commit 62346d61a8d52a6409245aaa25707e1a8d4fd1b0 Author: transcaffeine Date: Thu Sep 19 15:37:04 2024 +0200 feat(cinny): add ansible role diff --git a/LICENSE.md b/LICENSE.md new file mode 100644 index 0000000..f31139d --- /dev/null +++ b/LICENSE.md @@ -0,0 +1,482 @@ +THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS +COOPERATIVE NON-VIOLENT PUBLIC LICENSE (\"LICENSE\"). THE WORK IS +PROTECTED BY COPYRIGHT AND ALL OTHER APPLICABLE LAWS. ANY USE OF THE +WORK OTHER THAN AS AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS +PROHIBITED. BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED IN THIS +LICENSE, YOU AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE.TO THE +EXTENT THIS LICENSE MAY BE CONSIDERED TO BE A CONTRACT, THE LICENSOR +GRANTS YOU THE RIGHTS CONTAINED HERE IN AS CONSIDERATION FOR ACCEPTING +THE TERMS AND CONDITIONS OF THIS LICENSE AND FOR AGREEING TO BE BOUND BY +THE TERMS AND CONDITIONS OF THIS LICENSE. + +# Definitions + +An Act of War is any action of one country against any group either with +an intention to provoke a conflict or an action that occurs during a +declared war or during armed conflict between military forces of any +origin. This includes but is not limited to enforcing sanctions or +sieges, supplying armed forces, or profiting from the manufacture of +tools or weaponry used in military conflict. + +An Adaptation is a work based upon the Work, or upon the Work and other +pre-existing works, such as a translation, adaptation, derivative work, +arrangement of music or other alterations of a literary or artistic +work, or phonogram or performance and includes cinematographic +adaptations or any other form in which the Work may be recast, +transformed, or adapted including in any form recognizably derived from +the original, except that a work that constitutes a Collection will not +be considered an Adaptation for the purpose of this License. For the +avoidance of doubt, where the Work is a musical work, performance or +phonogram, the synchronization of the Work in timed-relation with a +moving image (\"synching\") will be considered an Adaptation for the +purpose of this License. In addition, where the Work is designed to +output a neural network the output of the neural network will be +considered an Adaptation for the purpose of this license. + +Bodily Harm is any physical hurt or injury to a person that interferes +with the health or comfort of the person and that is more than merely +transient or trifling in nature. + +Distribute is to make available to the public the original and copies of +the Work or Adaptation, as appropriate, through sale, gift or any other +transfer of possession or ownership. + +Incarceration is Confinement in a jail, prison, or any other place where +individuals of any kind are held against either their will or (if their +will cannot be determined) the will of their legal guardian or +guardians. In the case of a conflict between the will of the individual +and the will of their legal guardian or guardians, the will of the +individual will take precedence. + +Licensor is The individual, individuals, entity, or entities that +offer(s) the Work under the terms of this License + +Original Author is in the case of a literary or artistic work, the +individual, individuals, entity or entities who created the Work or if +no individual or entity can be identified, the publisher; and in +addition + +- in the case of a performance the actors, singers, musicians, + dancers, and other persons who act, sing, deliver, declaim, play in, + interpret or otherwise perform literary or artistic works or + expressions of folklore; + +- in the case of a phonogram the producer being the person or legal + entity who first fixes the sounds of a performance or other sounds; + and, + +- in the case of broadcasts, the organization that transmits the + broadcast. + +Work is the literary and/or artistic work offered under the terms of +this License including without limitation any production in the +literary, scientific and artistic domain, whatever may be the mode or +form of its expression including digital form, such as a book, pamphlet +and other writing; a lecture, address, sermon or other work of the same +nature; a dramatic or dramatico-musical work; a choreographic work or +entertainment in dumb show; a musical composition with or without words; +a cinematographic work to which are assimilated works expressed by a +process analogous to cinematography; a work of drawing, painting, +architecture, sculpture, engraving or lithography; a photographic work +to which are assimilated works expressed by a process analogous to +photography; a work of applied art; an illustration, map, plan, sketch +or three-dimensional work relative to geography, topography, +architecture or science; a performance; a broadcast; a phonogram; a +compilation of data to the extent it is protected as a copyrightable +work; or a work performed by a variety or circus performer to the extent +it is not otherwise considered a literary or artistic work. + +You means an individual or entity exercising rights under this License +who has not previously violated the terms of this License with respect +to the Work, or who has received express permission from the Licensor to +exercise rights under this License despite a previous violation. + +Publicly Perform means to perform public recitations of the Work and to +communicate to the public those public recitations, by any means or +process, including by wire or wireless means or public digital +performances; to make available to the public Works in such a way that +members of the public may access these Works from a place and at a place +individually chosen by them; to perform the Work to the public by any +means or process and the communication to the public of the performances +of the Work, including by public digital performance; to broadcast and +rebroadcast the Work by any means including signs, sounds or images. + +Reproduce is to make copies of the Work by any means including without +limitation by sound or visual recordings and the right of fixation and +reproducing fixations of the Work, including storage of a protected +performance or phonogram in digital form or other electronic medium. + +Software is any digital Work which, through use of a third-party piece +of Software or through the direct usage of itself on a computer system, +the memory of the computer is modified dynamically or semi-dynamically. +\"Software\", secondly, processes or interprets information. + +Source Code is Any digital Work which, through use of a third-party +piece of Software or through the direct usage of itself on a computer +system, the memory of the computer is modified dynamically or +semi-dynamically. \"Software\", secondly, processes or interprets +information. + +Surveilling is the use of the Work to either overtly or covertly observe +and record persons and or their activities. + +A Network Service is the use of a piece of Software to interpret or +modify information that is subsequently and directly served to users +over the Internet. + +To Discriminate is the use of a piece of Software to interpret or modify +information that is subsequently and directly served to users over the +Internet. + +Hate Speech is Communication or any form of expression which is solely +for the purpose of expressing hatred for some group or advocating a form +of Discrimination between humans. + +Coercion is leveraging of the threat of force or use of force to +intimidate a person in order to gain compliance, or to offer large +incentives which aim to entice a person to act against their will. + +# Fair Dealing Rights + +Nothing in this License is intended to reduce, limit, or restrict any +uses free from copyright or rights arising from limitations or +exceptions that are provided for in connection with the copyright +protection under copyright law or other applicable laws. + +# License Grant + +Subject to the terms and conditions of this License, Licensor hereby +grants You a worldwide, royalty-free, non-exclusive, perpetual (for the +duration of the applicable copyright) license to exercise the rights in +the Work as stated below: + +To Reproduce the Work, to incorporate the Work into one or more +Collections, and to Reproduce the Work as incorporated in the +Collections + +To create and Reproduce Adaptations provided that any such Adaptation, +including any translation in any medium, takes reasonable steps to +clearly label, demarcate or otherwise identify that changes were made to +the original Work. For example, a translation could be marked \"The +original work was translated from English to Spanish,\" or a +modification could indicate \"The original work has been modified.\" + +To Distribute and Publicly Perform the Work including as incorporated in +Collections. + +To Distribute and Publicly Perform Adaptations. The above rights may be +exercised in all media and formats whether now known or hereafter +devised. The above rights include the right to make such modifications +as are technically necessary to exercise the rights in other media and +formats. This License constitutes the entire agreement between the +parties with respect to the Work licensed here. There are no +understandings, agreements or representations with respect to the Work +not specified here. Licensor shall not be bound by any additional +provisions that may appear in any communication from You. This License +may not be modified without the mutual written agreement of the Licensor +and You. All rights not expressly granted by Licensor are hereby +reserved, including but not limited to the rights set forth in +Non-waivable Compulsory License Schemes, Waivable Compulsory License +Schemes, and Voluntary License Schemes in the restrictions. + +# Restrictions + +The license granted in the license grant above is expressly made subject +to and limited by the following restrictions: + +You may Distribute or Publicly Perform the Work only under the terms of +this License. You must include a copy of, or the Uniform Resource +Identifier (URI) for, this License with every copy of the Work You +Distribute or Publicly Perform. You may not offer or impose any terms on +the Work that restrict the terms of this License or the ability of the +recipient of the Work to exercise the rights granted to that recipient +under the terms of the License. You may not sublicense the Work. You +must keep intact all notices that refer to this License and to the +disclaimer of warranties with every copy of the Work You Distribute or +Publicly Perform. When You Distribute or Publicly Perform the Work, You +may not impose any effective technological measures on the Work that +restrict the ability of a recipient of the Work from You to exercise the +rights granted to that recipient under the terms of the License. This +Section applies to the Work as incorporated in a Collection, but this +does not require the Collection apart from the Work itself to be made +subject to the terms of this License. If You create a Collection, upon +notice from any Licensor You must, to the extent practicable, remove +from the Collection any credit as requested. If You create an +Adaptation, upon notice from any Licensor You must, to the extent +practicable, remove from the Adaptation any credit as requested. + +## Commercial Restrictions + +You may not exercise any of the rights granted to You in the above +section in any manner that is primarily intended for or directed toward +commercial advantage or private monetary compensation unless you meet +the following requirements. + +i. You are a worker-owned business or worker-owned collective. + +ii. after tax, all financial gain, surplus, profits and benefits + produced by the business or collective are distributed among the + worker-owners unless a set amount is to be allocated towards + community projects as decided by a previously-established consensus + agreement between the worker-owners where all worker-owners agreed. + +iii. You are not using such rights on behalf of a business other than + those specified in (i) or (ii) above, nor are using such rights as + a proxy on behalf of a business with the intent to circumvent the + aforementioned restrictions on such a business. + +The exchange of the Work for other copyrighted works by means of digital +file-sharing or otherwise shall not be considered to be intended for or +directed toward commercial advantage or private monetary compensation, +provided there is no payment of any monetary compensation in connection +with the exchange of copyrighted works. + +If the Work meets the definition of Software, You may exercise the +rights granted in the license grant only if You provide a copy of the +corresponding Source Code from which the Work was derived in digital +form, or You provide a URI for the corresponding Source Code of the +Work, to any recipients upon request. + +If the Work is used as or for a Network Service, You may exercise the +rights granted in the license grant only if You provide a copy of the +corresponding Source Code from which the Work was derived in digital +form, or You provide a URI for the corresponding Source Code to the +Work, to any recipients of the data served or modified by the Web +Service. + +Any use by a business that is privately owned and managed, and that +seeks to generate profit from the labor of employees paid by salary or +other wages, is not permitted under this license. + +## + +You may exercise the rights granted in the license grant for any +purposes only if: + +i. You do not use the Work for the purpose of inflicting Bodily Harm on + human beings (subject to criminal prosecution or otherwise) outside + of providing medical aid or undergoing a voluntary procedure under + no form of Coercion. + +ii. You do not use the Work for the purpose of Surveilling or tracking + individuals for financial gain. + +iii. You do not use the Work in an Act of War. + +iv. You do not use the Work for the purpose of supporting or profiting + from an Act of War. + +v. You do not use the Work for the purpose of Incarceration. + +vi. You do not use the Work for the purpose of extracting, processing, + or refining, oil, gas, or coal. Or to in any other way to + deliberately pollute the environment as a byproduct of manufacturing + or irresponsible disposal of hazardous materials. + +vii. You do not use the Work for the purpose of expediting, + coordinating, or facilitating paid work undertaken by individuals + under the age of 12 years. + +viii. You do not use the Work to either Discriminate or spread Hate + Speech on the basis of sex, sexual orientation, gender identity, + race, age, disability, color, national origin, religion, caste, or + lower economic status. + +## + +If You Distribute, or Publicly Perform the Work or any Adaptations or +Collections, You must, unless a request has been made by any Licensor to +remove credit from a Collection or Adaptation, keep intact all copyright +notices for the Work and provide, reasonable to the medium or means You +are utilizing: + +i. the name of the Original Author (or pseudonym, if applicable) if + supplied, and/or if the Original Author and/or Licensor designate + another party or parties (e.g., a sponsor institute, publishing + entity, journal) for attribution (\"Attribution Parties\") in + Licensor\'s copyright notice, terms of service or by other + reasonable means, the name of such party or parties; + +ii. the title of the Work if supplied; + +iii. to the extent reasonably practicable, the URI, if any, that + Licensor to be associated with the Work, unless such URI does not + refer to the copyright notice or licensing information for the + Work; and, + +iv. in the case of an Adaptation, a credit identifying the use of the + Work in the Adaptation (e.g., \"French translation of the Work by + Original Author,\" or \"Screenplay based on original Work by + Original Author\"). + +If any Licensor has sent notice to request removing credit, You must, to +the extent practicable, remove any credit as requested. The credit +required by this Section may be implemented in any reasonable manner; +provided, however, that in the case of an Adaptation or Collection, at a +minimum such credit will appear, if a credit for all contributing +authors of the Adaptation or Collection appears, then as part of these +credits and in a manner at least as prominent as the credits for the +other contributing authors. For the avoidance of doubt, You may only use +the credit required by this Section for the purpose of attribution in +the manner set out above and, by exercising Your rights under this +License, You may not implicitly or explicitly assert or imply any +connection with, sponsorship or endorsement by the Original Author, +Licensor and/or Attribution Parties, as appropriate, of You or Your use +of the Work, without the separate, express prior written permission of +the Original Author, Licensor and/or Attribution Parties. + +Non-waivable Compulsory License Schemes. In those jurisdictions in which +the right to collect royalties through any statutory or compulsory +licensing scheme cannot be waived, the Licensor reserves the exclusive +right to collect such royalties for any exercise by You of the rights +granted under this License + +Waivable Compulsory License Schemes. In those jurisdictions in which the +right to collect royalties through any statutory or compulsory licensing +scheme can be waived, the Licensor reserves the exclusive right to +collect such royalties for any exercise by You of the rights granted +under this License if Your exercise of such rights is for a purpose or +use which is otherwise than noncommercial as permitted under Commercial +Restrictions and otherwise waives the right to collect royalties through +any statutory or compulsory licensing scheme. + +Voluntary License Schemes. The Licensor reserves the right to collect +royalties, whether individually or, in the event that the Licensor is a +member of a collecting society that administers voluntary licensing +schemes, via that society, from any exercise by You of the rights +granted under this License that is for a purpose or use which is +otherwise than noncommercial as permitted under the license grant. + +Except as otherwise agreed in writing by the Licensor or as may be +otherwise permitted by applicable law, if You Reproduce, Distribute or +Publicly Perform the Work either by itself or as part of any Adaptations +or Collections, You must not distort, mutilate, modify or take other +derogatory action in relation to the Work which would be prejudicial to +the Original Author\'shonor or reputation. Licensor agrees that in those +jurisdictions (e.g. Japan), in which any exercise of the right granted +in the license grant of this License (the right to make Adaptations) +would be deemed to be a distortion, mutilation, modification or other +derogatory action prejudicial to the Original Author\'s honor and +reputation, the Licensor will waive or not assert, as appropriate, this +Section, to the fullest extent permitted by the applicable national law, +to enable You to reasonably exercise Your right under the license grant +of this License (right to make Adaptations) but not otherwise. + +Do not make any legal claim against anyone accusing the Work, with or +without changes, alone or with other works, of infringing any patent +claim. + +# Representations Warranties and Disclaimer + +UNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN WRITING, LICENSOR +OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY +KIND CONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, +INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY, +FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF +LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF ERRORS, +WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE +EXCLUSION OF IMPLIED WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY TO YOU. + +# Limitation on Liability + +EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE LAW, IN NO EVENT WILL +LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY SPECIAL, +INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF +THIS LICENSE OR THE USE OF THE WORK, EVEN IF LICENSOR HAS BEEN ADVISED +OF THE POSSIBILITY OF SUCH DAMAGES. + +# Termination + +This License and the rights granted hereunder will terminate +automatically upon any breach by You of the terms of this License. +Individuals or entities who have received Adaptations or Collections +from You under this License, however, will not have their licenses +terminated provided such individuals or entities remain in full +compliance with those licenses. The Sections on definitions, fair +dealing rights, representations, warranties, and disclaimer, limitation +on liability, termination, and revised license versions will survive any +termination of this License. + +Subject to the above terms and conditions, the license granted here is +perpetual (for the duration of the applicable copyright in the Work). +Notwithstanding the above, Licensor reserves the right to release the +Work under different license terms or to stop distributing the Work at +any time; provided, however that any such election will not serve to +withdraw this License (or any other license that has been, or is +required to be, granted under the terms of this License), and this +License will continue in full force and effect unless terminated as +stated above. + +# Revised License Versions + +This License may receive future revisions in the original spirit of the +license intended to strengthen This License. Each version of This +License has an incrementing version number. + +Unless otherwise specified like in the below subsection The Licensor has +only granted this current version of This License for The Work. In this +case future revisions do not apply. + +The Licensor may specify that the latest available revision of This +License be used for The Work by either explicitly writing so or by +suffixing the License URI with a \"+\" symbol. + +The Licensor may specify that The Work is also available under the terms +of This License\'s current revision as well as specific future +revisions. The Licensor may do this by writing it explicitly or +suffixing the License URI with any additional version numbers each +separated by a comma. + +# Miscellaneous + +Each time You Distribute or Publicly Perform the Work or a Collection, +the Licensor offers to the recipient a license to the Work on the same +terms and conditions as the license granted to You under this License. + +Each time You Distribute or Publicly Perform an Adaptation, Licensor +offers to the recipient a license to the original Work on the same terms +and conditions as the license granted to You under this License. + +If the Work is classified as Software, each time You Distribute or +Publicly Perform an Adaptation, Licensor offers to the recipient a copy +and/or URI of the corresponding Source Code on the same terms and +conditions as the license granted to You under this License. + +If the Work is used as a Network Service, each time You Distribute or +Publicly Perform an Adaptation, or serve data derived from the Software, +the Licensor offers to any recipients of the data a copy and/or URI of +the corresponding Source Code on the same terms and conditions as the +license granted to You under this License. + +If any provision of this License is invalid or unenforceable under +applicable law, it shall not affect the validity or enforceability of +the remainder of the terms of this License, and without further action +by the parties to this agreement, such provision shall be reformed to +the minimum extent necessary to make such provision valid and +enforceable. + +No term or provision of this License shall be deemed waived and no +breach consented to unless such waiver or consent shall be in writing +and signed by the party to be charged with such waiver or consent. + +This License constitutes the entire agreement between the parties with +respect to the Work licensed here. There are no understandings, +agreements or representations with respect to the Work not specified +here. Licensor shall not be bound by any additional provisions that may +appear in any communication from You. This License may not be modified +without the mutual written agreement of the Licensor and You. + +The rights granted under, and the subject matter referenced, in this +License were drafted utilizing the terminology of the Berne Convention +for the Protection of Literary and Artistic Works (as amended on +September 28, 1979), the Rome Convention of 1961, the WIPO Copyright +Treaty of 1996, the WIPO Performances and Phonograms Treaty of 1996 and +the Universal Copyright Convention (as revised on July 24, 1971). These +rights and subject matter take effect in the relevant jurisdiction in +which the License terms are sought to be enforced according to the +corresponding provisions of the implementation of those treaty +provisions in the applicable national law. If the standard suite of +rights granted under applicable copyright law includes additional rights +not granted under this License, such additional rights are deemed to be +included in the License; this License is not intended to restrict the +license of any rights under applicable law. diff --git a/README.md b/README.md new file mode 100644 index 0000000..266db84 --- /dev/null +++ b/README.md @@ -0,0 +1,13 @@ +# `finallycoffee.matrix` ansible collection + +## Overview + +Roles for deploying matrix infrastructure using ansible. + +## Roles + +- [`cinny`](roles/cinny/README.md): [Cinny](https://cinny.in/) Web Client + +## License + +[CNPLv7+](LICENSE.md): Cooperative Nonviolent Public License diff --git a/galaxy.yml b/galaxy.yml new file mode 100644 index 0000000..4a430f1 --- /dev/null +++ b/galaxy.yml @@ -0,0 +1,12 @@ +namespace: finallycoffee +name: matrix +version: 0.0.1 +readme: README.md +authors: +- transcaffeine +description: Various matrix-related ansible roles +license_file: LICENSE.md +build_ignore: +- '*.tar.gz' +repository: https://git.finally.coffee/finallycoffee/matrix +issues: https://git.finally.coffee/finallycoffee/matrix/issues diff --git a/meta/runtime.yml b/meta/runtime.yml new file mode 100644 index 0000000..9e2861a --- /dev/null +++ b/meta/runtime.yml @@ -0,0 +1,3 @@ +--- + +requires_ansible: ">=2.14" diff --git a/roles/cinny/README.md b/roles/cinny/README.md new file mode 100644 index 0000000..d5571fd --- /dev/null +++ b/roles/cinny/README.md @@ -0,0 +1,29 @@ +# `finallycoffee.matrix.cinny` ansible role + +> [!WARNING] +> This role is a WIP and not yet usable + +## Supported deployment methods + +Set your `deployment_method` to: + +- [`docker` (docs)](docs/docker.md) +- `podman` +- [`nginx` (docs)](docs/nginx.md) + +Not yet implemented but planned: + +- `tarball` +- `apache2` +- `caddy` + +## Configuration + +All cinny `config.json` configuration keys are available as a snake-cased ansible variable: +- `cinny_config_homeserver_list` +- `cinny_config_allow_custom_homeservers` +- [...] + +If you want to provide structured configuration directly, you can either provide additional configuration in `cinny_config` or overwrite all existing defaults by setting `cinny_config_complete`. + +To ensure cinny is removed from the system, set `cinny_state` to `absent` (default is `present`). diff --git a/roles/cinny/defaults/main.yml b/roles/cinny/defaults/main.yml new file mode 100644 index 0000000..780fcf7 --- /dev/null +++ b/roles/cinny/defaults/main.yml @@ -0,0 +1,62 @@ +--- +cinny_user: cinny +cinny_state: "present" +cinny_version: "4.2.1" +cinny_deployment_method: "host" + +cinny_base_path: "/opt/cinny" +cinny_source_path: "{{ cinny_base_path }}/src" +cinny_dist_path: "{{ cinny_source_path }}/dist" +cinny_config_path: "{{ cinny_base_path }}/config" +cinny_config_file: "{{ cinny_config_path }}/config.json" + +cinny_container_image: >- + {{ + cinny_container_image_registry + '/' + + ((cinny_container_image_namespace + '/') + if cinny_container_image_namespace | default(false, true) else '') + + cinny_container_image_name + ':' + + (cinny_container_image_tag | default('v' + cinny_version, true)) + }} +cinny_container_image_registry: "ghcr.io" +cinny_container_image_namespace: "cinnyapp" +cinny_container_image_name: "cinny" +cinny_container_image_tag: ~ +cinny_container_name: "cinny" +cinny_container_restart_policy: >- + {{ (cinny_deployment_method == 'docker') + | ternary('unless-stopped', + (cinny_deployment_method == 'podman' | + ternary('on-failure', 'always')) + }} + +cinny_host_uid: >- + {{ cinny_user_info is defined + | ternary(cinny_user_info.uid, cinny_user) }} +cinny_host_gid: + {{ cinny_user_info is defined + | ternary(cinny_user_info.group, cinny_user) }} + +cinny_config_complete: >- + {{ cinny_config | default({}) + | combine(cinny_default_config | default({})) }} +cinny_config: {} +cinny_default_config: + homeserverList: "{{ cinny_config_homeserver_list }}" + allowCustomHomeservers: "{{ cinny_config_allow_custom_homeservers }}" + featuredCommunities: + openAsDefault: "{{ cinny_config_featured_communities_open_as_default }}" + spaces: "{{ cinny_config_featured_communities_spaces }}" + rooms: "{{ cinny_config_featured_communities_rooms }}" + servers: "{{ cinny_config_featured_communities_servers }}" + hashRouter: + enabled: "{{ cinny_config_hash_router_enabled }}" + basename: "{{ cinny_config_hash_router_basename }}" +cinny_config_homeserver_list: [] +cinny_config_allow_custom_homeservers: true +cinny_config_featured_communities_open_as_default: false +cinny_config_featured_communities_spaces: [] +cinny_config_featured_communities_rooms: [] +cinny_config_featured_communities_servers: [] +cinny_config_hash_router_enabled: false +cinny_config_hash_router_basename: "/" diff --git a/roles/cinny/defaults/nginx.yml b/roles/cinny/defaults/nginx.yml new file mode 100644 index 0000000..c97c7aa --- /dev/null +++ b/roles/cinny/defaults/nginx.yml @@ -0,0 +1,9 @@ +--- +cinny_nginx_listen_port: 8080 +cinny_nginx_server: ~ +cinny_nginx_location: / + +cinny_nginx_available_sites: "/etc/nginx/sites-available" +cinny_nginx_enabled_sites: "/etc/nginx/sites-enabled" +cinny_nginx_vhost_name: "cinny" +cinny_nginx_vhost_enable: true diff --git a/roles/cinny/defaults/tarball.yml b/roles/cinny/defaults/tarball.yml new file mode 100644 index 0000000..dc6f721 --- /dev/null +++ b/roles/cinny/defaults/tarball.yml @@ -0,0 +1,10 @@ +--- +cinny_tarball_server: "https://github.com" +cinny_tarball_url: >- + {{ cinny_tarball_server }}/cinnyapp/cinny/releases/download/v{{ cinny_version }}/cinny-v{{ cinny_version }}.tar.gz +cinny_tarball_url_username: ~ +cinny_tarball_url_password: ~ + +cinny_tarball_path: "/tmp/cinny-v{{ cinny_version }}.tar.gz" + +cinny_running_version_file: "{{ cinny_source_path }}/cinny_version.txt" diff --git a/roles/cinny/docs/docker.md b/roles/cinny/docs/docker.md new file mode 100644 index 0000000..9824aee --- /dev/null +++ b/roles/cinny/docs/docker.md @@ -0,0 +1,33 @@ +# `cinny` deployment using `docker` + +> [!INFO] +> Needs the python library `docker` on the `ansible_host`. + +## Configuration + +The following options to the +[`docker_container` module](https://docs.ansible.com/ansible/latest/collections/community/docker/docker_container_module.html) +are available under the `cinny_container_` prefix: + +- `env` +- `ports` +- `labels` +- `networks` +- `etc_hosts` +- `purge_networks` + +The following variables are pre-populated by the role, so override them with care: + +- `name` +- `image` +- `user` +- `volumes` +- `restart_policy` + +## Pulling from a self-hosted container registry + +Set `cinny_container_image_registry` to use a self-hosted docker registry / mirror / cache. + +If you need to authenticate to your registry and are not yet logged in, set `cinny_container_image_registry_{username,password}` and the role will attempt to log in. + +Set `cinny_container_image_registry_reauthorize` to `true` if you want to force a reauthorization at the registry. diff --git a/roles/cinny/docs/nginx.md b/roles/cinny/docs/nginx.md new file mode 100644 index 0000000..36b18ed --- /dev/null +++ b/roles/cinny/docs/nginx.md @@ -0,0 +1,11 @@ +# `cinny` deployment using `nginx` virtual host + +The role will create a virtual host named after `cinny_nginx_vhost_name` (default: `cinny`) in `cinny_nginx_available_sites` (default: `/etc/nginx/sites-available`). + +If you choose `cinny_nginx_vhost_enable` (default: `true`), it will also create a symlink from `cinny_nginx_enabled_sites` to it's vhost. + +> [!TIP] +> If you are deploying multiple cinny instances on a single host, customize `cinny_nginx_vhost_name` to contain your `cinny_nginx_server` in order to avoid filename collisions. + +> [!IMPORTANT] +> If `cinny_nginx_vhost_enable` is `true`, the role will expect `nginx` to be in the `$PATH` (in order to test the configuration using `nginx -t`) diff --git a/roles/cinny/tasks/configure.yml b/roles/cinny/tasks/configure.yml new file mode 100644 index 0000000..6090db5 --- /dev/null +++ b/roles/cinny/tasks/configure.yml @@ -0,0 +1,34 @@ +--- +- name: Ensure cinny user '{{ cinny_user }}' is {{ cinny_state }} + ansible.builtin.user: + name: "{{ cinny_user }}" + system: "{{ cinny_user_system | default(true, true) }}" + create_home: "{{ cinny_user_create_home | default(false, true) }}" + state: "{{ cinny_state }}" + groups: "{{ cinny_user_groups | default(omit) }}" + append: "{{ cinny_user_groups_append | default(omit) }}" + register: cinny_user_info + +- name: Ensure host path are {{ cinny_state }} + ansible.builtin.file: + name: "{{ path.name }}" + state: "{{ (cinny_state == 'present') | ternary('directory', 'absent') }}" + owner: "{{ path.owner | default(cinny_host_uid) }}" + group: "{{ path.group | default(cinny_host_gid) }}" + mode: "{{ path.mode | default('0750') }}" + loop_control: + loop_var: path + label: "{{ path.name }}" + loop: + - name: "{{ cinny_base_path }}" + mode: '0755' + - name: "{{ cinny_config_path }}" + mode: '0755' + +- name: Ensure config file is {{ cinny_state }} + ansible.builtin.copy: + content: "{{ cinny_config | to_nice_json }}" + dest: "{{ cinny_config_file }}" + owner: "{{ cinny_host_uid }}" + group: "{{ cinny_host_gid }}" + mode: "{{ cinny_config_file_mode | default('0775') }}" diff --git a/roles/cinny/tasks/deploy-apache2.yml b/roles/cinny/tasks/deploy-apache2.yml new file mode 100644 index 0000000..192e36d --- /dev/null +++ b/roles/cinny/tasks/deploy-apache2.yml @@ -0,0 +1,3 @@ +--- +- fail: + msg: "Not yet implemented" diff --git a/roles/cinny/tasks/deploy-caddy.yml b/roles/cinny/tasks/deploy-caddy.yml new file mode 100644 index 0000000..192e36d --- /dev/null +++ b/roles/cinny/tasks/deploy-caddy.yml @@ -0,0 +1,3 @@ +--- +- fail: + msg: "Not yet implemented" diff --git a/roles/cinny/tasks/deploy-docker.yml b/roles/cinny/tasks/deploy-docker.yml new file mode 100644 index 0000000..6ad850d --- /dev/null +++ b/roles/cinny/tasks/deploy-docker.yml @@ -0,0 +1,33 @@ +--- +- name: Ensure docker client is logged {{ (cinny_state == 'present') | ternary('in', 'out') }} + community.docker.docker_login: + registry_url: "{{ cinny_container_image_registry }}" + username: "{{ cinny_container_image_registry_username }}" + password: "{{ cinny_container_image_registry_password }}" + reauthorize: "{{ cinny_container_image_registry_reauthorize | default(omit, true) }}" + state: "{{ cinny_state }}" + when: + - cinny_container_image_registry_username | default(false, true) + - cinny_container_image_registry_password | default(false, true) + +- name: Ensure container image '{{ cinny_container_image }}' is {{ cinny_state }} locally + community.docker.docker_image: + name: "{{ cinny_container_image }}" + state: "{{ cinny_state }}" + source: "{{ cinny_container_source }}" + force_source: "{{ cinny_container_image_tag | default(false, true) }}" + +- name: Ensure container '{{ cinny_container_name }}' is {{ cinny_state }} + community.docker.docker_container: + name: "{{ cinny_container_name }}" + image: "{{ cinny_container_image }}" + state: "{{ (cinny_state == 'present') | ternary('started', 'absent') }}" + env: "{{ cinny_container_env | default(omit) }}" + user: "{{ cinny_container_user }}" + ports: "{{ cinny_container_ports | default(omit) }}" + labels: "{{ cinny_container_labels | default(omit) }}" + volumes: "{{ cinny_container_volumes }}" + networks: "{{ cinny_container_networks | default(omit) }}" + etc_hosts: "{{ cinny_container_etc_hosts | default(omit) }}" + restart_policy: "{{ cinny_container_restart_policy }}" + purge_networks: "{{ cinny_container_purge_networks | default(omit) }}" diff --git a/roles/cinny/tasks/deploy-nginx.yml b/roles/cinny/tasks/deploy-nginx.yml new file mode 100644 index 0000000..33a0bd6 --- /dev/null +++ b/roles/cinny/tasks/deploy-nginx.yml @@ -0,0 +1,44 @@ +--- +- name: Deploy nginx virtual host config file + ansible.builtin.template: + src: nginx.conf.j2 + dest: "{{ cinny_nginx_available_sites }}/{{ cinny_nginx_vhost_name }}" + mode: "0640" + when: cinny_state == 'present' + +- name: Enable nginx virtual host + ansible.builtin.file: + path: "{{ cinny_nginx_enabled_sites }}/{{ cinny_nginx_vhost_name }}" + src: "{{ cinny_nginx_available_sites }}/{{ cinny_nginx_vhost_name }}" + state: "{{ (cinny_state == 'present') | ternary('link', 'absent') }}" + when: cinny_nginx_vhost_enable + +- name: Clean up nginx virtural host config file + ansible.builtin.file: + path: "{{ cinny_nginx_available_sites }}/{{ cinny_nginx_vhost_name }}" + state: absent + when: cinny_state == 'absent' + +- name: Ensure nginx configuration is valid + ansible.builtin.command: + cmd: "nginx -t" + when: + - cinny_state == 'present' + - cinny_nginx_vhost_enable + +- name: Reload nginx using systemd + ansible.builtin.systemd_service: + name: "nginx.service" + state: reloaded + when: + - cinny_state == 'present' + - cinny_nginx_vhost_enable + - ansible_facts['service_mgr'] == 'systemd' + +- name: Inform user about required nginx reload + ansible.builtin.debug: + msg: "Restart nginx service (no systemd found)" + when: + - cinny_state == 'present' + - cinny_nginx_vhost_enable + - ansible_facts['service_mgr'] != 'systemd' diff --git a/roles/cinny/tasks/deploy-podman.yml b/roles/cinny/tasks/deploy-podman.yml new file mode 100644 index 0000000..e0fefeb --- /dev/null +++ b/roles/cinny/tasks/deploy-podman.yml @@ -0,0 +1,22 @@ +--- +- name: Ensure container image '{{ cinny_container_image }}' is {{ cinny_state }} locally + containers.podman.podman_image: + name: "{{ cinny_container_image }}" + state: "{{ cinny_state }}" + pull: "{{ cinny_container_source == 'pull' }}" + force: "{{ cinny_container_image_tag | default(false, true) }}" + +- name: Ensure container '{{ cinny_container_name }}' is {{ cinny_state }} + containers.podman.podman_container: + name: "{{ cinny_container_name }}" + image: "{{ cinny_container_image }}" + state: "{{ (cinny_state == 'present') | ternary('started', 'absent') }}" + env: "{{ cinny_container_env | default(omit) }}" + user: "{{ cinny_container_user }}" + ports: "{{ cinny_container_ports | default(omit) }}" + labels: "{{ cinny_container_labels | default(omit) }}" + volumes: "{{ cinny_container_volumes }}" + network: "{{ cinny_container_networks | default(omit) }}" + hostname: "{{ cinny_container_hostname | default(omit) }}" + etc_hosts: "{{ cinny_container_etc_hosts | default(omit) }}" + restart_policy: "{{ cinny_container_restart_policy }}" diff --git a/roles/cinny/tasks/deploy-tarball.yml b/roles/cinny/tasks/deploy-tarball.yml new file mode 100644 index 0000000..69226c6 --- /dev/null +++ b/roles/cinny/tasks/deploy-tarball.yml @@ -0,0 +1,46 @@ +--- +- name: Check if running cinny version is saved on host + ansible.builtin.stat: + path: "{{ cinny_running_version_file }}" + register: cinny_running_version_st + +- name: Retrieve running cinny version + ansible.builtin.slurp: + path: "{{ cinny_running_version_file }}" + register: cinny_running_version_info + when: cinny_running_version_st.stat.exist + +- name: Extract running cinny version + set_fact: + cinny_is_update: >- + {{ not cinny_running_version_st.stat.exist or + (cinny_version | version(cinny_running_version, 'gt', version_type='semver')) + vars: + cinny_running_version: >- + {{ (cinny_running_version_info is defined) + | ternary(cinny_running_version_info['content'] | b64decode, false) }} + +- name: Download tarball from GitHub release page + ansible.builtin.get_url: + url: "{{ cinny_tarball_url }}" + dest: "{{ cinny_tarball_path }}" + url_username: "{{ cinny_tarball_url_username | default(omit, true) }}" + url_password: "{{ cinny_tarball_url_password | default(omit, true) }}" + mode: "0664" + when: cinny_is_update + +- name: Ensure old application files are gone + ansible.builtin.file: + path: "{{ cinny_dist_path }}" + state: absent + when: cinny_is_update + +- name: Extract tarball to {{ cinny_source_path }} + ansible.builtin.unarchive: + src: "{{ cinny_tarball_path }}" + dest: "{{ cinny_source_path }}" + remote_src: true + owner: "{{ cinny_host_uid }}" + group: "{{ cinny_host_gid }}" + mode: "u+rwX,g+rwX,o+rX" + when: cinny_is_update diff --git a/roles/cinny/tasks/main.yml b/roles/cinny/tasks/main.yml new file mode 100644 index 0000000..3aa538f --- /dev/null +++ b/roles/cinny/tasks/main.yml @@ -0,0 +1,23 @@ +--- +- name: Check if state is valid + ansible.builtin.fail: + msg: "Unknown state '{{ cinny_state }}'. Valid states are {{ cinny_states | join(', ') }}" + when: cinny_state not in cinny_states + +- name: Check if deployment method is supported + ansible.builtin.fail: + msg: "Deployment method '{{ cinny_deployment_method }}' is not supported! (supported are: {{ cinny_deployment_methods | join(', ') }})" + when: cinny_deployment_method not in cinny_deployment_methods + +- name: Include base configuration + ansible.builtin.include_tasks: + file: configure.yml + +- name: Deploy tarball if required + ansible.builtin.include_tasks: + file: deploy-tarball.yml + when: cinny_deployment_method in cinny_needs_tarball + +- name: Deploy using {{ cinny_deployment_method }} + ansible.builtin.include_tasks: + file: "deploy-{{ cinny_deployment_method }}.yml" diff --git a/roles/cinny/templates/nginx.conf.j2 b/roles/cinny/templates/nginx.conf.j2 new file mode 100644 index 0000000..f2be868 --- /dev/null +++ b/roles/cinny/templates/nginx.conf.j2 @@ -0,0 +1,23 @@ +server { + listen {{ cinny_nginx_listen_port }}; + listen [::]:{{ cinny_nginx_listen_port }}; + + {%- if cinny_nginx_server_name | default(false, true) %} + server_name {{ cinny_nginx_server_name }}; + {%- endif %} + location {{ cinny_nginx_location }} { + root {{ cinny_dist_path }}; + + rewrite ^/config.json$ /config.json break; + rewrite ^/manifest.json$ /manifest.json break; + + rewrite ^.*/olm.wasm$ /olm.wasm break; + rewrite ^/sw.js$ /sw.js break; + rewrite ^/pdf.worker.min.js$ /pdf.worker.min.js break; + + rewrite ^/public/(.*)$ /public/$1 break; + rewrite ^/assets/(.*)$ /assets/$1 break; + + rewrite ^(.+)$ /index.html break; + } +} diff --git a/roles/cinny/vars/main.yml b/roles/cinny/vars/main.yml new file mode 100644 index 0000000..18fbdd3 --- /dev/null +++ b/roles/cinny/vars/main.yml @@ -0,0 +1,18 @@ +--- +cinny_states: + - present + - absent + +cinny_deployment_methods: + - docker + - podman + - nginx + - caddy + - apache2 + - tarball + +cinny_needs_tarball: + - nginx + - caddy + - apache2 + - tarball diff --git a/roles/synapse/defaults/main.yml b/roles/synapse/defaults/main.yml new file mode 100644 index 0000000..903516b --- /dev/null +++ b/roles/synapse/defaults/main.yml @@ -0,0 +1,41 @@ +--- + +synapse_user: synapse +synapse_version: "1.91.1" +synapse_base_path: /opt/synapse +synapse_config_path: "{{ synapse_base_path }}/config" +synapse_data_path: "{{ synapse_base_path }}/data" +synapse_media_store_path: "{{ synapse_data_path }}/matrix" +synapse_homeserver_config_file: "{{ synapse_config_path }}/homeserver.yaml" +synapse_logging_config_file: "{{ synapse_config_path }}/{{ synapse_domain }}.log.config" + +synapse_container_name: synapse +synapse_container_image_reference: >-2 + {{ synapse_container_image_repository + ~ (synapse_container_image_tag + | default('v' ~ synapse_version, true) }} +synapse_container_image_registry: ghcr.io +synapse_container_image_namespace: matrix-org +synapse_container_image_name: synapse +synapse_container_image_repository: >-2 + {{ synapse_container_image_registry + ~ (('/' ~ synapse_container_image_namespace) + if synapse_container_image_namespace else '') + ~ '/' ~ synapse_container_image_name }} +#synapse_container_image_tag: ~ +synapse_container_env: {} +synapse_container_user: ~ +synapse_container_group: ~ +synapse_container_ports: ~ +synapse_container_labels: ~ +synapse_container_ulimits: ~ +synapse_container_volumes: ~ +synapse_container_networks: ~ +synapse_container_purge_networks: ~ +synapse_container_dns_servers: ~ +synapse_container_etc_hosts: ~ +synapse_container_memory: ~ +synapse_container_memory_reservation: ~ +synapse_container_memory_swap: ~ +synapse_container_state: "started" +synapse_container_restart_policy: "unless-stopped" diff --git a/roles/synapse/tasks/main.yml b/roles/synapse/tasks/main.yml new file mode 100644 index 0000000..22eead5 --- /dev/null +++ b/roles/synapse/tasks/main.yml @@ -0,0 +1,78 @@ +--- + +- name: Ensure synapse user '{{ synapse_user }}' exists + ansible.builtin.user: + name: "{{ synapse_user }}" + state: "present" + system: true + create_home: false + groups: "{{ synapse_user_groups | default(omit, true) }}" + append: "{{ (synapse_user_groups is defined) | ternary(true, omit) }}" + register: synapse_user_info + +- name: Ensure directories for synapse are created + ansible.builtin.file: + path: "{{ item.path }}" + state: "directory" + mode: "{{ item.mode | default('0750') }}" + owner: "{{ item.owner | default(synapse_user_info.uid | default(synapse_user)) }}" + group: "{{ item.group | default(synapse_user_info.group | default(synapse_user)) }}" + loop: + - path: "{{ synapse_base_path }}" + mode: "0755" + - path: "{{ synapse_config_path }}" + - path: "{{ synapse_data_path }}" + - path: "{{ synapse_media_store_path }}" + loop_control: + label: "{{ item.path }}" + +- name: Ensure configuration files are templated + ansible.builtin.copy: + dest: "{{ config_file.path }}" + content: "{{ config_file.content }}" + mode: "{{ config_file.mode | default('0640') }}" + owner: "{{ config_file.owner | default(synapse_user_info.uid | default(synapse_user)) }}" + group: "{{ config_file.group | default(synapse_user_info.group | default(synapse_user)) }}" + loop: >- + {{ synapse_configs_to_write + synapse_configs | default([]) }} + loop_control: + loop_var: config_file + label: "{{ config_file.path }}" + vars: + synapse_configs_to_write: + - content: "{{ synapse_config | to_nice_yaml(width=1000) }}" + path: "{{ synapse_homeserver_config_file }}" + - content: "{{ synapse_log_config | to_nice_yaml(width=1000) }}" + path: "{{ synapse_logging_config_file }}" + +- name: Ensure container image '{{ synapse_container_image_reference }}' is present on host + community.docker.docker_image: + name: "{{ synapse_container_image_reference }}" + state: present + source: pull + force_source: "{{ synapse_container_image_tag is defined and synapse_container_image_tag }}" + when: synapse_deployment_method == 'docker' + register: synapse_container_image_info + until: synapse_container_image_info is success + retries: 10 + delay: 5 + +- name: Ensure synapse container '{{ synapse_container_name }}' is in the desired state + community.docker.docker_container: + name: "{{ synapse_container_name }}" + env: "{{ synapse_container_env | default(omit, true) }}" + user: "{{ synapse_container_user | default(omit, true) }}" + group: "{{ synapse_container_group | default(omit, true) }}" + ports: "{{ synapse_container_ports | default(omit, true) }}" + labels: "{{ synapse_container_labels | default(omit, true) }}" + ulimits: "{{ synapse_container_ulimits | default(omit, true) }}" + volumes: "{{ synapse_container_volumes | default(omit, true) }}" + networks: "{{ synapse_container_networks | default(omit, true) }}" + purge_networks: "{{ synapse_container_purge_networks | default(omit, true) }}" + dns_servers: "{{ synapse_container_dns_servers | default(omit, true) }}" + etc_hosts: "{{ synapse_container_etc_hosts | default(omit, true) }}" + memory: "{{ synapse_container_memory | default(omit, true) }}" + memory_reservation: "{{ synapse_container_memory_reservation | default(omit, true) }}" + memory_swap: "{{ synapse_container_memory_swap | default(omit, true) }}" + restart_policy: "{{ synapse_container_restart_policy }}" + state: "{{ synapse_container_state }}"