feat(synapse): add deployment method virtualenv

roles/synapse/README.md

@@ -20,10 +20,18 @@ The following variables need to be populated:
 
 - `docker`
 - `podman`
+- `virtualenv` - Python virtual env supervised with `systemd`
 
 Set `synapse_deployment_method` to one of the supported deployment methods.
 The current default is `docker`.
 
-### Planned deployment methods
+### `virtualenv` deployment method
 
-- `venv` - Python virtual env supervised with `systemd`
+This deployment method installs a `systemd` service called `synapse.service` to
+control the homeserver process. The service depends on the `network.target` by
+default (see [`synapse_systemd_unit_after`](synapse/main/systemd.yml)), and
+uses the `default.target` as it's `WantedBy`
+(see [`synapse_systemd_install_wanted_by`](synapse/main/systemd.yml)).
+
+To only start synapse after, for example, services for redis and postgresql are up,
+set `synapse_systemd_unit_wants: [ "postgresql.service", "redis.service" ]`.

roles/synapse/defaults/main/main.yml

@@ -1,6 +1,6 @@
 ---
-
 synapse_user: synapse
+synapse_group: synapse
 synapse_version: "1.115.0"
 synapse_state: "present"
 synapse_deployment_method: "docker"
@@ -11,6 +11,7 @@ synapse_data_path: "{{ synapse_base_path }}/data"
 synapse_media_store_path: "{{ synapse_data_path }}/media_store"
 synapse_log_path: "/var/log/synapse"
 synapse_homeserver_log_path: "{{ synapse_log_path }}/homeserver.log"
+synapse_venv_path: "{{ synapse_base_path }}/venv"
 
 synapse_signing_key: ~
 synapse_signing_key_file: >-

roles/synapse/defaults/main/systemd.yml

@@ -0,0 +1,23 @@
+---
+synapse_systemd_service_name: "synapse.service"
+synapse_systemd_service_directory: /etc/systemd/system
+synapse_systemd_service_file: >-2
+  {{ synapse_systemd_service_directory }}/{{ synapse_systemd_service_name }}
+
+synapse_systemd_service_state: >-2
+  {{ (synapse_state == 'present') | ternary('started', 'stopped') }}
+synapse_systemd_service_enabled: >-2
+  {{ (synapse_state == 'present') | bool }}
+
+synapse_systemd_unit_description: "Synapse matrix homeserver"
+synapse_systemd_service_type: simple
+synapse_systemd_service_exec_start: >-2
+  {{ synapse_venv_path }}/bin/python \
+    -m synapse.app.homeserver \
+    --config-path={{ synapse_homeserver_config_file }}
+synapse_systemd_service_restart: always
+
+synapse_systemd_unit_after:
+  - "network.target"
+synapse_systemd_unit_wants: []
+synapse_systemd_install_wanted_by: "default.target"

roles/synapse/defaults/main/user.yml

@@ -0,0 +1,21 @@
+---
+synapse_user_base_groups:
+  - "{{ synapse_run_group }}"
+synapse_user_groups: ~
+synapse_user_all_groups: >-2
+  {{ synapse_user_base_groups | default([], true)
+    + synapse_user_groups | default([], true) }}
+synapse_user_groups_append: "{{ synapse_user_all_groups | length > 0 }}"
+synapse_run_user: >-2
+  {{ synapse_user_info.name | default(synapse_user) }}
+synapse_run_group: >-2
+  {{ (synapse_user_info is defined and ('groups' in synapse_user_info))
+    | ternary(
+      (synapse_user_info.groups | default("") | split(",") | first),
+      synapse_group
+    )
+  }}
+synapse_run_user_id: >-2
+  {{ synapse_user_info.uid | default(synapse_user) }}
+synapse_run_group_id: >-2
+  {{ synapse_user_info.group | default(synapse_user) }}

roles/synapse/defaults/main/virtualenv.yml

@@ -0,0 +1,11 @@
+---
+synapse_venv_package: "matrix-synapse[all]"
+synapse_venv_pip_dependencies:
+  - pip
+  - setuptools
+synapse_venv_package_full: >-2
+  {{ synapse_venv_package }}@{{ synapse_version }}
+
+synapse_venv_python_binary: >-2
+  {{ ansible_python_interpreter | default(omit, true) }}
+synapse_venv_extra_args: ~

roles/synapse/handlers/main.yml

@@ -14,3 +14,8 @@
     state: "{{ synapse_container_state }}"
     force_restart: true
   when: synapse_deployment_method == 'podman'
+
+- name: Ensure systemd units are reloaded
+  listen: systemd-daemon-reload
+  ansible.builtin.systemd:
+    daemon_reload: true

roles/synapse/tasks/configure.yml

@@ -1,12 +1,19 @@
 ---
+- name: Ensure synapse group '{{ synapse_group }}' is {{ synapse_state }}
+  ansible.builtin.group:
+    name: "{{ synapse_group }}"
+    system: "{{ synapse_group_system | default(true, true) }}"
+    state: "{{ synapse_state }}"
+  register: synapse_group_info
+
 - name: Ensure synapse user '{{ synapse_user }}' is {{ synapse_state }}
   ansible.builtin.user:
     name: "{{ synapse_user }}"
     state: "{{ synapse_state }}"
     system: "{{ synapse_user_system | default(true, true) }}"
     create_home: "{{ synapse_user_create_home | default(false, true) }}"
-    groups: "{{ synapse_user_groups | default(omit, true) }}"
-    append: "{{ (synapse_user_groups is defined) | ternary(true, omit) }}"
+    groups: "{{ synapse_user_all_groups | default(omit, true) }}"
+    append: "{{ synapse_user_groups_append | default(omit, true) }}"
   register: synapse_user_info
 
 - name: Ensure directories for synapse are {{ synapse_state }}

roles/synapse/tasks/deploy-virtualenv.yml

@@ -0,0 +1,48 @@
+---
+- name: Ensure directory for virtualenv is {{ synapse_state }}
+  ansible.builtin.file:
+    path: "{{ synapse_venv_path }}"
+    owner: >-2
+      {{ synapse_user_info.uid | default(synapse_user) }}
+    group: >-2
+      {{ synapse_user_info.group | default(synapse_user) }}
+    mode: "{{ synapse_venv_path_mode | default('0755') }}"
+    state: >-
+      {{ (synapse_state == 'present')
+        | ternary('directory', 'absent') }}
+
+- name: Ensure virtual environment is {{ synapse_state }}
+  ansible.builtin.pip:
+    name: "{{ synapse_venv_pip_dependencies }}"
+    virtualenv: "{{ synapse_venv_path }}"
+    virtualenv_python: "{{ synapse_venv_python_binary }}"
+    extra_args: "{{ synapse_venv_extra_args | default(omit, true) }}"
+    state: "{{ synapse_state }}"
+
+- name: Ensure synapse pip package is {{ synapse_state }}
+  ansible.builtin.pip:
+    name: "{{ synapse_venv_package }}"
+    version: "{{ synapse_version }}"
+    state: "{{ synapse_state }}"
+    virtualenv: "{{ synapse_venv_path }}"
+  notify:
+    - synapse-restart
+
+- name: Ensure systemd unit is {{ synapse_state }}
+  ansible.builtin.template:
+    src: "synapse.service.j2"
+    dest: "{{ synapse_systemd_service_file }}"
+  notify:
+    - systemd-daemon-reload
+
+- meta: flush_handlers
+
+- name: Ensure systemd service is {{ synapse_state }}
+  ansible.builtin.systemd:
+    name: "{{ synapse_systemd_service_name }}"
+    state: "{{ synapse_systemd_service_state }}"
+
+- name: Ensure systemd service is {{ synapse_systemd_service_enabled | ternary('enabled', 'disabled') }}
+  ansible.builtin.systemd:
+    name: "{{ synapse_systemd_service_name }}"
+    enabled: "{{ synapse_systemd_service_enabled }}"

roles/synapse/templates/synapse.service.j2

@@ -0,0 +1,22 @@
+[Unit]
+Description="{{ synapse_systemd_unit_description }}"
+
+{% if synapse_systemd_unit_after | default([]) | length > 0 %}
+After={{ synapse_systemd_unit_after | join(' ') }}
+{% endif %}
+{% if synapse_systemd_unit_wants | default([]) | length > 0 %}
+Wants={{ synapse_systemd_unit_wants | join(' ') }}
+{% endif %}
+
+[Service]
+Type={{ synapse_systemd_service_type }}
+WorkingDirectory={{ synapse_venv_path }}
+ExecStart={{ synapse_systemd_service_exec_start }}
+
+User={{ synapse_run_user }}
+Group={{ synapse_run_group }}
+
+Restart={{ synapse_systemd_service_restart }}
+
+[Install]
+WantedBy={{ synapse_systemd_install_wanted_by }}

roles/synapse/vars/main.yml

@@ -6,6 +6,7 @@ synapse_states:
 synapse_deployment_methods:
   - docker
   - podman
+  - virtualenv
 
 synapse_required_variables:
   - synapse_domain