise_base_domain_website is undefined
|
||||||
|
|
||||||
- name: If user doesn't define a awx_sftp_password, create a disabled 'sftp' account
|
- name: If user doesn't define a awx_sftp_password, create a disabled 'sftp' account
|
||||||
@ -153,7 +153,7 @@
|
|||||||
user:
|
user:
|
||||||
name: sftp
|
name: sftp
|
||||||
groups: sftp
|
groups: sftp
|
||||||
append: yes
|
append: true
|
||||||
when: awx_customise_base_domain_website is defined
|
when: awx_customise_base_domain_website is defined
|
||||||
|
|
||||||
- name: Create the ro /chroot directory with sticky bit if it doesn't exist. (/chroot/website has matrix:matrix permissions and is mounted to nginx container)
|
- name: Create the ro /chroot directory with sticky bit if it doesn't exist. (/chroot/website has matrix:matrix permissions and is mounted to nginx container)
|
||||||
|
@ -23,7 +23,7 @@
|
|||||||
command: rm /chroot/export/matrix*
|
command: rm /chroot/export/matrix*
|
||||||
count: 1
|
count: 1
|
||||||
units: days
|
units: days
|
||||||
unique: yes
|
unique: true
|
||||||
|
|
||||||
- name: Delete the AWX session token for executing modules
|
- name: Delete the AWX session token for executing modules
|
||||||
awx.awx.tower_token:
|
awx.awx.tower_token:
|
||||||
|
@ -3,14 +3,14 @@
|
|||||||
- name: Include vars in organisation.yml
|
- name: Include vars in organisation.yml
|
||||||
include_vars:
|
include_vars:
|
||||||
file: '/var/lib/awx/projects/clients/{{ member_id }}/organisation.yml'
|
file: '/var/lib/awx/projects/clients/{{ member_id }}/organisation.yml'
|
||||||
no_log: True
|
no_log: true
|
||||||
|
|
||||||
- name: Include vars in hosting_vars.yml
|
- name: Include vars in hosting_vars.yml
|
||||||
include_vars:
|
include_vars:
|
||||||
file: '/var/lib/awx/projects/hosting/hosting_vars.yml'
|
file: '/var/lib/awx/projects/hosting/hosting_vars.yml'
|
||||||
no_log: True
|
no_log: true
|
||||||
|
|
||||||
- name: Include AWX master token from awx_tokens.yml
|
- name: Include AWX master token from awx_tokens.yml
|
||||||
include_vars:
|
include_vars:
|
||||||
file: /var/lib/awx/projects/hosting/awx_tokens.yml
|
file: /var/lib/awx/projects/hosting/awx_tokens.yml
|
||||||
no_log: True
|
no_log: true
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
- name: Include new vars in matrix_vars.yml
|
- name: Include new vars in matrix_vars.yml
|
||||||
include_vars:
|
include_vars:
|
||||||
file: '{{ awx_cached_matrix_vars }}'
|
file: '{{ awx_cached_matrix_vars }}'
|
||||||
no_log: True
|
no_log: true
|
||||||
|
|
||||||
- name: If include_vars succeeds overwrite the old matrix_vars.yml
|
- name: If include_vars succeeds overwrite the old matrix_vars.yml
|
||||||
delegate_to: 127.0.0.1
|
delegate_to: 127.0.0.1
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
|
---
|
||||||
# Load initial hosting and organisation variables from AWX volume
|
# Load initial hosting and organisation variables from AWX volume
|
||||||
- include_tasks:
|
- include_tasks:
|
||||||
file: "load_hosting_and_org_variables.yml"
|
file: "load_hosting_and_org_variables.yml"
|
||||||
|
@ -9,7 +9,7 @@
|
|||||||
- name: Include vars in matrix_vars.yml
|
- name: Include vars in matrix_vars.yml
|
||||||
include_vars:
|
include_vars:
|
||||||
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||||
no_log: True
|
no_log: true
|
||||||
|
|
||||||
- name: Ensure curl and jq intalled on target machine
|
- name: Ensure curl and jq intalled on target machine
|
||||||
apt:
|
apt:
|
||||||
@ -22,7 +22,7 @@
|
|||||||
shell: du -sh /matrix/postgres/data
|
shell: du -sh /matrix/postgres/data
|
||||||
register: awx_db_size_before_stat
|
register: awx_db_size_before_stat
|
||||||
when: (awx_purge_mode.find("Perform final shrink") != -1)
|
when: (awx_purge_mode.find("Perform final shrink") != -1)
|
||||||
no_log: True
|
no_log: true
|
||||||
|
|
||||||
- name: Collect the internal IP of the matrix-synapse container
|
- name: Collect the internal IP of the matrix-synapse container
|
||||||
shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse"
|
shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse"
|
||||||
@ -34,7 +34,7 @@
|
|||||||
curl -X POST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
|
curl -X POST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
|
||||||
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
|
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
|
||||||
register: awx_janitors_token
|
register: awx_janitors_token
|
||||||
no_log: True
|
no_log: true
|
||||||
|
|
||||||
- name: Copy build_room_list.py script to target machine
|
- name: Copy build_room_list.py script to target machine
|
||||||
copy:
|
copy:
|
||||||
@ -55,7 +55,7 @@
|
|||||||
fetch:
|
fetch:
|
||||||
src: /tmp/room_list_complete.json
|
src: /tmp/room_list_complete.json
|
||||||
dest: "/tmp/{{ subscription_id }}_room_list_complete.json"
|
dest: "/tmp/{{ subscription_id }}_room_list_complete.json"
|
||||||
flat: yes
|
flat: true
|
||||||
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
|
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
|
||||||
|
|
||||||
- name: Remove complete room list from target machine
|
- name: Remove complete room list from target machine
|
||||||
@ -80,7 +80,7 @@
|
|||||||
- name: Setting host fact awx_room_list_no_local_users
|
- name: Setting host fact awx_room_list_no_local_users
|
||||||
set_fact:
|
set_fact:
|
||||||
awx_room_list_no_local_users: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_no_local_users.txt') }}"
|
awx_room_list_no_local_users: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_no_local_users.txt') }}"
|
||||||
no_log: True
|
no_log: true
|
||||||
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
|
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
|
||||||
|
|
||||||
- name: Purge all rooms with no local users
|
- name: Purge all rooms with no local users
|
||||||
@ -113,7 +113,7 @@
|
|||||||
set_fact:
|
set_fact:
|
||||||
awx_room_list_joined_members: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_joined_members.txt') }}"
|
awx_room_list_joined_members: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_joined_members.txt') }}"
|
||||||
when: awx_purge_mode.find("Number of users [slower]") != -1
|
when: awx_purge_mode.find("Number of users [slower]") != -1
|
||||||
no_log: True
|
no_log: true
|
||||||
|
|
||||||
- name: Purge all rooms with more then N users
|
- name: Purge all rooms with more then N users
|
||||||
include_tasks: purge_database_users.yml
|
include_tasks: purge_database_users.yml
|
||||||
@ -138,7 +138,7 @@
|
|||||||
set_fact:
|
set_fact:
|
||||||
awx_room_list_state_events: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_state_events.txt') }}"
|
awx_room_list_state_events: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_state_events.txt') }}"
|
||||||
when: awx_purge_mode.find("Number of events [slower]") != -1
|
when: awx_purge_mode.find("Number of events [slower]") != -1
|
||||||
no_log: True
|
no_log: true
|
||||||
|
|
||||||
- name: Purge all rooms with more then N events
|
- name: Purge all rooms with more then N events
|
||||||
include_tasks: purge_database_events.yml
|
include_tasks: purge_database_events.yml
|
||||||
@ -161,17 +161,17 @@
|
|||||||
verbosity: 1
|
verbosity: 1
|
||||||
tower_host: "https://{{ awx_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: true
|
||||||
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1)
|
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1)
|
||||||
|
|
||||||
- name: Execute rust-synapse-compress-state job template
|
- name: Execute rust-synapse-compress-state job template
|
||||||
delegate_to: 127.0.0.1
|
delegate_to: 127.0.0.1
|
||||||
awx.awx.tower_job_launch:
|
awx.awx.tower_job_launch:
|
||||||
job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
|
job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
|
||||||
wait: yes
|
wait: true
|
||||||
tower_host: "https://{{ awx_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: true
|
||||||
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1)
|
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1)
|
||||||
|
|
||||||
- name: Revert 'Deploy/Update a Server' job template
|
- name: Revert 'Deploy/Update a Server' job template
|
||||||
@ -190,14 +190,14 @@
|
|||||||
verbosity: 1
|
verbosity: 1
|
||||||
tower_host: "https://{{ awx_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: true
|
||||||
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1)
|
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1)
|
||||||
|
|
||||||
- name: Ensure matrix-synapse is stopped
|
- name: Ensure matrix-synapse is stopped
|
||||||
service:
|
service:
|
||||||
name: matrix-synapse
|
name: matrix-synapse
|
||||||
state: stopped
|
state: stopped
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
when: (awx_purge_mode.find("Perform final shrink") != -1)
|
when: (awx_purge_mode.find("Perform final shrink") != -1)
|
||||||
|
|
||||||
- name: Re-index Synapse database
|
- name: Re-index Synapse database
|
||||||
@ -208,7 +208,7 @@
|
|||||||
service:
|
service:
|
||||||
name: matrix-synapse
|
name: matrix-synapse
|
||||||
state: started
|
state: started
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
when: (awx_purge_mode.find("Perform final shrink") != -1)
|
when: (awx_purge_mode.find("Perform final shrink") != -1)
|
||||||
|
|
||||||
- name: Adjust 'Deploy/Update a Server' job template
|
- name: Adjust 'Deploy/Update a Server' job template
|
||||||
@ -227,17 +227,17 @@
|
|||||||
verbosity: 1
|
verbosity: 1
|
||||||
tower_host: "https://{{ awx_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: true
|
||||||
when: (awx_purge_mode.find("Perform final shrink") != -1)
|
when: (awx_purge_mode.find("Perform final shrink") != -1)
|
||||||
|
|
||||||
- name: Execute run-postgres-vacuum job template
|
- name: Execute run-postgres-vacuum job template
|
||||||
delegate_to: 127.0.0.1
|
delegate_to: 127.0.0.1
|
||||||
awx.awx.tower_job_launch:
|
awx.awx.tower_job_launch:
|
||||||
job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
|
job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
|
||||||
wait: yes
|
wait: true
|
||||||
tower_host: "https://{{ awx_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: true
|
||||||
when: (awx_purge_mode.find("Perform final shrink") != -1)
|
when: (awx_purge_mode.find("Perform final shrink") != -1)
|
||||||
|
|
||||||
- name: Revert 'Deploy/Update a Server' job template
|
- name: Revert 'Deploy/Update a Server' job template
|
||||||
@ -256,7 +256,7 @@
|
|||||||
verbosity: 1
|
verbosity: 1
|
||||||
tower_host: "https://{{ awx_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: true
|
||||||
when: (awx_purge_mode.find("Perform final shrink") != -1)
|
when: (awx_purge_mode.find("Perform final shrink") != -1)
|
||||||
|
|
||||||
- name: Cleanup room_list files
|
- name: Cleanup room_list files
|
||||||
@ -264,13 +264,13 @@
|
|||||||
shell: |
|
shell: |
|
||||||
rm /tmp/{{ subscription_id }}_room_list*
|
rm /tmp/{{ subscription_id }}_room_list*
|
||||||
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
|
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
|
||||||
ignore_errors: yes
|
ignore_errors: true
|
||||||
|
|
||||||
- name: Collect after shrink size of Synapse database
|
- name: Collect after shrink size of Synapse database
|
||||||
shell: du -sh /matrix/postgres/data
|
shell: du -sh /matrix/postgres/data
|
||||||
register: awx_db_size_after_stat
|
register: awx_db_size_after_stat
|
||||||
when: (awx_purge_mode.find("Perform final shrink") != -1)
|
when: (awx_purge_mode.find("Perform final shrink") != -1)
|
||||||
no_log: True
|
no_log: true
|
||||||
|
|
||||||
- name: Print total number of rooms processed
|
- name: Print total number of rooms processed
|
||||||
debug:
|
debug:
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
---
|
||||||
|
|
||||||
- name: Ensure dateutils is installed in AWX
|
- name: Ensure dateutils is installed in AWX
|
||||||
delegate_to: 127.0.0.1
|
delegate_to: 127.0.0.1
|
||||||
@ -8,7 +9,7 @@
|
|||||||
- name: Include vars in matrix_vars.yml
|
- name: Include vars in matrix_vars.yml
|
||||||
include_vars:
|
include_vars:
|
||||||
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||||
no_log: True
|
no_log: true
|
||||||
|
|
||||||
- name: Ensure curl and jq intalled on target machine
|
- name: Ensure curl and jq intalled on target machine
|
||||||
apt:
|
apt:
|
||||||
@ -25,7 +26,7 @@
|
|||||||
shell: |
|
shell: |
|
||||||
curl -XPOST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
|
curl -XPOST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
|
||||||
register: awx_janitors_token
|
register: awx_janitors_token
|
||||||
no_log: True
|
no_log: true
|
||||||
|
|
||||||
- name: Generate list of dates to purge to
|
- name: Generate list of dates to purge to
|
||||||
delegate_to: 127.0.0.1
|
delegate_to: 127.0.0.1
|
||||||
@ -37,16 +38,16 @@
|
|||||||
register: awx_local_media_size_before
|
register: awx_local_media_size_before
|
||||||
when: awx_purge_media_type == "Local Media"
|
when: awx_purge_media_type == "Local Media"
|
||||||
async: 600
|
async: 600
|
||||||
ignore_errors: yes
|
ignore_errors: true
|
||||||
no_log: True
|
no_log: true
|
||||||
|
|
||||||
- name: Calculate initial size of remote media repository
|
- name: Calculate initial size of remote media repository
|
||||||
shell: du -sh /matrix/synapse/storage/media-store/remote*
|
shell: du -sh /matrix/synapse/storage/media-store/remote*
|
||||||
register: awx_remote_media_size_before
|
register: awx_remote_media_size_before
|
||||||
when: awx_purge_media_type == "Remote Media"
|
when: awx_purge_media_type == "Remote Media"
|
||||||
async: 600
|
async: 600
|
||||||
ignore_errors: yes
|
ignore_errors: true
|
||||||
no_log: True
|
no_log: true
|
||||||
|
|
||||||
- name: Purge local media with loop
|
- name: Purge local media with loop
|
||||||
include_tasks: purge_media_local.yml
|
include_tasks: purge_media_local.yml
|
||||||
@ -62,15 +63,15 @@
|
|||||||
shell: du -sh /matrix/synapse/storage/media-store/local*
|
shell: du -sh /matrix/synapse/storage/media-store/local*
|
||||||
register: awx_local_media_size_after
|
register: awx_local_media_size_after
|
||||||
when: awx_purge_media_type == "Local Media"
|
when: awx_purge_media_type == "Local Media"
|
||||||
ignore_errors: yes
|
ignore_errors: true
|
||||||
no_log: True
|
no_log: true
|
||||||
|
|
||||||
- name: Calculate final size of remote media repository
|
- name: Calculate final size of remote media repository
|
||||||
shell: du -sh /matrix/synapse/storage/media-store/remote*
|
shell: du -sh /matrix/synapse/storage/media-store/remote*
|
||||||
register: awx_remote_media_size_after
|
register: awx_remote_media_size_after
|
||||||
when: awx_purge_media_type == "Remote Media"
|
when: awx_purge_media_type == "Remote Media"
|
||||||
ignore_errors: yes
|
ignore_errors: true
|
||||||
no_log: True
|
no_log: true
|
||||||
|
|
||||||
- name: Print size of local media repository before purge
|
- name: Print size of local media repository before purge
|
||||||
debug:
|
debug:
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
authorized_key:
|
authorized_key:
|
||||||
user: root
|
user: root
|
||||||
state: present
|
state: present
|
||||||
exclusive: yes
|
exclusive: true
|
||||||
key: "{{ lookup('file', '/var/lib/awx/projects/hosting/client_public.key') }}"
|
key: "{{ lookup('file', '/var/lib/awx/projects/hosting/client_public.key') }}"
|
||||||
|
|
||||||
- name: Delete the AWX session token for executing modules
|
- name: Delete the AWX session token for executing modules
|
||||||
|
@ -25,47 +25,47 @@
|
|||||||
shell: |
|
shell: |
|
||||||
curl -s localhost:9000 | grep "^synapse_admin_mau_current "
|
curl -s localhost:9000 | grep "^synapse_admin_mau_current "
|
||||||
register: awx_mau_stat
|
register: awx_mau_stat
|
||||||
no_log: True
|
no_log: true
|
||||||
|
|
||||||
- name: Calculate CPU usage statistics
|
- name: Calculate CPU usage statistics
|
||||||
shell: iostat -c
|
shell: iostat -c
|
||||||
register: awx_cpu_usage_stat
|
register: awx_cpu_usage_stat
|
||||||
no_log: True
|
no_log: true
|
||||||
|
|
||||||
- name: Calculate RAM usage statistics
|
- name: Calculate RAM usage statistics
|
||||||
shell: free -mh
|
shell: free -mh
|
||||||
register: awx_ram_usage_stat
|
register: awx_ram_usage_stat
|
||||||
no_log: True
|
no_log: true
|
||||||
|
|
||||||
- name: Calculate free disk space
|
- name: Calculate free disk space
|
||||||
shell: df -h
|
shell: df -h
|
||||||
register: awx_disk_space_stat
|
register: awx_disk_space_stat
|
||||||
no_log: True
|
no_log: true
|
||||||
|
|
||||||
- name: Calculate size of Synapse database
|
- name: Calculate size of Synapse database
|
||||||
shell: du -sh /matrix/postgres/data
|
shell: du -sh /matrix/postgres/data
|
||||||
register: awx_db_size_stat
|
register: awx_db_size_stat
|
||||||
no_log: True
|
no_log: true
|
||||||
|
|
||||||
- name: Calculate size of local media repository
|
- name: Calculate size of local media repository
|
||||||
shell: du -sh /matrix/synapse/storage/media-store/local*
|
shell: du -sh /matrix/synapse/storage/media-store/local*
|
||||||
register: awx_local_media_size_stat
|
register: awx_local_media_size_stat
|
||||||
async: 600
|
async: 600
|
||||||
ignore_errors: yes
|
ignore_errors: true
|
||||||
no_log: True
|
no_log: true
|
||||||
|
|
||||||
- name: Calculate size of remote media repository
|
- name: Calculate size of remote media repository
|
||||||
shell: du -sh /matrix/synapse/storage/media-store/remote*
|
shell: du -sh /matrix/synapse/storage/media-store/remote*
|
||||||
register: awx_remote_media_size_stat
|
register: awx_remote_media_size_stat
|
||||||
async: 600
|
async: 600
|
||||||
ignore_errors: yes
|
ignore_errors: true
|
||||||
no_log: True
|
no_log: true
|
||||||
|
|
||||||
- name: Calculate docker container statistics
|
- name: Calculate docker container statistics
|
||||||
shell: docker stats --all --no-stream
|
shell: docker stats --all --no-stream
|
||||||
register: awx_docker_stats
|
register: awx_docker_stats
|
||||||
ignore_errors: yes
|
ignore_errors: true
|
||||||
no_log: True
|
no_log: true
|
||||||
|
|
||||||
- name: Print size of remote media repository
|
- name: Print size of remote media repository
|
||||||
debug:
|
debug:
|
||||||
|
@ -235,9 +235,9 @@
|
|||||||
credential: "{{ member_id }} - AWX SSH Key"
|
credential: "{{ member_id }} - AWX SSH Key"
|
||||||
survey_enabled: true
|
survey_enabled: true
|
||||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json') }}"
|
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json') }}"
|
||||||
become_enabled: yes
|
become_enabled: true
|
||||||
state: present
|
state: present
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
tower_host: "https://{{ awx_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: true
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
- name: Include vars in matrix_vars.yml
|
- name: Include vars in matrix_vars.yml
|
||||||
include_vars:
|
include_vars:
|
||||||
file: '{{ awx_cached_matrix_vars }}'
|
file: '{{ awx_cached_matrix_vars }}'
|
||||||
no_log: True
|
no_log: true
|
||||||
|
|
||||||
- name: Install jq and curl on remote machine
|
- name: Install jq and curl on remote machine
|
||||||
apt:
|
apt:
|
||||||
@ -14,7 +14,7 @@
|
|||||||
|
|
||||||
- name: Collect access token of @admin-dimension user
|
- name: Collect access token of @admin-dimension user
|
||||||
shell: |
|
shell: |
|
||||||
curl -X POST --header 'Content-Type: application/json' -d '{ "identifier": { "type": "m.id.user","user": "admin-dimension" }, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//'
|
curl -X POST --header 'Content-Type: application/json' -d '{"identifier": {"type": "m.id.user","user": "admin-dimension"}, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//'
|
||||||
register: awx_dimension_user_access_token
|
register: awx_dimension_user_access_token
|
||||||
|
|
||||||
- name: Record Synapse variables locally on AWX
|
- name: Record Synapse variables locally on AWX
|
||||||
@ -97,9 +97,9 @@
|
|||||||
credential: "{{ member_id }} - AWX SSH Key"
|
credential: "{{ member_id }} - AWX SSH Key"
|
||||||
survey_enabled: true
|
survey_enabled: true
|
||||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json') }}"
|
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json') }}"
|
||||||
become_enabled: yes
|
become_enabled: true
|
||||||
state: present
|
state: present
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
tower_host: "https://{{ awx_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: true
|
||||||
|
@ -172,9 +172,9 @@
|
|||||||
credential: "{{ member_id }} - AWX SSH Key"
|
credential: "{{ member_id }} - AWX SSH Key"
|
||||||
survey_enabled: true
|
survey_enabled: true
|
||||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json') }}"
|
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json') }}"
|
||||||
become_enabled: yes
|
become_enabled: true
|
||||||
state: present
|
state: present
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
tower_host: "https://{{ awx_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: true
|
||||||
|
@ -40,4 +40,4 @@
|
|||||||
verbosity: 1
|
verbosity: 1
|
||||||
tower_host: "https://{{ awx_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: true
|
||||||
|
@ -37,9 +37,9 @@
|
|||||||
credential: "{{ member_id }} - AWX SSH Key"
|
credential: "{{ member_id }} - AWX SSH Key"
|
||||||
survey_enabled: true
|
survey_enabled: true
|
||||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json') }}"
|
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json') }}"
|
||||||
become_enabled: yes
|
become_enabled: true
|
||||||
state: present
|
state: present
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
tower_host: "https://{{ awx_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: true
|
||||||
|
@ -66,7 +66,7 @@
|
|||||||
with_dict:
|
with_dict:
|
||||||
'awx_matrix_ma1sd_auth_store': '{{ awx_matrix_ma1sd_auth_store }}'
|
'awx_matrix_ma1sd_auth_store': '{{ awx_matrix_ma1sd_auth_store }}'
|
||||||
'awx_matrix_ma1sd_configuration_extension_yaml': '{{ awx_matrix_ma1sd_configuration_extension_yaml.splitlines() | to_json }}'
|
'awx_matrix_ma1sd_configuration_extension_yaml': '{{ awx_matrix_ma1sd_configuration_extension_yaml.splitlines() | to_json }}'
|
||||||
no_log: True
|
no_log: true
|
||||||
|
|
||||||
- name: Save new 'Configure ma1sd' survey.json to the AWX tower, template
|
- name: Save new 'Configure ma1sd' survey.json to the AWX tower, template
|
||||||
delegate_to: 127.0.0.1
|
delegate_to: 127.0.0.1
|
||||||
@ -94,10 +94,9 @@
|
|||||||
credential: "{{ member_id }} - AWX SSH Key"
|
credential: "{{ member_id }} - AWX SSH Key"
|
||||||
survey_enabled: true
|
survey_enabled: true
|
||||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json') }}"
|
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json') }}"
|
||||||
become_enabled: yes
|
become_enabled: true
|
||||||
state: present
|
state: present
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
tower_host: "https://{{ awx_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: true
|
||||||
|
|
||||||
|
@ -36,9 +36,9 @@
|
|||||||
credential: "{{ member_id }} - AWX SSH Key"
|
credential: "{{ member_id }} - AWX SSH Key"
|
||||||
survey_enabled: true
|
survey_enabled: true
|
||||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json') }}"
|
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json') }}"
|
||||||
become_enabled: yes
|
become_enabled: true
|
||||||
state: present
|
state: present
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
tower_host: "https://{{ awx_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: true
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
---
|
||||||
|
|
||||||
- name: Limit max upload size to 200MB part 1
|
- name: Limit max upload size to 200MB part 1
|
||||||
set_fact:
|
set_fact:
|
||||||
@ -214,9 +215,9 @@
|
|||||||
credential: "{{ member_id }} - AWX SSH Key"
|
credential: "{{ member_id }} - AWX SSH Key"
|
||||||
survey_enabled: true
|
survey_enabled: true
|
||||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json') }}"
|
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json') }}"
|
||||||
become_enabled: yes
|
become_enabled: true
|
||||||
state: present
|
state: present
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
tower_host: "https://{{ awx_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: true
|
||||||
|
@ -36,9 +36,9 @@
|
|||||||
credential: "{{ member_id }} - AWX SSH Key"
|
credential: "{{ member_id }} - AWX SSH Key"
|
||||||
survey_enabled: true
|
survey_enabled: true
|
||||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json') }}"
|
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json') }}"
|
||||||
become_enabled: yes
|
become_enabled: true
|
||||||
state: present
|
state: present
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
tower_host: "https://{{ awx_host }}"
|
tower_host: "https://{{ awx_host }}"
|
||||||
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
|
||||||
validate_certs: yes
|
validate_certs: true
|
||||||
|
@ -7,15 +7,21 @@
|
|||||||
regexp: 'matrix_synapse_use_presence'
|
regexp: 'matrix_synapse_use_presence'
|
||||||
replace: 'matrix_synapse_presence_enabled'
|
replace: 'matrix_synapse_presence_enabled'
|
||||||
|
|
||||||
- name: Generate matrix_homeserver_generic_secret_key variable
|
- name: Search for matrix_homeserver_generic_secret_key variable in matrix_vars.yml
|
||||||
|
delegate_to: 127.0.0.1
|
||||||
|
register: presence
|
||||||
|
shell: "grep -i 'matrix_homeserver_generic_secret_key' /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml"
|
||||||
|
no_log: true
|
||||||
|
|
||||||
|
- name: Generate matrix_homeserver_generic_secret_key variable if not present
|
||||||
delegate_to: 127.0.0.1
|
delegate_to: 127.0.0.1
|
||||||
command: |
|
command: |
|
||||||
openssl rand -hex 16
|
openssl rand -hex 16
|
||||||
register: generic_secret
|
register: generic_secret
|
||||||
no_log: True
|
no_log: true
|
||||||
when: ( matrix_homeserver_generic_secret_key is undefined ) or ( matrix_homeserver_generic_secret_key | length == 0 )
|
when: presence is not changed
|
||||||
|
|
||||||
- name: Add new matrix_homeserver_generic_secret_key variable
|
- name: Add new matrix_homeserver_generic_secret_key variable if not present
|
||||||
delegate_to: 127.0.0.1
|
delegate_to: 127.0.0.1
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||||
@ -23,4 +29,4 @@
|
|||||||
insertbefore: '# Basic Settings End'
|
insertbefore: '# Basic Settings End'
|
||||||
mode: '0600'
|
mode: '0600'
|
||||||
state: present
|
state: present
|
||||||
when: ( matrix_homeserver_generic_secret_key is undefined ) or ( matrix_homeserver_generic_secret_key | length == 0 )
|
when: presence is not changed
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
---
|
||||||
# The bare domain name which represents your Matrix identity.
|
# The bare domain name which represents your Matrix identity.
|
||||||
# Matrix user ids for your server will be of the form (`@user:<matrix-domain>`).
|
# Matrix user ids for your server will be of the form (`@user:<matrix-domain>`).
|
||||||
#
|
#
|
||||||
@ -98,8 +99,8 @@ matrix_host_command_openssl: "/usr/bin/env openssl"
|
|||||||
matrix_host_command_systemctl: "/usr/bin/env systemctl"
|
matrix_host_command_systemctl: "/usr/bin/env systemctl"
|
||||||
matrix_host_command_sh: "/usr/bin/env sh"
|
matrix_host_command_sh: "/usr/bin/env sh"
|
||||||
|
|
||||||
matrix_ntpd_package: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version > '7') or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version > '18') else ( 'systemd' if ansible_os_family == 'Suse' else 'ntp' ) }}"
|
matrix_ntpd_package: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 7) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version|int > 18) else ( 'systemd' if ansible_os_family == 'Suse' else 'ntp' ) }}"
|
||||||
matrix_ntpd_service: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version > '7') or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version > '18') or ansible_distribution == 'Archlinux' or ansible_os_family == 'Suse' else ('ntpd' if ansible_os_family == 'RedHat' else 'ntp') }}"
|
matrix_ntpd_service: "{{ 'systemd-timesyncd' if (ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 7) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version|int > 18) or ansible_distribution == 'Archlinux' or ansible_os_family == 'Suse' else ('ntpd' if ansible_os_family == 'RedHat' else 'ntp') }}"
|
||||||
|
|
||||||
matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}"
|
matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}"
|
||||||
|
|
||||||
|
62
roles/matrix-base/files/yum.repos.d/docker-ce-fedora.repo
Normal file
62
roles/matrix-base/files/yum.repos.d/docker-ce-fedora.repo
Normal file
@ -0,0 +1,62 @@
|
|||||||
|
[docker-ce-stable]
|
||||||
|
name=Docker CE Stable - $basearch
|
||||||
|
baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/stable
|
||||||
|
enabled=1
|
||||||
|
gpgcheck=1
|
||||||
|
gpgkey=https://download.docker.com/linux/fedora/gpg
|
||||||
|
|
||||||
|
[docker-ce-stable-debuginfo]
|
||||||
|
name=Docker CE Stable - Debuginfo $basearch
|
||||||
|
baseurl=https://download.docker.com/linux/fedora/$releasever/debug-$basearch/stable
|
||||||
|
enabled=0
|
||||||
|
gpgcheck=1
|
||||||
|
gpgkey=https://download.docker.com/linux/fedora/gpg
|
||||||
|
|
||||||
|
[docker-ce-stable-source]
|
||||||
|
name=Docker CE Stable - Sources
|
||||||
|
baseurl=https://download.docker.com/linux/fedora/$releasever/source/stable
|
||||||
|
enabled=0
|
||||||
|
gpgcheck=1
|
||||||
|
gpgkey=https://download.docker.com/linux/fedora/gpg
|
||||||
|
|
||||||
|
[docker-ce-test]
|
||||||
|
name=Docker CE Test - $basearch
|
||||||
|
baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/test
|
||||||
|
enabled=0
|
||||||
|
gpgcheck=1
|
||||||
|
gpgkey=https://download.docker.com/linux/fedora/gpg
|
||||||
|
|
||||||
|
[docker-ce-test-debuginfo]
|
||||||
|
name=Docker CE Test - Debuginfo $basearch
|
||||||
|
baseurl=https://download.docker.com/linux/fedora/$releasever/debug-$basearch/test
|
||||||
|
enabled=0
|
||||||
|
gpgcheck=1
|
||||||
|
gpgkey=https://download.docker.com/linux/fedora/gpg
|
||||||
|
|
||||||
|
[docker-ce-test-source]
|
||||||
|
name=Docker CE Test - Sources
|
||||||
|
baseurl=https://download.docker.com/linux/fedora/$releasever/source/test
|
||||||
|
enabled=0
|
||||||
|
gpgcheck=1
|
||||||
|
gpgkey=https://download.docker.com/linux/fedora/gpg
|
||||||
|
|
||||||
|
[docker-ce-nightly]
|
||||||
|
name=Docker CE Nightly - $basearch
|
||||||
|
baseurl=https://download.docker.com/linux/fedora/$releasever/$basearch/nightly
|
||||||
|
enabled=0
|
||||||
|
gpgcheck=1
|
||||||
|
gpgkey=https://download.docker.com/linux/fedora/gpg
|
||||||
|
|
||||||
|
[docker-ce-nightly-debuginfo]
|
||||||
|
name=Docker CE Nightly - Debuginfo $basearch
|
||||||
|
baseurl=https://download.docker.com/linux/fedora/$releasever/debug-$basearch/nightly
|
||||||
|
enabled=0
|
||||||
|
gpgcheck=1
|
||||||
|
gpgkey=https://download.docker.com/linux/fedora/gpg
|
||||||
|
|
||||||
|
[docker-ce-nightly-source]
|
||||||
|
name=Docker CE Nightly - Sources
|
||||||
|
baseurl=https://download.docker.com/linux/fedora/$releasever/source/nightly
|
||||||
|
enabled=0
|
||||||
|
gpgcheck=1
|
||||||
|
gpgkey=https://download.docker.com/linux/fedora/gpg
|
@ -1,3 +1,5 @@
|
|||||||
|
---
|
||||||
|
|
||||||
- import_tasks: "{{ role_path }}/tasks/sanity_check.yml"
|
- import_tasks: "{{ role_path }}/tasks/sanity_check.yml"
|
||||||
tags:
|
tags:
|
||||||
- always
|
- always
|
||||||
|
@ -1,10 +1,13 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
- include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat.yml"
|
- include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat.yml"
|
||||||
when: ansible_os_family == 'RedHat' and ansible_distribution_major_version < '8'
|
when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int < 8
|
||||||
|
|
||||||
- include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat8.yml"
|
- include_tasks: "{{ role_path }}/tasks/server_base/setup_redhat8.yml"
|
||||||
when: ansible_os_family == 'RedHat' and ansible_distribution_major_version > '7'
|
when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 7 and ansible_distribution_major_version|int < 30
|
||||||
|
|
||||||
|
- include_tasks: "{{ role_path }}/tasks/server_base/setup_fedora.yml"
|
||||||
|
when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int > 30
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
# ansible_lsb is only available if lsb-release is installed.
|
# ansible_lsb is only available if lsb-release is installed.
|
||||||
@ -13,7 +16,7 @@
|
|||||||
name:
|
name:
|
||||||
- lsb-release
|
- lsb-release
|
||||||
state: present
|
state: present
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
register: lsb_release_installation_result
|
register: lsb_release_installation_result
|
||||||
|
|
||||||
- name: Reread ansible_lsb facts if lsb-release got installed
|
- name: Reread ansible_lsb facts if lsb-release got installed
|
||||||
@ -34,10 +37,10 @@
|
|||||||
service:
|
service:
|
||||||
name: docker
|
name: docker
|
||||||
state: started
|
state: started
|
||||||
enabled: yes
|
enabled: true
|
||||||
|
|
||||||
- name: "Ensure {{ matrix_ntpd_service }} is started and autoruns"
|
- name: "Ensure {{ matrix_ntpd_service }} is started and autoruns"
|
||||||
service:
|
service:
|
||||||
name: "{{ matrix_ntpd_service }}"
|
name: "{{ matrix_ntpd_service }}"
|
||||||
state: started
|
state: started
|
||||||
enabled: yes
|
enabled: true
|
||||||
|
@ -6,7 +6,7 @@
|
|||||||
- python-docker
|
- python-docker
|
||||||
- python-dnspython
|
- python-dnspython
|
||||||
state: latest
|
state: latest
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
|
|
||||||
- name: Ensure Docker is installed
|
- name: Ensure Docker is installed
|
||||||
pacman:
|
pacman:
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
- ca-certificates
|
- ca-certificates
|
||||||
- gnupg
|
- gnupg
|
||||||
state: present
|
state: present
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
|
|
||||||
- name: Ensure Docker's APT key is trusted
|
- name: Ensure Docker's APT key is trusted
|
||||||
apt_key:
|
apt_key:
|
||||||
@ -22,7 +22,7 @@
|
|||||||
apt_repository:
|
apt_repository:
|
||||||
repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable"
|
repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable"
|
||||||
state: present
|
state: present
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
|
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
|
||||||
|
|
||||||
- name: Ensure APT packages are installed
|
- name: Ensure APT packages are installed
|
||||||
@ -30,7 +30,7 @@
|
|||||||
name:
|
name:
|
||||||
- "{{ matrix_ntpd_package }}"
|
- "{{ matrix_ntpd_package }}"
|
||||||
state: latest
|
state: latest
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
|
|
||||||
- name: Ensure Docker is installed
|
- name: Ensure Docker is installed
|
||||||
apt:
|
apt:
|
||||||
|
39
roles/matrix-base/tasks/server_base/setup_fedora.yml
Normal file
39
roles/matrix-base/tasks/server_base/setup_fedora.yml
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Ensure Docker repository is enabled
|
||||||
|
template:
|
||||||
|
src: "{{ role_path }}/files/yum.repos.d/{{ item }}"
|
||||||
|
dest: "/etc/yum.repos.d/docker-ce.repo"
|
||||||
|
owner: "root"
|
||||||
|
group: "root"
|
||||||
|
mode: 0644
|
||||||
|
with_items:
|
||||||
|
- docker-ce-fedora.repo
|
||||||
|
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
|
||||||
|
|
||||||
|
- name: Ensure Docker's RPM key is trusted
|
||||||
|
rpm_key:
|
||||||
|
state: present
|
||||||
|
key: https://download.docker.com/linux/fedora/gpg
|
||||||
|
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
|
||||||
|
|
||||||
|
- name: Ensure yum packages are installed
|
||||||
|
yum:
|
||||||
|
name:
|
||||||
|
- "{{ matrix_ntpd_package }}"
|
||||||
|
state: latest
|
||||||
|
update_cache: true
|
||||||
|
|
||||||
|
- name: Ensure Docker is installed
|
||||||
|
yum:
|
||||||
|
name:
|
||||||
|
- "{{ matrix_docker_package_name }}"
|
||||||
|
- python3-pip
|
||||||
|
state: latest
|
||||||
|
when: matrix_docker_installation_enabled|bool
|
||||||
|
|
||||||
|
- name: Ensure Docker-Py is installed
|
||||||
|
pip:
|
||||||
|
name: docker-py
|
||||||
|
state: latest
|
||||||
|
when: matrix_docker_installation_enabled|bool
|
@ -7,7 +7,7 @@
|
|||||||
- ca-certificates
|
- ca-certificates
|
||||||
- gnupg
|
- gnupg
|
||||||
state: present
|
state: present
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
|
|
||||||
- name: Ensure Docker's APT key is trusted
|
- name: Ensure Docker's APT key is trusted
|
||||||
apt_key:
|
apt_key:
|
||||||
@ -22,7 +22,7 @@
|
|||||||
apt_repository:
|
apt_repository:
|
||||||
repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/raspbian {{ ansible_distribution_release }} stable"
|
repo: "deb [arch={{ matrix_debian_arch }}] https://download.docker.com/linux/raspbian {{ ansible_distribution_release }} stable"
|
||||||
state: present
|
state: present
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
|
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
|
||||||
|
|
||||||
- name: Ensure APT packages are installed
|
- name: Ensure APT packages are installed
|
||||||
@ -30,7 +30,7 @@
|
|||||||
name:
|
name:
|
||||||
- "{{ matrix_ntpd_package }}"
|
- "{{ matrix_ntpd_package }}"
|
||||||
state: latest
|
state: latest
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
|
|
||||||
- name: Ensure Docker is installed
|
- name: Ensure Docker is installed
|
||||||
apt:
|
apt:
|
||||||
|
@ -2,13 +2,11 @@
|
|||||||
|
|
||||||
- name: Ensure Docker repository is enabled
|
- name: Ensure Docker repository is enabled
|
||||||
template:
|
template:
|
||||||
src: "{{ role_path }}/files/yum.repos.d/{{ item }}"
|
src: "{{ role_path }}/files/yum.repos.d/docker-ce-centos.repo"
|
||||||
dest: "/etc/yum.repos.d/{{ item }}"
|
dest: "/etc/yum.repos.d/docker-ce.repo"
|
||||||
owner: "root"
|
owner: "root"
|
||||||
group: "root"
|
group: "root"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
with_items:
|
|
||||||
- docker-ce.repo
|
|
||||||
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
|
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
|
||||||
|
|
||||||
- name: Ensure Docker's RPM key is trusted
|
- name: Ensure Docker's RPM key is trusted
|
||||||
@ -22,7 +20,7 @@
|
|||||||
name:
|
name:
|
||||||
- "{{ matrix_ntpd_package }}"
|
- "{{ matrix_ntpd_package }}"
|
||||||
state: latest
|
state: latest
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
|
|
||||||
- name: Ensure Docker is installed
|
- name: Ensure Docker is installed
|
||||||
yum:
|
yum:
|
||||||
|
@ -2,13 +2,11 @@
|
|||||||
|
|
||||||
- name: Ensure Docker repository is enabled
|
- name: Ensure Docker repository is enabled
|
||||||
template:
|
template:
|
||||||
src: "{{ role_path }}/files/yum.repos.d/{{ item }}"
|
src: "{{ role_path }}/files/yum.repos.d/docker-ce-centos.repo"
|
||||||
dest: "/etc/yum.repos.d/{{ item }}"
|
dest: "/etc/yum.repos.d/docker-ce.repo"
|
||||||
owner: "root"
|
owner: "root"
|
||||||
group: "root"
|
group: "root"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
with_items:
|
|
||||||
- docker-ce.repo
|
|
||||||
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
|
when: matrix_docker_installation_enabled|bool and matrix_docker_package_name == 'docker-ce'
|
||||||
|
|
||||||
- name: Ensure Docker's RPM key is trusted
|
- name: Ensure Docker's RPM key is trusted
|
||||||
@ -22,14 +20,14 @@
|
|||||||
name:
|
name:
|
||||||
- epel-release
|
- epel-release
|
||||||
state: latest
|
state: latest
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
|
|
||||||
- name: Ensure yum packages are installed
|
- name: Ensure yum packages are installed
|
||||||
yum:
|
yum:
|
||||||
name:
|
name:
|
||||||
- "{{ matrix_ntpd_package }}"
|
- "{{ matrix_ntpd_package }}"
|
||||||
state: latest
|
state: latest
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
|
|
||||||
- name: Ensure Docker is installed
|
- name: Ensure Docker is installed
|
||||||
yum:
|
yum:
|
||||||
|
@ -18,8 +18,8 @@
|
|||||||
state: present
|
state: present
|
||||||
group: "{{ matrix_user_groupname }}"
|
group: "{{ matrix_user_groupname }}"
|
||||||
home: "{{ matrix_base_data_path }}"
|
home: "{{ matrix_base_data_path }}"
|
||||||
create_home: no
|
create_home: false
|
||||||
system: yes
|
system: true
|
||||||
register: matrix_user
|
register: matrix_user
|
||||||
|
|
||||||
- name: Set Matrix Group UID Variable
|
- name: Set Matrix Group UID Variable
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
---
|
||||||
# We need others to be able to read these directories too,
|
# We need others to be able to read these directories too,
|
||||||
# so that matrix-nginx-proxy's nginx user can access the files.
|
# so that matrix-nginx-proxy's nginx user can access the files.
|
||||||
#
|
#
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
|
---
|
||||||
# This is for both RedHat 7 and 8
|
# This is for both RedHat 7 and 8
|
||||||
- name: Ensure fuse installed (RedHat)
|
- name: Ensure fuse installed (RedHat)
|
||||||
yum:
|
yum:
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
|
---
|
||||||
# This is for both RedHat 7 and 8
|
# This is for both RedHat 7 and 8
|
||||||
- name: Ensure openssl installed (RedHat)
|
- name: Ensure openssl installed (RedHat)
|
||||||
yum:
|
yum:
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
---
|
||||||
# This will contain a list of enabled services that the playbook is managing.
|
# This will contain a list of enabled services that the playbook is managing.
|
||||||
# Each component is expected to append its service name to this list.
|
# Each component is expected to append its service name to this list.
|
||||||
matrix_systemd_services_list: []
|
matrix_systemd_services_list: []
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
---
|
||||||
# Go-NEB is a Matrix bot written in Go. It is the successor to Matrix-NEB, the original Matrix bot written in Python.
|
# Go-NEB is a Matrix bot written in Go. It is the successor to Matrix-NEB, the original Matrix bot written in Python.
|
||||||
# See: https://github.com/matrix-org/go-neb
|
# See: https://github.com/matrix-org/go-neb
|
||||||
|
|
||||||
@ -203,8 +204,8 @@ matrix_bot_go_neb_services: []
|
|||||||
# # Each room will get the notification with the alert rendered with the given template
|
# # Each room will get the notification with the alert rendered with the given template
|
||||||
# rooms:
|
# rooms:
|
||||||
# "!someroomid:domain.tld":
|
# "!someroomid:domain.tld":
|
||||||
# text_template: "{% raw %}{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\" }}: {{index .Annotations \"description\"}} {{ end -}}{% endraw %}"
|
# text_template: "{% raw %}{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\"}}: {{index .Annotations \"description\"}} {{ end -}}{% endraw %}"
|
||||||
# html_template: "{% raw %}{{range .Alerts -}} {{ $severity := index .Labels \"severity\" }} {{ if eq .Status \"firing\" }} {{ if eq $severity \"critical\"}} <font color='red'><b>[FIRING - CRITICAL]</b></font> {{ else if eq $severity \"warning\"}} <font color='orange'><b>[FIRING - WARNING]</b></font> {{ else }} <b>[FIRING - {{ $severity }}]</b> {{ end }} {{ else }} <font color='green'><b>[RESOLVED]</b></font> {{ end }} {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}} <a href=\"{{ .GeneratorURL }}\">source</a><br/>{{end -}}{% endraw %}"
|
# html_template: "{% raw %}{{range .Alerts -}} {{ $severity := index .Labels \"severity\"}} {{ if eq .Status \"firing\"}} {{ if eq $severity \"critical\"}} <font color='red'><b>[FIRING - CRITICAL]</b></font> {{ else if eq $severity \"warning\"}} <font color='orange'><b>[FIRING - WARNING]</b></font> {{ else }} <b>[FIRING - {{ $severity }}]</b> {{ end }} {{ else }} <font color='green'><b>[RESOLVED]</b></font> {{ end }} {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}} <a href=\"{{ .GeneratorURL }}\">source</a><br/>{{end -}}{% endraw %}"
|
||||||
# msg_type: "m.text" # Must be either `m.text` or `m.notice`
|
# msg_type: "m.text" # Must be either `m.text` or `m.notice`
|
||||||
|
|
||||||
# Default configuration template which covers the generic use case.
|
# Default configuration template which covers the generic use case.
|
||||||
@ -228,4 +229,3 @@ matrix_bot_go_neb_configuration_extension: "{{ matrix_bot_go_neb_configuration_e
|
|||||||
# Holds the final configuration (a combination of the default and its extension).
|
# Holds the final configuration (a combination of the default and its extension).
|
||||||
# You most likely don't need to touch this variable. Instead, see `matrix_bot_go_neb_configuration_yaml`.
|
# You most likely don't need to touch this variable. Instead, see `matrix_bot_go_neb_configuration_yaml`.
|
||||||
matrix_bot_go_neb_configuration: "{{ matrix_bot_go_neb_configuration_yaml|from_yaml|combine(matrix_bot_go_neb_configuration_extension, recursive=True) }}"
|
matrix_bot_go_neb_configuration: "{{ matrix_bot_go_neb_configuration_yaml|from_yaml|combine(matrix_bot_go_neb_configuration_extension, recursive=True) }}"
|
||||||
|
|
||||||
|
@ -1,3 +1,5 @@
|
|||||||
|
---
|
||||||
|
|
||||||
- set_fact:
|
- set_fact:
|
||||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-go-neb.service'] }}"
|
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-go-neb.service'] }}"
|
||||||
when: matrix_bot_go_neb_enabled|bool
|
when: matrix_bot_go_neb_enabled|bool
|
||||||
|
@ -1,3 +1,5 @@
|
|||||||
|
---
|
||||||
|
|
||||||
- import_tasks: "{{ role_path }}/tasks/init.yml"
|
- import_tasks: "{{ role_path }}/tasks/init.yml"
|
||||||
tags:
|
tags:
|
||||||
- always
|
- always
|
||||||
|
@ -11,9 +11,9 @@
|
|||||||
owner: "{{ matrix_user_username }}"
|
owner: "{{ matrix_user_username }}"
|
||||||
group: "{{ matrix_user_groupname }}"
|
group: "{{ matrix_user_groupname }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { path: "{{ matrix_bot_go_neb_config_path }}", when: true }
|
- {path: "{{ matrix_bot_go_neb_config_path }}", when: true}
|
||||||
- { path: "{{ matrix_bot_go_neb_data_path }}", when: true }
|
- {path: "{{ matrix_bot_go_neb_data_path }}", when: true}
|
||||||
- { path: "{{ matrix_bot_go_neb_data_store_path }}", when: true }
|
- {path: "{{ matrix_bot_go_neb_data_store_path }}", when: true}
|
||||||
when: "item.when|bool"
|
when: "item.when|bool"
|
||||||
|
|
||||||
- name: Ensure go-neb image is pulled
|
- name: Ensure go-neb image is pulled
|
||||||
@ -40,7 +40,7 @@
|
|||||||
|
|
||||||
- name: Ensure systemd reloaded after matrix-bot-go-neb.service installation
|
- name: Ensure systemd reloaded after matrix-bot-go-neb.service installation
|
||||||
service:
|
service:
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
when: "matrix_bot_go_neb_systemd_service_result.changed|bool"
|
when: "matrix_bot_go_neb_systemd_service_result.changed|bool"
|
||||||
|
|
||||||
- name: Ensure matrix-bot-go-neb.service restarted, if necessary
|
- name: Ensure matrix-bot-go-neb.service restarted, if necessary
|
||||||
|
@ -9,8 +9,8 @@
|
|||||||
service:
|
service:
|
||||||
name: matrix-bot-go-neb
|
name: matrix-bot-go-neb
|
||||||
state: stopped
|
state: stopped
|
||||||
enabled: no
|
enabled: false
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
register: stopping_result
|
register: stopping_result
|
||||||
when: "matrix_bot_go_neb_service_stat.stat.exists|bool"
|
when: "matrix_bot_go_neb_service_stat.stat.exists|bool"
|
||||||
|
|
||||||
@ -22,7 +22,7 @@
|
|||||||
|
|
||||||
- name: Ensure systemd reloaded after matrix-bot-go-neb.service removal
|
- name: Ensure systemd reloaded after matrix-bot-go-neb.service removal
|
||||||
service:
|
service:
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
when: "matrix_bot_go_neb_service_stat.stat.exists|bool"
|
when: "matrix_bot_go_neb_service_stat.stat.exists|bool"
|
||||||
|
|
||||||
- name: Ensure Matrix go-neb paths don't exist
|
- name: Ensure Matrix go-neb paths don't exist
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
---
|
||||||
# honoroit is a helpdesk bot
|
# honoroit is a helpdesk bot
|
||||||
# See: https://gitlab.com/etke.cc/honoroit
|
# See: https://gitlab.com/etke.cc/honoroit
|
||||||
|
|
||||||
|
@ -1,3 +1,5 @@
|
|||||||
|
---
|
||||||
|
|
||||||
- set_fact:
|
- set_fact:
|
||||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-honoroit.service'] }}"
|
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-honoroit.service'] }}"
|
||||||
when: matrix_bot_honoroit_enabled|bool
|
when: matrix_bot_honoroit_enabled|bool
|
||||||
|
@ -1,3 +1,5 @@
|
|||||||
|
---
|
||||||
|
|
||||||
- import_tasks: "{{ role_path }}/tasks/init.yml"
|
- import_tasks: "{{ role_path }}/tasks/init.yml"
|
||||||
tags:
|
tags:
|
||||||
- always
|
- always
|
||||||
|
@ -33,10 +33,10 @@
|
|||||||
owner: "{{ matrix_user_username }}"
|
owner: "{{ matrix_user_username }}"
|
||||||
group: "{{ matrix_user_groupname }}"
|
group: "{{ matrix_user_groupname }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { path: "{{ matrix_bot_honoroit_config_path }}", when: true }
|
- {path: "{{ matrix_bot_honoroit_config_path }}", when: true}
|
||||||
- { path: "{{ matrix_bot_honoroit_data_path }}", when: true }
|
- {path: "{{ matrix_bot_honoroit_data_path }}", when: true}
|
||||||
- { path: "{{ matrix_bot_honoroit_data_store_path }}", when: true }
|
- {path: "{{ matrix_bot_honoroit_data_store_path }}", when: true}
|
||||||
- { path: "{{ matrix_bot_honoroit_docker_src_files_path }}", when: true}
|
- {path: "{{ matrix_bot_honoroit_docker_src_files_path }}", when: true}
|
||||||
when: "item.when|bool"
|
when: "item.when|bool"
|
||||||
|
|
||||||
- name: Ensure honoroit environment variables file created
|
- name: Ensure honoroit environment variables file created
|
||||||
@ -70,7 +70,7 @@
|
|||||||
build:
|
build:
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
path: "{{ matrix_bot_honoroit_docker_src_files_path }}"
|
path: "{{ matrix_bot_honoroit_docker_src_files_path }}"
|
||||||
pull: yes
|
pull: true
|
||||||
when: "matrix_bot_honoroit_container_image_self_build|bool"
|
when: "matrix_bot_honoroit_container_image_self_build|bool"
|
||||||
|
|
||||||
- name: Ensure matrix-bot-honoroit.service installed
|
- name: Ensure matrix-bot-honoroit.service installed
|
||||||
@ -82,7 +82,7 @@
|
|||||||
|
|
||||||
- name: Ensure systemd reloaded after matrix-bot-honoroit.service installation
|
- name: Ensure systemd reloaded after matrix-bot-honoroit.service installation
|
||||||
service:
|
service:
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
when: "matrix_bot_honoroit_systemd_service_result.changed|bool"
|
when: "matrix_bot_honoroit_systemd_service_result.changed|bool"
|
||||||
|
|
||||||
- name: Ensure matrix-bot-honoroit.service restarted, if necessary
|
- name: Ensure matrix-bot-honoroit.service restarted, if necessary
|
||||||
|
@ -9,8 +9,8 @@
|
|||||||
service:
|
service:
|
||||||
name: matrix-bot-honoroit
|
name: matrix-bot-honoroit
|
||||||
state: stopped
|
state: stopped
|
||||||
enabled: no
|
enabled: false
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
register: stopping_result
|
register: stopping_result
|
||||||
when: "matrix_bot_honoroit_service_stat.stat.exists|bool"
|
when: "matrix_bot_honoroit_service_stat.stat.exists|bool"
|
||||||
|
|
||||||
@ -22,7 +22,7 @@
|
|||||||
|
|
||||||
- name: Ensure systemd reloaded after matrix-bot-honoroit.service removal
|
- name: Ensure systemd reloaded after matrix-bot-honoroit.service removal
|
||||||
service:
|
service:
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
when: "matrix_bot_honoroit_service_stat.stat.exists|bool"
|
when: "matrix_bot_honoroit_service_stat.stat.exists|bool"
|
||||||
|
|
||||||
- name: Ensure Matrix honoroit paths don't exist
|
- name: Ensure Matrix honoroit paths don't exist
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
---
|
||||||
# matrix-reminder-bot is a bot for one-off and recurring reminders
|
# matrix-reminder-bot is a bot for one-off and recurring reminders
|
||||||
# See: https://github.com/anoadragon453/matrix-reminder-bot
|
# See: https://github.com/anoadragon453/matrix-reminder-bot
|
||||||
|
|
||||||
|
@ -1,3 +1,5 @@
|
|||||||
|
---
|
||||||
|
|
||||||
- set_fact:
|
- set_fact:
|
||||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-matrix-reminder-bot.service'] }}"
|
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-matrix-reminder-bot.service'] }}"
|
||||||
when: matrix_bot_matrix_reminder_bot_enabled|bool
|
when: matrix_bot_matrix_reminder_bot_enabled|bool
|
||||||
|
@ -1,3 +1,5 @@
|
|||||||
|
---
|
||||||
|
|
||||||
- import_tasks: "{{ role_path }}/tasks/init.yml"
|
- import_tasks: "{{ role_path }}/tasks/init.yml"
|
||||||
tags:
|
tags:
|
||||||
- always
|
- always
|
||||||
|
@ -34,10 +34,10 @@
|
|||||||
owner: "{{ matrix_user_username }}"
|
owner: "{{ matrix_user_username }}"
|
||||||
group: "{{ matrix_user_groupname }}"
|
group: "{{ matrix_user_groupname }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { path: "{{ matrix_bot_matrix_reminder_bot_config_path }}", when: true }
|
- {path: "{{ matrix_bot_matrix_reminder_bot_config_path }}", when: true}
|
||||||
- { path: "{{ matrix_bot_matrix_reminder_bot_data_path }}", when: true }
|
- {path: "{{ matrix_bot_matrix_reminder_bot_data_path }}", when: true}
|
||||||
- { path: "{{ matrix_bot_matrix_reminder_bot_data_store_path }}", when: true }
|
- {path: "{{ matrix_bot_matrix_reminder_bot_data_store_path }}", when: true}
|
||||||
- { path: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}", when: true}
|
- {path: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}", when: true}
|
||||||
when: "item.when|bool"
|
when: "item.when|bool"
|
||||||
|
|
||||||
- name: Ensure matrix-reminder-bot image is pulled
|
- name: Ensure matrix-reminder-bot image is pulled
|
||||||
@ -65,7 +65,7 @@
|
|||||||
build:
|
build:
|
||||||
dockerfile: docker/Dockerfile
|
dockerfile: docker/Dockerfile
|
||||||
path: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}"
|
path: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}"
|
||||||
pull: yes
|
pull: true
|
||||||
when: "matrix_bot_matrix_reminder_bot_container_image_self_build|bool"
|
when: "matrix_bot_matrix_reminder_bot_container_image_self_build|bool"
|
||||||
|
|
||||||
- name: Ensure matrix-reminder-bot config installed
|
- name: Ensure matrix-reminder-bot config installed
|
||||||
@ -85,7 +85,7 @@
|
|||||||
|
|
||||||
- name: Ensure systemd reloaded after matrix-bot-matrix-reminder-bot.service installation
|
- name: Ensure systemd reloaded after matrix-bot-matrix-reminder-bot.service installation
|
||||||
service:
|
service:
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
when: "matrix_bot_matrix_reminder_bot_systemd_service_result.changed|bool"
|
when: "matrix_bot_matrix_reminder_bot_systemd_service_result.changed|bool"
|
||||||
|
|
||||||
- name: Ensure matrix-bot-matrix-reminder-bot.service restarted, if necessary
|
- name: Ensure matrix-bot-matrix-reminder-bot.service restarted, if necessary
|
||||||
|
@ -9,8 +9,8 @@
|
|||||||
service:
|
service:
|
||||||
name: matrix-bot-matrix-reminder-bot
|
name: matrix-bot-matrix-reminder-bot
|
||||||
state: stopped
|
state: stopped
|
||||||
enabled: no
|
enabled: false
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
register: stopping_result
|
register: stopping_result
|
||||||
when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists|bool"
|
when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists|bool"
|
||||||
|
|
||||||
@ -22,7 +22,7 @@
|
|||||||
|
|
||||||
- name: Ensure systemd reloaded after matrix-bot-matrix-reminder-bot.service removal
|
- name: Ensure systemd reloaded after matrix-bot-matrix-reminder-bot.service removal
|
||||||
service:
|
service:
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists|bool"
|
when: "matrix_bot_matrix_reminder_bot_service_stat.stat.exists|bool"
|
||||||
|
|
||||||
- name: Ensure Matrix matrix-reminder-bot paths don't exist
|
- name: Ensure Matrix matrix-reminder-bot paths don't exist
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
---
|
||||||
# A moderation tool for Matrix
|
# A moderation tool for Matrix
|
||||||
# See: https://github.com/matrix-org/mjolnir
|
# See: https://github.com/matrix-org/mjolnir
|
||||||
|
|
||||||
@ -56,4 +57,3 @@ matrix_bot_mjolnir_configuration_extension: "{{ matrix_bot_mjolnir_configuration
|
|||||||
# Holds the final configuration (a combination of the default and its extension).
|
# Holds the final configuration (a combination of the default and its extension).
|
||||||
# You most likely don't need to touch this variable. Instead, see `matrix_bot_mjolnir_configuration_yaml`.
|
# You most likely don't need to touch this variable. Instead, see `matrix_bot_mjolnir_configuration_yaml`.
|
||||||
matrix_bot_mjolnir_configuration: "{{ matrix_bot_mjolnir_configuration_yaml|from_yaml|combine(matrix_bot_mjolnir_configuration_extension, recursive=True) }}"
|
matrix_bot_mjolnir_configuration: "{{ matrix_bot_mjolnir_configuration_yaml|from_yaml|combine(matrix_bot_mjolnir_configuration_extension, recursive=True) }}"
|
||||||
|
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
---
|
||||||
# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
|
# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
|
||||||
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
|
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
|
||||||
- name: Fail if trying to self-build on Ansible < 2.8
|
- name: Fail if trying to self-build on Ansible < 2.8
|
||||||
|
@ -1,3 +1,5 @@
|
|||||||
|
---
|
||||||
|
|
||||||
- import_tasks: "{{ role_path }}/tasks/init.yml"
|
- import_tasks: "{{ role_path }}/tasks/init.yml"
|
||||||
tags:
|
tags:
|
||||||
- always
|
- always
|
||||||
|
@ -11,10 +11,10 @@
|
|||||||
owner: "{{ matrix_user_username }}"
|
owner: "{{ matrix_user_username }}"
|
||||||
group: "{{ matrix_user_groupname }}"
|
group: "{{ matrix_user_groupname }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { path: "{{ matrix_bot_mjolnir_base_path }}", when: true }
|
- {path: "{{ matrix_bot_mjolnir_base_path }}", when: true}
|
||||||
- { path: "{{ matrix_bot_mjolnir_config_path }}", when: true }
|
- {path: "{{ matrix_bot_mjolnir_config_path }}", when: true}
|
||||||
- { path: "{{ matrix_bot_mjolnir_data_path }}", when: true }
|
- {path: "{{ matrix_bot_mjolnir_data_path }}", when: true}
|
||||||
- { path: "{{ matrix_bot_mjolnir_docker_src_files_path }}", when: "{{ matrix_bot_mjolnir_container_image_self_build }}" }
|
- {path: "{{ matrix_bot_mjolnir_docker_src_files_path }}", when: "{{ matrix_bot_mjolnir_container_image_self_build }}"}
|
||||||
when: "item.when|bool"
|
when: "item.when|bool"
|
||||||
|
|
||||||
- name: Ensure mjolnir Docker image is pulled
|
- name: Ensure mjolnir Docker image is pulled
|
||||||
@ -42,7 +42,7 @@
|
|||||||
build:
|
build:
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
path: "{{ matrix_bot_mjolnir_docker_src_files_path }}"
|
path: "{{ matrix_bot_mjolnir_docker_src_files_path }}"
|
||||||
pull: yes
|
pull: true
|
||||||
when: "matrix_bot_mjolnir_container_image_self_build|bool"
|
when: "matrix_bot_mjolnir_container_image_self_build|bool"
|
||||||
|
|
||||||
- name: Ensure matrix-bot-mjolnir config installed
|
- name: Ensure matrix-bot-mjolnir config installed
|
||||||
@ -62,7 +62,7 @@
|
|||||||
|
|
||||||
- name: Ensure systemd reloaded after matrix-bot-mjolnir.service installation
|
- name: Ensure systemd reloaded after matrix-bot-mjolnir.service installation
|
||||||
service:
|
service:
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
when: "matrix_bot_mjolnir_systemd_service_result.changed|bool"
|
when: "matrix_bot_mjolnir_systemd_service_result.changed|bool"
|
||||||
|
|
||||||
- name: Ensure matrix-bot-mjolnir.service restarted, if necessary
|
- name: Ensure matrix-bot-mjolnir.service restarted, if necessary
|
||||||
|
@ -9,8 +9,8 @@
|
|||||||
service:
|
service:
|
||||||
name: matrix-bot-mjolnir
|
name: matrix-bot-mjolnir
|
||||||
state: stopped
|
state: stopped
|
||||||
enabled: no
|
enabled: false
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
register: stopping_result
|
register: stopping_result
|
||||||
when: "matrix_bot_mjolnir_service_stat.stat.exists|bool"
|
when: "matrix_bot_mjolnir_service_stat.stat.exists|bool"
|
||||||
|
|
||||||
@ -22,7 +22,7 @@
|
|||||||
|
|
||||||
- name: Ensure systemd reloaded after matrix-bot-mjolnir.service removal
|
- name: Ensure systemd reloaded after matrix-bot-mjolnir.service removal
|
||||||
service:
|
service:
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
when: "matrix_bot_mjolnir_service_stat.stat.exists|bool"
|
when: "matrix_bot_mjolnir_service_stat.stat.exists|bool"
|
||||||
|
|
||||||
- name: Ensure matrix-bot-mjolnir paths don't exist
|
- name: Ensure matrix-bot-mjolnir paths don't exist
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
---
|
||||||
# matrix-appservice-discord is a Matrix <-> Discord bridge
|
# matrix-appservice-discord is a Matrix <-> Discord bridge
|
||||||
# See: https://github.com/Half-Shot/matrix-appservice-discord
|
# See: https://github.com/Half-Shot/matrix-appservice-discord
|
||||||
|
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
---
|
||||||
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
|
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
|
||||||
# We don't want to fail in such cases.
|
# We don't want to fail in such cases.
|
||||||
- name: Fail if matrix-synapse role already executed
|
- name: Fail if matrix-synapse role already executed
|
||||||
|
@ -1,3 +1,5 @@
|
|||||||
|
---
|
||||||
|
|
||||||
- import_tasks: "{{ role_path }}/tasks/init.yml"
|
- import_tasks: "{{ role_path }}/tasks/init.yml"
|
||||||
tags:
|
tags:
|
||||||
- always
|
- always
|
||||||
|
@ -54,8 +54,8 @@
|
|||||||
service:
|
service:
|
||||||
name: matrix-appservice-discord
|
name: matrix-appservice-discord
|
||||||
state: stopped
|
state: stopped
|
||||||
enabled: no
|
enabled: false
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
failed_when: false
|
failed_when: false
|
||||||
when: "matrix_appservice_discord_stat_db.stat.exists"
|
when: "matrix_appservice_discord_stat_db.stat.exists"
|
||||||
|
|
||||||
@ -105,7 +105,7 @@
|
|||||||
|
|
||||||
- name: Ensure systemd reloaded after matrix-appservice-discord.service installation
|
- name: Ensure systemd reloaded after matrix-appservice-discord.service installation
|
||||||
service:
|
service:
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
when: "matrix_appservice_discord_systemd_service_result.changed"
|
when: "matrix_appservice_discord_systemd_service_result.changed"
|
||||||
|
|
||||||
- name: Ensure matrix-appservice-discord.service restarted, if necessary
|
- name: Ensure matrix-appservice-discord.service restarted, if necessary
|
||||||
|
@ -9,8 +9,8 @@
|
|||||||
service:
|
service:
|
||||||
name: matrix-appservice-discord
|
name: matrix-appservice-discord
|
||||||
state: stopped
|
state: stopped
|
||||||
enabled: no
|
enabled: false
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
when: "matrix_appservice_discord_service_stat.stat.exists"
|
when: "matrix_appservice_discord_service_stat.stat.exists"
|
||||||
|
|
||||||
- name: Ensure matrix-appservice-discord.service doesn't exist
|
- name: Ensure matrix-appservice-discord.service doesn't exist
|
||||||
@ -21,5 +21,5 @@
|
|||||||
|
|
||||||
- name: Ensure systemd reloaded after matrix-appservice-discord.service removal
|
- name: Ensure systemd reloaded after matrix-appservice-discord.service removal
|
||||||
service:
|
service:
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
when: "matrix_appservice_discord_service_stat.stat.exists"
|
when: "matrix_appservice_discord_service_stat.stat.exists"
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
---
|
||||||
# Matrix Appservice IRC is a Matrix <-> IRC bridge
|
# Matrix Appservice IRC is a Matrix <-> IRC bridge
|
||||||
# See: https://github.com/matrix-org/matrix-appservice-irc
|
# See: https://github.com/matrix-org/matrix-appservice-irc
|
||||||
|
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
---
|
||||||
# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
|
# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
|
||||||
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
|
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
|
||||||
- name: Fail if trying to self-build on Ansible < 2.8
|
- name: Fail if trying to self-build on Ansible < 2.8
|
||||||
|
@ -1,3 +1,5 @@
|
|||||||
|
---
|
||||||
|
|
||||||
- import_tasks: "{{ role_path }}/tasks/init.yml"
|
- import_tasks: "{{ role_path }}/tasks/init.yml"
|
||||||
tags:
|
tags:
|
||||||
- always
|
- always
|
||||||
|
@ -1,3 +1,5 @@
|
|||||||
|
---
|
||||||
|
|
||||||
- name: Fail if Postgres not enabled
|
- name: Fail if Postgres not enabled
|
||||||
fail:
|
fail:
|
||||||
msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot migrate."
|
msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot migrate."
|
||||||
@ -16,7 +18,7 @@
|
|||||||
service:
|
service:
|
||||||
name: matrix-postgres
|
name: matrix-postgres
|
||||||
state: started
|
state: started
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
register: matrix_postgres_service_start_result
|
register: matrix_postgres_service_start_result
|
||||||
|
|
||||||
- name: Wait a bit, so that Postgres can start
|
- name: Wait a bit, so that Postgres can start
|
||||||
|
@ -10,10 +10,10 @@
|
|||||||
owner: "{{ matrix_user_username }}"
|
owner: "{{ matrix_user_username }}"
|
||||||
group: "{{ matrix_user_groupname }}"
|
group: "{{ matrix_user_groupname }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { path: "{{ matrix_appservice_irc_base_path }}", when: true }
|
- {path: "{{ matrix_appservice_irc_base_path }}", when: true}
|
||||||
- { path: "{{ matrix_appservice_irc_config_path }}", when: true }
|
- {path: "{{ matrix_appservice_irc_config_path }}", when: true}
|
||||||
- { path: "{{ matrix_appservice_irc_data_path }}", when: true }
|
- {path: "{{ matrix_appservice_irc_data_path }}", when: true}
|
||||||
- { path: "{{ matrix_appservice_irc_docker_src_files_path }}", when: "{{ matrix_appservice_irc_container_image_self_build }}" }
|
- {path: "{{ matrix_appservice_irc_docker_src_files_path }}", when: "{{ matrix_appservice_irc_container_image_self_build }}"}
|
||||||
when: item.when|bool
|
when: item.when|bool
|
||||||
|
|
||||||
- name: Check if an old passkey file already exists
|
- name: Check if an old passkey file already exists
|
||||||
@ -26,7 +26,7 @@
|
|||||||
service:
|
service:
|
||||||
name: matrix-appservice-irc
|
name: matrix-appservice-irc
|
||||||
state: stopped
|
state: stopped
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
failed_when: false
|
failed_when: false
|
||||||
|
|
||||||
- name: (Data relocation) Move AppService IRC passkey.pem file to ./data directory
|
- name: (Data relocation) Move AppService IRC passkey.pem file to ./data directory
|
||||||
@ -82,7 +82,7 @@
|
|||||||
build:
|
build:
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
path: "{{ matrix_appservice_irc_docker_src_files_path }}"
|
path: "{{ matrix_appservice_irc_docker_src_files_path }}"
|
||||||
pull: yes
|
pull: true
|
||||||
when: "matrix_appservice_irc_enabled|bool and matrix_appservice_irc_container_image_self_build|bool and matrix_appservice_irc_git_pull_results.changed"
|
when: "matrix_appservice_irc_enabled|bool and matrix_appservice_irc_container_image_self_build|bool and matrix_appservice_irc_git_pull_results.changed"
|
||||||
|
|
||||||
- name: Ensure Matrix Appservice IRC config installed
|
- name: Ensure Matrix Appservice IRC config installed
|
||||||
@ -186,7 +186,7 @@
|
|||||||
|
|
||||||
- name: Ensure systemd reloaded after matrix-appservice-irc.service installation
|
- name: Ensure systemd reloaded after matrix-appservice-irc.service installation
|
||||||
service:
|
service:
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
when: "matrix_appservice_irc_systemd_service_result.changed"
|
when: "matrix_appservice_irc_systemd_service_result.changed"
|
||||||
|
|
||||||
- name: Ensure matrix-appservice-irc.service restarted, if necessary
|
- name: Ensure matrix-appservice-irc.service restarted, if necessary
|
||||||
|
@ -9,8 +9,8 @@
|
|||||||
service:
|
service:
|
||||||
name: matrix-appservice-irc
|
name: matrix-appservice-irc
|
||||||
state: stopped
|
state: stopped
|
||||||
enabled: no
|
enabled: false
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
when: "matrix_appservice_irc_service_stat.stat.exists"
|
when: "matrix_appservice_irc_service_stat.stat.exists"
|
||||||
|
|
||||||
- name: Ensure matrix-appservice-irc.service doesn't exist
|
- name: Ensure matrix-appservice-irc.service doesn't exist
|
||||||
@ -21,5 +21,5 @@
|
|||||||
|
|
||||||
- name: Ensure systemd reloaded after matrix-appservice-irc.service removal
|
- name: Ensure systemd reloaded after matrix-appservice-irc.service removal
|
||||||
service:
|
service:
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
when: "matrix_appservice_irc_service_stat.stat.exists"
|
when: "matrix_appservice_irc_service_stat.stat.exists"
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
---
|
||||||
# matrix-appservice-slack is a Matrix <-> Slack bridge
|
# matrix-appservice-slack is a Matrix <-> Slack bridge
|
||||||
# See: https://github.com/matrix-org/matrix-appservice-slack
|
# See: https://github.com/matrix-org/matrix-appservice-slack
|
||||||
|
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
---
|
||||||
# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
|
# See https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1070
|
||||||
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
|
# and https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/1ab507349c752042d26def3e95884f6df8886b74#commitcomment-51108407
|
||||||
- name: Fail if trying to self-build on Ansible < 2.8
|
- name: Fail if trying to self-build on Ansible < 2.8
|
||||||
|
@ -1,3 +1,5 @@
|
|||||||
|
---
|
||||||
|
|
||||||
- import_tasks: "{{ role_path }}/tasks/init.yml"
|
- import_tasks: "{{ role_path }}/tasks/init.yml"
|
||||||
tags:
|
tags:
|
||||||
- always
|
- always
|
||||||
|
@ -1,3 +1,5 @@
|
|||||||
|
---
|
||||||
|
|
||||||
- name: Fail if Postgres not enabled
|
- name: Fail if Postgres not enabled
|
||||||
fail:
|
fail:
|
||||||
msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot migrate."
|
msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot migrate."
|
||||||
@ -16,7 +18,7 @@
|
|||||||
service:
|
service:
|
||||||
name: matrix-postgres
|
name: matrix-postgres
|
||||||
state: started
|
state: started
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
register: matrix_postgres_service_start_result
|
register: matrix_postgres_service_start_result
|
||||||
|
|
||||||
- name: Wait a bit, so that Postgres can start
|
- name: Wait a bit, so that Postgres can start
|
||||||
|
@ -8,10 +8,10 @@
|
|||||||
owner: "{{ matrix_user_username }}"
|
owner: "{{ matrix_user_username }}"
|
||||||
group: "{{ matrix_user_groupname }}"
|
group: "{{ matrix_user_groupname }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { path: "{{ matrix_appservice_slack_base_path }}", when: true }
|
- {path: "{{ matrix_appservice_slack_base_path }}", when: true}
|
||||||
- { path: "{{ matrix_appservice_slack_config_path }}", when: true }
|
- {path: "{{ matrix_appservice_slack_config_path }}", when: true}
|
||||||
- { path: "{{ matrix_appservice_slack_data_path }}", when: true }
|
- {path: "{{ matrix_appservice_slack_data_path }}", when: true}
|
||||||
- { path: "{{ matrix_appservice_slack_docker_src_files_path }}", when: "{{ matrix_appservice_slack_container_image_self_build }}" }
|
- {path: "{{ matrix_appservice_slack_docker_src_files_path }}", when: "{{ matrix_appservice_slack_container_image_self_build }}"}
|
||||||
when: item.when|bool
|
when: item.when|bool
|
||||||
|
|
||||||
- set_fact:
|
- set_fact:
|
||||||
@ -56,7 +56,7 @@
|
|||||||
build:
|
build:
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
path: "{{ matrix_appservice_slack_docker_src_files_path }}"
|
path: "{{ matrix_appservice_slack_docker_src_files_path }}"
|
||||||
pull: yes
|
pull: true
|
||||||
when: "matrix_appservice_slack_container_image_self_build|bool and matrix_appservice_slack_git_pull_results.changed"
|
when: "matrix_appservice_slack_container_image_self_build|bool and matrix_appservice_slack_git_pull_results.changed"
|
||||||
|
|
||||||
- name: Ensure Matrix Appservice Slack config installed
|
- name: Ensure Matrix Appservice Slack config installed
|
||||||
@ -84,7 +84,7 @@
|
|||||||
|
|
||||||
- name: Ensure systemd reloaded after matrix-appservice-slack.service installation
|
- name: Ensure systemd reloaded after matrix-appservice-slack.service installation
|
||||||
service:
|
service:
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
when: "matrix_appservice_slack_systemd_service_result.changed"
|
when: "matrix_appservice_slack_systemd_service_result.changed"
|
||||||
|
|
||||||
- name: Ensure matrix-appservice-slack.service restarted, if necessary
|
- name: Ensure matrix-appservice-slack.service restarted, if necessary
|
||||||
|
@ -9,8 +9,8 @@
|
|||||||
service:
|
service:
|
||||||
name: matrix-appservice-slack
|
name: matrix-appservice-slack
|
||||||
state: stopped
|
state: stopped
|
||||||
enabled: no
|
enabled: false
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
when: "matrix_appservice_slack_service_stat.stat.exists"
|
when: "matrix_appservice_slack_service_stat.stat.exists"
|
||||||
|
|
||||||
- name: Ensure matrix-appservice-slack.service doesn't exist
|
- name: Ensure matrix-appservice-slack.service doesn't exist
|
||||||
@ -21,5 +21,5 @@
|
|||||||
|
|
||||||
- name: Ensure systemd reloaded after matrix-appservice-slack.service removal
|
- name: Ensure systemd reloaded after matrix-appservice-slack.service removal
|
||||||
service:
|
service:
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
when: "matrix_appservice_slack_service_stat.stat.exists"
|
when: "matrix_appservice_slack_service_stat.stat.exists"
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
---
|
||||||
# matrix-appservice-webhooks is a Matrix <-> webhook bridge
|
# matrix-appservice-webhooks is a Matrix <-> webhook bridge
|
||||||
# See: https://github.com/redoonetworks/matrix-appservice-webhooks
|
# See: https://github.com/redoonetworks/matrix-appservice-webhooks
|
||||||
|
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
---
|
||||||
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
|
# If the matrix-synapse role is not used, `matrix_synapse_role_executed` won't exist.
|
||||||
# We don't want to fail in such cases.
|
# We don't want to fail in such cases.
|
||||||
- name: Fail if matrix-synapse role already executed
|
- name: Fail if matrix-synapse role already executed
|
||||||
|
@ -1,3 +1,5 @@
|
|||||||
|
---
|
||||||
|
|
||||||
- import_tasks: "{{ role_path }}/tasks/init.yml"
|
- import_tasks: "{{ role_path }}/tasks/init.yml"
|
||||||
tags:
|
tags:
|
||||||
- always
|
- always
|
||||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user