feat(cinny): add ansible role

LICENSE.md

@@ -0,0 +1,482 @@
+THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS
+COOPERATIVE NON-VIOLENT PUBLIC LICENSE (\"LICENSE\"). THE WORK IS
+PROTECTED BY COPYRIGHT AND ALL OTHER APPLICABLE LAWS. ANY USE OF THE
+WORK OTHER THAN AS AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS
+PROHIBITED. BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED IN THIS
+LICENSE, YOU AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE.TO THE
+EXTENT THIS LICENSE MAY BE CONSIDERED TO BE A CONTRACT, THE LICENSOR
+GRANTS YOU THE RIGHTS CONTAINED HERE IN AS CONSIDERATION FOR ACCEPTING
+THE TERMS AND CONDITIONS OF THIS LICENSE AND FOR AGREEING TO BE BOUND BY
+THE TERMS AND CONDITIONS OF THIS LICENSE.
+
+# Definitions
+
+An Act of War is any action of one country against any group either with
+an intention to provoke a conflict or an action that occurs during a
+declared war or during armed conflict between military forces of any
+origin. This includes but is not limited to enforcing sanctions or
+sieges, supplying armed forces, or profiting from the manufacture of
+tools or weaponry used in military conflict.
+
+An Adaptation is a work based upon the Work, or upon the Work and other
+pre-existing works, such as a translation, adaptation, derivative work,
+arrangement of music or other alterations of a literary or artistic
+work, or phonogram or performance and includes cinematographic
+adaptations or any other form in which the Work may be recast,
+transformed, or adapted including in any form recognizably derived from
+the original, except that a work that constitutes a Collection will not
+be considered an Adaptation for the purpose of this License. For the
+avoidance of doubt, where the Work is a musical work, performance or
+phonogram, the synchronization of the Work in timed-relation with a
+moving image (\"synching\") will be considered an Adaptation for the
+purpose of this License. In addition, where the Work is designed to
+output a neural network the output of the neural network will be
+considered an Adaptation for the purpose of this license.
+
+Bodily Harm is any physical hurt or injury to a person that interferes
+with the health or comfort of the person and that is more than merely
+transient or trifling in nature.
+
+Distribute is to make available to the public the original and copies of
+the Work or Adaptation, as appropriate, through sale, gift or any other
+transfer of possession or ownership.
+
+Incarceration is Confinement in a jail, prison, or any other place where
+individuals of any kind are held against either their will or (if their
+will cannot be determined) the will of their legal guardian or
+guardians. In the case of a conflict between the will of the individual
+and the will of their legal guardian or guardians, the will of the
+individual will take precedence.
+
+Licensor is The individual, individuals, entity, or entities that
+offer(s) the Work under the terms of this License
+
+Original Author is in the case of a literary or artistic work, the
+individual, individuals, entity or entities who created the Work or if
+no individual or entity can be identified, the publisher; and in
+addition
+
+-   in the case of a performance the actors, singers, musicians,
+    dancers, and other persons who act, sing, deliver, declaim, play in,
+    interpret or otherwise perform literary or artistic works or
+    expressions of folklore;
+
+-   in the case of a phonogram the producer being the person or legal
+    entity who first fixes the sounds of a performance or other sounds;
+    and,
+
+-   in the case of broadcasts, the organization that transmits the
+    broadcast.
+
+Work is the literary and/or artistic work offered under the terms of
+this License including without limitation any production in the
+literary, scientific and artistic domain, whatever may be the mode or
+form of its expression including digital form, such as a book, pamphlet
+and other writing; a lecture, address, sermon or other work of the same
+nature; a dramatic or dramatico-musical work; a choreographic work or
+entertainment in dumb show; a musical composition with or without words;
+a cinematographic work to which are assimilated works expressed by a
+process analogous to cinematography; a work of drawing, painting,
+architecture, sculpture, engraving or lithography; a photographic work
+to which are assimilated works expressed by a process analogous to
+photography; a work of applied art; an illustration, map, plan, sketch
+or three-dimensional work relative to geography, topography,
+architecture or science; a performance; a broadcast; a phonogram; a
+compilation of data to the extent it is protected as a copyrightable
+work; or a work performed by a variety or circus performer to the extent
+it is not otherwise considered a literary or artistic work.
+
+You means an individual or entity exercising rights under this License
+who has not previously violated the terms of this License with respect
+to the Work, or who has received express permission from the Licensor to
+exercise rights under this License despite a previous violation.
+
+Publicly Perform means to perform public recitations of the Work and to
+communicate to the public those public recitations, by any means or
+process, including by wire or wireless means or public digital
+performances; to make available to the public Works in such a way that
+members of the public may access these Works from a place and at a place
+individually chosen by them; to perform the Work to the public by any
+means or process and the communication to the public of the performances
+of the Work, including by public digital performance; to broadcast and
+rebroadcast the Work by any means including signs, sounds or images.
+
+Reproduce is to make copies of the Work by any means including without
+limitation by sound or visual recordings and the right of fixation and
+reproducing fixations of the Work, including storage of a protected
+performance or phonogram in digital form or other electronic medium.
+
+Software is any digital Work which, through use of a third-party piece
+of Software or through the direct usage of itself on a computer system,
+the memory of the computer is modified dynamically or semi-dynamically.
+\"Software\", secondly, processes or interprets information.
+
+Source Code is Any digital Work which, through use of a third-party
+piece of Software or through the direct usage of itself on a computer
+system, the memory of the computer is modified dynamically or
+semi-dynamically. \"Software\", secondly, processes or interprets
+information.
+
+Surveilling is the use of the Work to either overtly or covertly observe
+and record persons and or their activities.
+
+A Network Service is the use of a piece of Software to interpret or
+modify information that is subsequently and directly served to users
+over the Internet.
+
+To Discriminate is the use of a piece of Software to interpret or modify
+information that is subsequently and directly served to users over the
+Internet.
+
+Hate Speech is Communication or any form of expression which is solely
+for the purpose of expressing hatred for some group or advocating a form
+of Discrimination between humans.
+
+Coercion is leveraging of the threat of force or use of force to
+intimidate a person in order to gain compliance, or to offer large
+incentives which aim to entice a person to act against their will.
+
+# Fair Dealing Rights
+
+Nothing in this License is intended to reduce, limit, or restrict any
+uses free from copyright or rights arising from limitations or
+exceptions that are provided for in connection with the copyright
+protection under copyright law or other applicable laws.
+
+# License Grant
+
+Subject to the terms and conditions of this License, Licensor hereby
+grants You a worldwide, royalty-free, non-exclusive, perpetual (for the
+duration of the applicable copyright) license to exercise the rights in
+the Work as stated below:
+
+To Reproduce the Work, to incorporate the Work into one or more
+Collections, and to Reproduce the Work as incorporated in the
+Collections
+
+To create and Reproduce Adaptations provided that any such Adaptation,
+including any translation in any medium, takes reasonable steps to
+clearly label, demarcate or otherwise identify that changes were made to
+the original Work. For example, a translation could be marked \"The
+original work was translated from English to Spanish,\" or a
+modification could indicate \"The original work has been modified.\"
+
+To Distribute and Publicly Perform the Work including as incorporated in
+Collections.
+
+To Distribute and Publicly Perform Adaptations. The above rights may be
+exercised in all media and formats whether now known or hereafter
+devised. The above rights include the right to make such modifications
+as are technically necessary to exercise the rights in other media and
+formats. This License constitutes the entire agreement between the
+parties with respect to the Work licensed here. There are no
+understandings, agreements or representations with respect to the Work
+not specified here. Licensor shall not be bound by any additional
+provisions that may appear in any communication from You. This License
+may not be modified without the mutual written agreement of the Licensor
+and You. All rights not expressly granted by Licensor are hereby
+reserved, including but not limited to the rights set forth in
+Non-waivable Compulsory License Schemes, Waivable Compulsory License
+Schemes, and Voluntary License Schemes in the restrictions.
+
+# Restrictions
+
+The license granted in the license grant above is expressly made subject
+to and limited by the following restrictions:
+
+You may Distribute or Publicly Perform the Work only under the terms of
+this License. You must include a copy of, or the Uniform Resource
+Identifier (URI) for, this License with every copy of the Work You
+Distribute or Publicly Perform. You may not offer or impose any terms on
+the Work that restrict the terms of this License or the ability of the
+recipient of the Work to exercise the rights granted to that recipient
+under the terms of the License. You may not sublicense the Work. You
+must keep intact all notices that refer to this License and to the
+disclaimer of warranties with every copy of the Work You Distribute or
+Publicly Perform. When You Distribute or Publicly Perform the Work, You
+may not impose any effective technological measures on the Work that
+restrict the ability of a recipient of the Work from You to exercise the
+rights granted to that recipient under the terms of the License. This
+Section applies to the Work as incorporated in a Collection, but this
+does not require the Collection apart from the Work itself to be made
+subject to the terms of this License. If You create a Collection, upon
+notice from any Licensor You must, to the extent practicable, remove
+from the Collection any credit as requested. If You create an
+Adaptation, upon notice from any Licensor You must, to the extent
+practicable, remove from the Adaptation any credit as requested.
+
+## Commercial Restrictions
+
+You may not exercise any of the rights granted to You in the above
+section in any manner that is primarily intended for or directed toward
+commercial advantage or private monetary compensation unless you meet
+the following requirements.
+
+i.  You are a worker-owned business or worker-owned collective.
+
+ii. after tax, all financial gain, surplus, profits and benefits
+    produced by the business or collective are distributed among the
+    worker-owners unless a set amount is to be allocated towards
+    community projects as decided by a previously-established consensus
+    agreement between the worker-owners where all worker-owners agreed.
+
+iii. You are not using such rights on behalf of a business other than
+     those specified in (i) or (ii) above, nor are using such rights as
+     a proxy on behalf of a business with the intent to circumvent the
+     aforementioned restrictions on such a business.
+
+The exchange of the Work for other copyrighted works by means of digital
+file-sharing or otherwise shall not be considered to be intended for or
+directed toward commercial advantage or private monetary compensation,
+provided there is no payment of any monetary compensation in connection
+with the exchange of copyrighted works.
+
+If the Work meets the definition of Software, You may exercise the
+rights granted in the license grant only if You provide a copy of the
+corresponding Source Code from which the Work was derived in digital
+form, or You provide a URI for the corresponding Source Code of the
+Work, to any recipients upon request.
+
+If the Work is used as or for a Network Service, You may exercise the
+rights granted in the license grant only if You provide a copy of the
+corresponding Source Code from which the Work was derived in digital
+form, or You provide a URI for the corresponding Source Code to the
+Work, to any recipients of the data served or modified by the Web
+Service.
+
+Any use by a business that is privately owned and managed, and that
+seeks to generate profit from the labor of employees paid by salary or
+other wages, is not permitted under this license.
+
+## 
+
+You may exercise the rights granted in the license grant for any
+purposes only if:
+
+i.  You do not use the Work for the purpose of inflicting Bodily Harm on
+    human beings (subject to criminal prosecution or otherwise) outside
+    of providing medical aid or undergoing a voluntary procedure under
+    no form of Coercion.
+
+ii. You do not use the Work for the purpose of Surveilling or tracking
+    individuals for financial gain.
+
+iii. You do not use the Work in an Act of War.
+
+iv. You do not use the Work for the purpose of supporting or profiting
+    from an Act of War.
+
+v.  You do not use the Work for the purpose of Incarceration.
+
+vi. You do not use the Work for the purpose of extracting, processing,
+    or refining, oil, gas, or coal. Or to in any other way to
+    deliberately pollute the environment as a byproduct of manufacturing
+    or irresponsible disposal of hazardous materials.
+
+vii. You do not use the Work for the purpose of expediting,
+     coordinating, or facilitating paid work undertaken by individuals
+     under the age of 12 years.
+
+viii. You do not use the Work to either Discriminate or spread Hate
+      Speech on the basis of sex, sexual orientation, gender identity,
+      race, age, disability, color, national origin, religion, caste, or
+      lower economic status.
+
+## 
+
+If You Distribute, or Publicly Perform the Work or any Adaptations or
+Collections, You must, unless a request has been made by any Licensor to
+remove credit from a Collection or Adaptation, keep intact all copyright
+notices for the Work and provide, reasonable to the medium or means You
+are utilizing:
+
+i.  the name of the Original Author (or pseudonym, if applicable) if
+    supplied, and/or if the Original Author and/or Licensor designate
+    another party or parties (e.g., a sponsor institute, publishing
+    entity, journal) for attribution (\"Attribution Parties\") in
+    Licensor\'s copyright notice, terms of service or by other
+    reasonable means, the name of such party or parties;
+
+ii. the title of the Work if supplied;
+
+iii. to the extent reasonably practicable, the URI, if any, that
+     Licensor to be associated with the Work, unless such URI does not
+     refer to the copyright notice or licensing information for the
+     Work; and,
+
+iv. in the case of an Adaptation, a credit identifying the use of the
+    Work in the Adaptation (e.g., \"French translation of the Work by
+    Original Author,\" or \"Screenplay based on original Work by
+    Original Author\").
+
+If any Licensor has sent notice to request removing credit, You must, to
+the extent practicable, remove any credit as requested. The credit
+required by this Section may be implemented in any reasonable manner;
+provided, however, that in the case of an Adaptation or Collection, at a
+minimum such credit will appear, if a credit for all contributing
+authors of the Adaptation or Collection appears, then as part of these
+credits and in a manner at least as prominent as the credits for the
+other contributing authors. For the avoidance of doubt, You may only use
+the credit required by this Section for the purpose of attribution in
+the manner set out above and, by exercising Your rights under this
+License, You may not implicitly or explicitly assert or imply any
+connection with, sponsorship or endorsement by the Original Author,
+Licensor and/or Attribution Parties, as appropriate, of You or Your use
+of the Work, without the separate, express prior written permission of
+the Original Author, Licensor and/or Attribution Parties.
+
+Non-waivable Compulsory License Schemes. In those jurisdictions in which
+the right to collect royalties through any statutory or compulsory
+licensing scheme cannot be waived, the Licensor reserves the exclusive
+right to collect such royalties for any exercise by You of the rights
+granted under this License
+
+Waivable Compulsory License Schemes. In those jurisdictions in which the
+right to collect royalties through any statutory or compulsory licensing
+scheme can be waived, the Licensor reserves the exclusive right to
+collect such royalties for any exercise by You of the rights granted
+under this License if Your exercise of such rights is for a purpose or
+use which is otherwise than noncommercial as permitted under Commercial
+Restrictions and otherwise waives the right to collect royalties through
+any statutory or compulsory licensing scheme.
+
+Voluntary License Schemes. The Licensor reserves the right to collect
+royalties, whether individually or, in the event that the Licensor is a
+member of a collecting society that administers voluntary licensing
+schemes, via that society, from any exercise by You of the rights
+granted under this License that is for a purpose or use which is
+otherwise than noncommercial as permitted under the license grant.
+
+Except as otherwise agreed in writing by the Licensor or as may be
+otherwise permitted by applicable law, if You Reproduce, Distribute or
+Publicly Perform the Work either by itself or as part of any Adaptations
+or Collections, You must not distort, mutilate, modify or take other
+derogatory action in relation to the Work which would be prejudicial to
+the Original Author\'shonor or reputation. Licensor agrees that in those
+jurisdictions (e.g. Japan), in which any exercise of the right granted
+in the license grant of this License (the right to make Adaptations)
+would be deemed to be a distortion, mutilation, modification or other
+derogatory action prejudicial to the Original Author\'s honor and
+reputation, the Licensor will waive or not assert, as appropriate, this
+Section, to the fullest extent permitted by the applicable national law,
+to enable You to reasonably exercise Your right under the license grant
+of this License (right to make Adaptations) but not otherwise.
+
+Do not make any legal claim against anyone accusing the Work, with or
+without changes, alone or with other works, of infringing any patent
+claim.
+
+# Representations Warranties and Disclaimer
+
+UNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN WRITING, LICENSOR
+OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY
+KIND CONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE,
+INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY,
+FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF
+LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF ERRORS,
+WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE
+EXCLUSION OF IMPLIED WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY TO YOU.
+
+# Limitation on Liability
+
+EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE LAW, IN NO EVENT WILL
+LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY SPECIAL,
+INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF
+THIS LICENSE OR THE USE OF THE WORK, EVEN IF LICENSOR HAS BEEN ADVISED
+OF THE POSSIBILITY OF SUCH DAMAGES.
+
+# Termination
+
+This License and the rights granted hereunder will terminate
+automatically upon any breach by You of the terms of this License.
+Individuals or entities who have received Adaptations or Collections
+from You under this License, however, will not have their licenses
+terminated provided such individuals or entities remain in full
+compliance with those licenses. The Sections on definitions, fair
+dealing rights, representations, warranties, and disclaimer, limitation
+on liability, termination, and revised license versions will survive any
+termination of this License.
+
+Subject to the above terms and conditions, the license granted here is
+perpetual (for the duration of the applicable copyright in the Work).
+Notwithstanding the above, Licensor reserves the right to release the
+Work under different license terms or to stop distributing the Work at
+any time; provided, however that any such election will not serve to
+withdraw this License (or any other license that has been, or is
+required to be, granted under the terms of this License), and this
+License will continue in full force and effect unless terminated as
+stated above.
+
+# Revised License Versions
+
+This License may receive future revisions in the original spirit of the
+license intended to strengthen This License. Each version of This
+License has an incrementing version number.
+
+Unless otherwise specified like in the below subsection The Licensor has
+only granted this current version of This License for The Work. In this
+case future revisions do not apply.
+
+The Licensor may specify that the latest available revision of This
+License be used for The Work by either explicitly writing so or by
+suffixing the License URI with a \"+\" symbol.
+
+The Licensor may specify that The Work is also available under the terms
+of This License\'s current revision as well as specific future
+revisions. The Licensor may do this by writing it explicitly or
+suffixing the License URI with any additional version numbers each
+separated by a comma.
+
+# Miscellaneous
+
+Each time You Distribute or Publicly Perform the Work or a Collection,
+the Licensor offers to the recipient a license to the Work on the same
+terms and conditions as the license granted to You under this License.
+
+Each time You Distribute or Publicly Perform an Adaptation, Licensor
+offers to the recipient a license to the original Work on the same terms
+and conditions as the license granted to You under this License.
+
+If the Work is classified as Software, each time You Distribute or
+Publicly Perform an Adaptation, Licensor offers to the recipient a copy
+and/or URI of the corresponding Source Code on the same terms and
+conditions as the license granted to You under this License.
+
+If the Work is used as a Network Service, each time You Distribute or
+Publicly Perform an Adaptation, or serve data derived from the Software,
+the Licensor offers to any recipients of the data a copy and/or URI of
+the corresponding Source Code on the same terms and conditions as the
+license granted to You under this License.
+
+If any provision of this License is invalid or unenforceable under
+applicable law, it shall not affect the validity or enforceability of
+the remainder of the terms of this License, and without further action
+by the parties to this agreement, such provision shall be reformed to
+the minimum extent necessary to make such provision valid and
+enforceable.
+
+No term or provision of this License shall be deemed waived and no
+breach consented to unless such waiver or consent shall be in writing
+and signed by the party to be charged with such waiver or consent.
+
+This License constitutes the entire agreement between the parties with
+respect to the Work licensed here. There are no understandings,
+agreements or representations with respect to the Work not specified
+here. Licensor shall not be bound by any additional provisions that may
+appear in any communication from You. This License may not be modified
+without the mutual written agreement of the Licensor and You.
+
+The rights granted under, and the subject matter referenced, in this
+License were drafted utilizing the terminology of the Berne Convention
+for the Protection of Literary and Artistic Works (as amended on
+September 28, 1979), the Rome Convention of 1961, the WIPO Copyright
+Treaty of 1996, the WIPO Performances and Phonograms Treaty of 1996 and
+the Universal Copyright Convention (as revised on July 24, 1971). These
+rights and subject matter take effect in the relevant jurisdiction in
+which the License terms are sought to be enforced according to the
+corresponding provisions of the implementation of those treaty
+provisions in the applicable national law. If the standard suite of
+rights granted under applicable copyright law includes additional rights
+not granted under this License, such additional rights are deemed to be
+included in the License; this License is not intended to restrict the
+license of any rights under applicable law.

README.md

@@ -0,0 +1,13 @@
+# `finallycoffee.matrix` ansible collection
+
+## Overview
+
+Roles for deploying matrix infrastructure using ansible.
+
+## Roles
+
+- [`cinny`](roles/cinny/README.md): [Cinny](https://cinny.in/) Web Client
+
+## License
+
+[CNPLv7+](LICENSE.md): Cooperative Nonviolent Public License

galaxy.yml

@@ -0,0 +1,12 @@
+namespace: finallycoffee
+name: matrix
+version: 0.0.1
+readme: README.md
+authors:
+- transcaffeine <transcaffeine@finally.coffee>
+description: Various matrix-related ansible roles
+license_file: LICENSE.md
+build_ignore:
+- '*.tar.gz'
+repository: https://git.finally.coffee/finallycoffee/matrix
+issues: https://git.finally.coffee/finallycoffee/matrix/issues

meta/runtime.yml

@@ -0,0 +1,3 @@
+---
+
+requires_ansible: ">=2.14"

roles/cinny/README.md

@@ -0,0 +1,29 @@
+# `finallycoffee.matrix.cinny` ansible role
+
+> [!WARNING]
+> This role is a WIP and not yet usable
+
+## Supported deployment methods
+
+Set your `deployment_method` to:
+
+- [`docker` (docs)](docs/docker.md) (current default)
+- `podman`
+- [`nginx` (docs)](docs/nginx.md)
+- [`tarball` (docs)](docs/tarball.md)
+
+Not yet implemented but planned:
+
+- `apache2`
+- `caddy`
+
+## Configuration
+
+All cinny `config.json` configuration keys are available as a snake-cased ansible variable:
+- `cinny_config_homeserver_list`
+- `cinny_config_allow_custom_homeservers`
+- [...]
+
+If you want to provide structured configuration directly, you can either provide additional configuration in `cinny_config` or overwrite all existing defaults by setting `cinny_config_complete`.
+
+To ensure cinny is removed from the system, set `cinny_state` to `absent` (default is `present`).

roles/cinny/defaults/config.yml

@@ -0,0 +1,24 @@
+---
+cinny_config_complete: >-
+  {{ cinny_config | default({})
+  | combine(cinny_default_config | default({})) }}
+cinny_config: {}
+cinny_default_config:
+  homeserverList: "{{ cinny_config_homeserver_list }}"
+  allowCustomHomeservers: "{{ cinny_config_allow_custom_homeservers }}"
+  featuredCommunities:
+    openAsDefault: "{{ cinny_config_featured_communities_open_as_default }}"
+    spaces: "{{ cinny_config_featured_communities_spaces }}"
+    rooms: "{{ cinny_config_featured_communities_rooms }}"
+    servers: "{{ cinny_config_featured_communities_servers }}"
+  hashRouter:
+    enabled: "{{ cinny_config_hash_router_enabled }}"
+    basename: "{{ cinny_config_hash_router_basename }}"
+cinny_config_homeserver_list: []
+cinny_config_allow_custom_homeservers: true
+cinny_config_featured_communities_open_as_default: false
+cinny_config_featured_communities_spaces: []
+cinny_config_featured_communities_rooms: []
+cinny_config_featured_communities_servers: []
+cinny_config_hash_router_enabled: false
+cinny_config_hash_router_basename: "/"

roles/cinny/defaults/container.yml

@@ -0,0 +1,28 @@
+---
+cinny_container_image: >-
+  {{
+    cinny_container_image_registry + '/'
+    + ((cinny_container_image_namespace + '/')
+      if cinny_container_image_namespace | default(false, true) else '')
+    + cinny_container_image_name + ':'
+    + (cinny_container_image_tag | default('v' + cinny_version, true))
+  }}
+cinny_container_image_registry: "ghcr.io"
+cinny_container_image_namespace: "cinnyapp"
+cinny_container_image_name: "cinny"
+cinny_container_image_tag: ~
+cinny_container_name: "cinny"
+cinny_container_restart_policy: >-
+  {{ (cinny_deployment_method == 'docker')
+      | ternary('unless-stopped',
+        (cinny_deployment_method == 'podman' |
+          ternary('on-failure', 'always'))
+  }}
+
+cinny_container_full_volumes: >-
+  {{ cinny_container_default_volumes
+  + cinny_container_volumes | default([]) }}
+cinny_container_default_volumes:
+  - "{{ cinny_config_file }}:/usr/share/nginx/html/config.json:ro"
+
+

roles/cinny/defaults/main.yml

@@ -0,0 +1,18 @@
+---
+cinny_user: cinny
+cinny_state: "present"
+cinny_version: "4.2.1"
+cinny_deployment_method: "docker"
+
+cinny_base_path: "/opt/cinny"
+cinny_source_path: "{{ cinny_base_path }}/src"
+cinny_dist_path: "{{ cinny_source_path }}/dist"
+cinny_config_path: "{{ cinny_base_path }}/config"
+cinny_config_file: "{{ cinny_config_path }}/config.json"
+
+cinny_host_uid: >-
+  {{ cinny_user_info is defined
+  | ternary(cinny_user_info.uid, cinny_user) }}
+cinny_host_gid:
+  {{ cinny_user_info is defined
+  | ternary(cinny_user_info.group, cinny_user) }}

roles/cinny/defaults/nginx.yml

@@ -0,0 +1,9 @@
+---
+cinny_nginx_listen_port: 8080
+cinny_nginx_server: ~
+cinny_nginx_location: /
+
+cinny_nginx_available_sites: "/etc/nginx/sites-available"
+cinny_nginx_enabled_sites: "/etc/nginx/sites-enabled"
+cinny_nginx_vhost_name: "cinny"
+cinny_nginx_vhost_enable: true

roles/cinny/defaults/tarball.yml

@@ -0,0 +1,10 @@
+---
+cinny_tarball_server: "https://github.com"
+cinny_tarball_url: >-
+  {{ cinny_tarball_server }}/cinnyapp/cinny/releases/download/v{{ cinny_version }}/cinny-v{{ cinny_version }}.tar.gz
+cinny_tarball_url_username: ~
+cinny_tarball_url_password: ~
+
+cinny_tarball_path: "/tmp/cinny-v{{ cinny_version }}.tar.gz"
+
+cinny_running_version_file: "{{ cinny_source_path }}/cinny_version.txt"

roles/cinny/docs/docker.md

@@ -0,0 +1,33 @@
+# `cinny` deployment using `docker`
+
+> [!INFO]
+> Needs the python library `docker` on the `ansible_host`.
+
+## Configuration
+
+The following options to the
+[`docker_container` module](https://docs.ansible.com/ansible/latest/collections/community/docker/docker_container_module.html)
+are available under the `cinny_container_` prefix:
+
+- `env`
+- `ports`
+- `labels`
+- `networks`
+- `etc_hosts`
+- `purge_networks`
+
+The following variables are pre-populated by the role, so override them with care:
+
+- `name`
+- `image`
+- `user`
+- `volumes`
+- `restart_policy`
+
+## Pulling from a self-hosted container registry
+
+Set `cinny_container_image_registry` to use a self-hosted docker registry / mirror / cache.
+
+If you need to authenticate to your registry and are not yet logged in, set `cinny_container_image_registry_{username,password}` and the role will attempt to log in.
+
+Set `cinny_container_image_registry_reauthorize` to `true` if you want to force a reauthorization at the registry.

roles/cinny/docs/nginx.md

@@ -0,0 +1,11 @@
+# `cinny` deployment using `nginx` virtual host
+
+The role will create a virtual host named after `cinny_nginx_vhost_name` (default: `cinny`) in `cinny_nginx_available_sites` (default: `/etc/nginx/sites-available`).
+
+If you choose `cinny_nginx_vhost_enable` (default: `true`), it will also create a symlink from `cinny_nginx_enabled_sites` to it's vhost.
+
+> [!TIP]
+> If you are deploying multiple cinny instances on a single host, customize `cinny_nginx_vhost_name` to contain your `cinny_nginx_server` in order to avoid filename collisions.
+
+> [!IMPORTANT]
+> If `cinny_nginx_vhost_enable` is `true`, the role will expect `nginx` to be in the `$PATH` (in order to test the configuration using `nginx -t`)

roles/cinny/docs/tarball.md

@@ -0,0 +1,13 @@
+# `cinny` deployment from a tarball
+
+The role supports just downloading and extracting a tarball, which can
+then be served with a webserver of your own choice.
+
+When `cinny_deployment_method` is set to `tarball`, the directory
+`cinny_dist_path` (defaults to `/opt/cinny/src/dist`) needs to be
+served at the desired URL.
+
+Additionally, the following equivalent rules to
+[the sample docker+nginx configuration](https://github.com/cinnyapp/cinny/blob/dev/docker-nginx.conf)
+are needed for the webapp to work properly. For hosting in a path
+like `/app`, set `cinny_config_hash_router_basename`.

roles/cinny/tasks/configure.yml

@@ -0,0 +1,37 @@
+---
+- name: Ensure cinny user '{{ cinny_user }}' is {{ cinny_state }}
+  ansible.builtin.user:
+    name: "{{ cinny_user }}"
+    system: "{{ cinny_user_system | default(true, true) }}"
+    create_home: "{{ cinny_user_create_home | default(false, true) }}"
+    state: "{{ cinny_state }}"
+    groups: "{{ cinny_user_groups | default(omit) }}"
+    append: "{{ cinny_user_groups_append | default(omit) }}"
+  register: cinny_user_info
+
+- name: Ensure host path are {{ cinny_state }}
+  ansible.builtin.file:
+    name: "{{ path.name }}"
+    state: "{{ (cinny_state == 'present') | ternary('directory', 'absent') }}"
+    owner: "{{ path.owner | default(cinny_host_uid) }}"
+    group: "{{ path.group | default(cinny_host_gid) }}"
+    mode: "{{ path.mode | default('0750') }}"
+  loop_control:
+    loop_var: path
+    label: "{{ path.name }}"
+  loop:
+    - name: "{{ cinny_base_path }}"
+      mode: '0755'
+    - name: "{{ cinny_config_path }}"
+      mode: '0755'
+    - name: "{{ cinny_source_path }}"
+      mode: '0755'
+
+- name: Ensure config file is {{ cinny_state }}
+  ansible.builtin.copy:
+    content: "{{ cinny_config | to_nice_json }}"
+    dest: "{{ cinny_config_file }}"
+    owner: "{{ cinny_host_uid }}"
+    group: "{{ cinny_host_gid }}"
+    mode: "{{ cinny_config_file_mode | default('0664') }}"
+  when: cinny_state == 'present'

roles/cinny/tasks/deploy-apache2.yml

@@ -0,0 +1,3 @@
+---
+- fail:
+    msg: "Not yet implemented"

roles/cinny/tasks/deploy-caddy.yml

@@ -0,0 +1,3 @@
+---
+- fail:
+    msg: "Not yet implemented"

roles/cinny/tasks/deploy-docker.yml

@@ -0,0 +1,33 @@
+---
+- name: Ensure docker client is logged {{ (cinny_state == 'present') | ternary('in', 'out') }}
+  community.docker.docker_login:
+    registry_url: "{{ cinny_container_image_registry }}"
+    username: "{{ cinny_container_image_registry_username }}"
+    password: "{{ cinny_container_image_registry_password }}"
+    reauthorize: "{{ cinny_container_image_registry_reauthorize | default(omit, true) }}"
+    state: "{{ cinny_state }}"
+  when:
+    - cinny_container_image_registry_username | default(false, true)
+    - cinny_container_image_registry_password | default(false, true)
+
+- name: Ensure container image '{{ cinny_container_image }}' is {{ cinny_state }} locally
+  community.docker.docker_image:
+    name: "{{ cinny_container_image }}"
+    state: "{{ cinny_state }}"
+    source: "{{ cinny_container_source }}"
+    force_source: "{{ cinny_container_image_tag | default(false, true) }}"
+
+- name: Ensure container '{{ cinny_container_name }}' is {{ cinny_state }}
+  community.docker.docker_container:
+    name: "{{ cinny_container_name }}"
+    image: "{{ cinny_container_image }}"
+    state: "{{ (cinny_state == 'present') | ternary('started', 'absent') }}"
+    env: "{{ cinny_container_env | default(omit) }}"
+    user: "{{ cinny_container_user }}"
+    ports: "{{ cinny_container_ports | default(omit) }}"
+    labels: "{{ cinny_container_labels | default(omit) }}"
+    volumes: "{{ cinny_container_full_volumes }}"
+    networks: "{{ cinny_container_networks | default(omit) }}"
+    etc_hosts: "{{ cinny_container_etc_hosts | default(omit) }}"
+    restart_policy: "{{ cinny_container_restart_policy }}"
+    purge_networks: "{{ cinny_container_purge_networks | default(omit) }}"

roles/cinny/tasks/deploy-nginx.yml

@@ -0,0 +1,44 @@
+---
+- name: Deploy nginx virtual host config file
+  ansible.builtin.template:
+    src: nginx.conf.j2
+    dest: "{{ cinny_nginx_available_sites }}/{{ cinny_nginx_vhost_name }}"
+    mode: "0640"
+  when: cinny_state == 'present'
+
+- name: Enable nginx virtual host
+  ansible.builtin.file:
+    path: "{{ cinny_nginx_enabled_sites }}/{{ cinny_nginx_vhost_name }}"
+    src: "{{ cinny_nginx_available_sites }}/{{ cinny_nginx_vhost_name }}"
+    state: "{{ (cinny_state == 'present') | ternary('link', 'absent') }}"
+  when: cinny_nginx_vhost_enable
+
+- name: Clean up nginx virtural host config file
+  ansible.builtin.file:
+    path: "{{ cinny_nginx_available_sites }}/{{ cinny_nginx_vhost_name }}"
+    state: absent
+  when: cinny_state == 'absent'
+
+- name: Ensure nginx configuration is valid
+  ansible.builtin.command:
+    cmd: "nginx -t"
+  when:
+    - cinny_state == 'present'
+    - cinny_nginx_vhost_enable
+
+- name: Reload nginx using systemd
+  ansible.builtin.systemd_service:
+    name: "nginx.service"
+    state: reloaded
+  when:
+    - cinny_state == 'present'
+    - cinny_nginx_vhost_enable
+    - ansible_facts['service_mgr'] == 'systemd'
+
+- name: Inform user about required nginx reload
+  ansible.builtin.debug:
+    msg: "Restart nginx service (no systemd found)"
+  when:
+    - cinny_state == 'present'
+    - cinny_nginx_vhost_enable
+    - ansible_facts['service_mgr'] != 'systemd'

roles/cinny/tasks/deploy-podman.yml

@@ -0,0 +1,22 @@
+---
+- name: Ensure container image '{{ cinny_container_image }}' is {{ cinny_state }} locally
+  containers.podman.podman_image:
+    name: "{{ cinny_container_image }}"
+    state: "{{ cinny_state }}"
+    pull: "{{ cinny_container_source == 'pull' }}"
+    force: "{{ cinny_container_image_tag | default(false, true) }}"
+
+- name: Ensure container '{{ cinny_container_name }}' is {{ cinny_state }}
+  containers.podman.podman_container:
+    name: "{{ cinny_container_name }}"
+    image: "{{ cinny_container_image }}"
+    state: "{{ (cinny_state == 'present') | ternary('started', 'absent') }}"
+    env: "{{ cinny_container_env | default(omit) }}"
+    user: "{{ cinny_container_user }}"
+    ports: "{{ cinny_container_ports | default(omit) }}"
+    labels: "{{ cinny_container_labels | default(omit) }}"
+    volumes: "{{ cinny_container_full_volumes }}"
+    network: "{{ cinny_container_networks | default(omit) }}"
+    hostname: "{{ cinny_container_hostname | default(omit) }}"
+    etc_hosts: "{{ cinny_container_etc_hosts | default(omit) }}"
+    restart_policy: "{{ cinny_container_restart_policy }}"

roles/cinny/tasks/deploy-tarball.yml

@@ -0,0 +1,46 @@
+---
+- name: Check if running cinny version is saved on host
+  ansible.builtin.stat:
+    path: "{{ cinny_running_version_file }}"
+  register: cinny_running_version_st
+
+- name: Retrieve running cinny version
+  ansible.builtin.slurp:
+    path: "{{ cinny_running_version_file }}"
+  register: cinny_running_version_info
+  when: cinny_running_version_st.stat.exist
+
+- name: Extract running cinny version
+  set_fact:
+    cinny_is_update: >-
+      {{ not cinny_running_version_st.stat.exist or
+      (cinny_version | version(cinny_running_version, 'gt', version_type='semver'))
+  vars:
+    cinny_running_version: >-
+      {{ (cinny_running_version_info is defined)
+        | ternary(cinny_running_version_info['content'] | b64decode, false) }}
+
+- name: Download tarball from GitHub release page
+  ansible.builtin.get_url:
+    url: "{{ cinny_tarball_url }}"
+    dest: "{{ cinny_tarball_path }}"
+    url_username: "{{ cinny_tarball_url_username | default(omit, true) }}"
+    url_password: "{{ cinny_tarball_url_password | default(omit, true) }}"
+    mode: "0664"
+  when: cinny_is_update
+
+- name: Ensure old application files are gone
+  ansible.builtin.file:
+    path: "{{ cinny_dist_path }}"
+    state: absent
+  when: cinny_is_update
+
+- name: Extract tarball to {{ cinny_source_path }}
+  ansible.builtin.unarchive:
+    src: "{{ cinny_tarball_path }}"
+    dest: "{{ cinny_source_path }}"
+    remote_src: true
+    owner: "{{ cinny_host_uid }}"
+    group: "{{ cinny_host_gid }}"
+    mode: "u+rwX,g+rwX,o+rX"
+  when: cinny_is_update

roles/cinny/tasks/main.yml

@@ -0,0 +1,23 @@
+---
+- name: Check if state is valid
+  ansible.builtin.fail:
+    msg: "Unknown state '{{ cinny_state }}'. Valid states are {{ cinny_states | join(', ') }}"
+  when: cinny_state not in cinny_states
+
+- name: Check if deployment method is supported
+  ansible.builtin.fail:
+    msg: "Deployment method '{{ cinny_deployment_method }}' is not supported! (supported are: {{ cinny_deployment_methods | join(', ') }})"
+  when: cinny_deployment_method not in cinny_deployment_methods
+
+- name: Include base configuration
+  ansible.builtin.include_tasks:
+    file: configure.yml
+
+- name: Deploy tarball if required
+  ansible.builtin.include_tasks:
+    file: deploy-tarball.yml
+  when: cinny_deployment_method in cinny_needs_tarball
+
+- name: Deploy using {{ cinny_deployment_method }}
+  ansible.builtin.include_tasks:
+    file: "deploy-{{ cinny_deployment_method }}.yml"

roles/cinny/templates/nginx.conf.j2

@@ -0,0 +1,23 @@
+server {
+  listen {{ cinny_nginx_listen_port }};
+  listen [::]:{{ cinny_nginx_listen_port }};
+
+  {%- if cinny_nginx_server_name | default(false, true) %}
+  server_name {{ cinny_nginx_server_name }};
+  {%- endif %}
+  location {{ cinny_nginx_location }} {
+    root {{ cinny_dist_path }};
+
+    rewrite ^/config.json$ /config.json break;
+    rewrite ^/manifest.json$ /manifest.json break;
+
+    rewrite ^.*/olm.wasm$ /olm.wasm break;
+    rewrite ^/sw.js$ /sw.js break;
+    rewrite ^/pdf.worker.min.js$ /pdf.worker.min.js break;
+
+    rewrite ^/public/(.*)$ /public/$1 break;
+    rewrite ^/assets/(.*)$ /assets/$1 break;
+
+    rewrite ^(.+)$ /index.html break;
+  }
+}

roles/cinny/vars/main.yml

@@ -0,0 +1,17 @@
+---
+cinny_states:
+  - present
+  - absent
+
+cinny_deployment_methods:
+  - docker
+  - podman
+  - nginx
+  - caddy
+  - apache2
+  - tarball
+
+cinny_needs_tarball:
+  - nginx
+  - caddy
+  - apache2

roles/synapse/defaults/main.yml

@@ -0,0 +1,41 @@
+---
+
+synapse_user: synapse
+synapse_version: "1.91.1"
+synapse_base_path: /opt/synapse
+synapse_config_path: "{{ synapse_base_path }}/config"
+synapse_data_path: "{{ synapse_base_path }}/data"
+synapse_media_store_path: "{{ synapse_data_path }}/matrix"
+synapse_homeserver_config_file: "{{ synapse_config_path }}/homeserver.yaml"
+synapse_logging_config_file: "{{ synapse_config_path }}/{{ synapse_domain }}.log.config"
+
+synapse_container_name: synapse
+synapse_container_image_reference: >-2
+  {{ synapse_container_image_repository
+  ~ (synapse_container_image_tag
+      | default('v' ~ synapse_version, true) }}
+synapse_container_image_registry: ghcr.io
+synapse_container_image_namespace: matrix-org
+synapse_container_image_name: synapse
+synapse_container_image_repository: >-2
+  {{ synapse_container_image_registry
+  ~ (('/' ~ synapse_container_image_namespace)
+      if synapse_container_image_namespace else '')
+  ~ '/' ~ synapse_container_image_name }}
+#synapse_container_image_tag: ~
+synapse_container_env: {}
+synapse_container_user: ~
+synapse_container_group: ~
+synapse_container_ports: ~
+synapse_container_labels: ~
+synapse_container_ulimits: ~
+synapse_container_volumes: ~
+synapse_container_networks: ~
+synapse_container_purge_networks: ~
+synapse_container_dns_servers: ~
+synapse_container_etc_hosts: ~
+synapse_container_memory: ~
+synapse_container_memory_reservation: ~
+synapse_container_memory_swap: ~
+synapse_container_state: "started"
+synapse_container_restart_policy: "unless-stopped"

roles/synapse/tasks/main.yml

@@ -0,0 +1,78 @@
+---
+
+- name: Ensure synapse user '{{ synapse_user }}' exists
+  ansible.builtin.user:
+    name: "{{ synapse_user }}"
+    state: "present"
+    system: true
+    create_home: false
+    groups: "{{ synapse_user_groups | default(omit, true) }}"
+    append: "{{ (synapse_user_groups is defined) | ternary(true, omit) }}"
+  register: synapse_user_info
+
+- name: Ensure directories for synapse are created
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: "directory"
+    mode: "{{ item.mode | default('0750') }}"
+    owner: "{{ item.owner | default(synapse_user_info.uid | default(synapse_user)) }}"
+    group: "{{ item.group | default(synapse_user_info.group | default(synapse_user)) }}"
+  loop:
+    - path: "{{ synapse_base_path }}"
+      mode: "0755"
+    - path: "{{ synapse_config_path }}"
+    - path: "{{ synapse_data_path }}"
+    - path: "{{ synapse_media_store_path }}"
+  loop_control:
+    label: "{{ item.path }}"
+
+- name: Ensure configuration files are templated
+  ansible.builtin.copy:
+    dest: "{{ config_file.path }}"
+    content: "{{ config_file.content }}"
+    mode: "{{ config_file.mode | default('0640') }}"
+    owner: "{{ config_file.owner | default(synapse_user_info.uid | default(synapse_user)) }}"
+    group: "{{ config_file.group | default(synapse_user_info.group | default(synapse_user)) }}"
+  loop: >-
+    {{ synapse_configs_to_write + synapse_configs | default([]) }}
+  loop_control:
+    loop_var: config_file
+    label: "{{ config_file.path }}"
+  vars:
+    synapse_configs_to_write:
+      - content: "{{ synapse_config | to_nice_yaml(width=1000) }}"
+        path: "{{ synapse_homeserver_config_file }}"
+      - content: "{{ synapse_log_config | to_nice_yaml(width=1000) }}"
+        path: "{{ synapse_logging_config_file }}"
+
+- name: Ensure container image '{{ synapse_container_image_reference }}' is present on host
+  community.docker.docker_image:
+    name: "{{ synapse_container_image_reference }}"
+    state: present
+    source: pull
+    force_source: "{{ synapse_container_image_tag is defined  and synapse_container_image_tag }}"
+  when: synapse_deployment_method == 'docker'
+  register: synapse_container_image_info
+  until: synapse_container_image_info is success
+  retries: 10
+  delay: 5
+
+- name: Ensure synapse container '{{ synapse_container_name }}' is in the desired state
+  community.docker.docker_container:
+    name: "{{ synapse_container_name }}"
+    env: "{{ synapse_container_env | default(omit, true) }}"
+    user: "{{ synapse_container_user | default(omit, true) }}"
+    group: "{{ synapse_container_group | default(omit, true) }}"
+    ports: "{{ synapse_container_ports | default(omit, true) }}"
+    labels: "{{ synapse_container_labels | default(omit, true) }}"
+    ulimits: "{{ synapse_container_ulimits | default(omit, true) }}"
+    volumes: "{{ synapse_container_volumes | default(omit, true) }}"
+    networks: "{{ synapse_container_networks | default(omit, true) }}"
+    purge_networks: "{{ synapse_container_purge_networks | default(omit, true) }}"
+    dns_servers: "{{ synapse_container_dns_servers | default(omit, true) }}"
+    etc_hosts: "{{ synapse_container_etc_hosts | default(omit, true) }}"
+    memory: "{{ synapse_container_memory | default(omit, true) }}"
+    memory_reservation: "{{ synapse_container_memory_reservation | default(omit, true) }}"
+    memory_swap: "{{ synapse_container_memory_swap | default(omit, true) }}"
+    restart_policy: "{{ synapse_container_restart_policy }}"
+    state: "{{ synapse_container_state }}"