feat(synapse): add ansible role
This commit is contained in:
parent
dd696c3442
commit
e8e3bc8859
@ -12,6 +12,8 @@ Roles for deploying matrix infrastructure using ansible.
|
|||||||
|
|
||||||
- [`cinny`](roles/cinny/README.md): [Cinny](https://cinny.in/) Web Client
|
- [`cinny`](roles/cinny/README.md): [Cinny](https://cinny.in/) Web Client
|
||||||
- [`element`](roles/element/README.md): [Element](https://element.io/) Web Client
|
- [`element`](roles/element/README.md): [Element](https://element.io/) Web Client
|
||||||
|
- [`synapse`](roles/synapse/README.md): [Synapse](https://github.com/element-hq/synapse/),
|
||||||
|
a matrix homeserver implemention by Element
|
||||||
|
|
||||||
## License
|
## License
|
||||||
|
|
||||||
|
6
playbooks/synapse.yml
Normal file
6
playbooks/synapse.yml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
- name: Deploy and configure synapse
|
||||||
|
hosts: "{{ synapse_hosts | default('synapse') }}"
|
||||||
|
become: "{{ synapse_become | default(true) }}"
|
||||||
|
roles:
|
||||||
|
- role: finallycoffee.matrix.synapse
|
28
roles/synapse/README.md
Normal file
28
roles/synapse/README.md
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
# `finallycoffee.matrix.synapse` ansible role
|
||||||
|
|
||||||
|
## Configuration
|
||||||
|
|
||||||
|
### Required
|
||||||
|
|
||||||
|
The following variables need to be populated:
|
||||||
|
|
||||||
|
- `synapse_domain` - the domain this homeserver should be authoritative for.
|
||||||
|
- `synapse_signing_key` - the signing key synapse should use.
|
||||||
|
Set either this or `synapse_role_generate_signing_key: true`.
|
||||||
|
|
||||||
|
## Other
|
||||||
|
|
||||||
|
- [Configure your database](docs/database.md)
|
||||||
|
- [Configure your listeners](docs/listeners.md)
|
||||||
|
|
||||||
|
## Deployment methods
|
||||||
|
|
||||||
|
### Docker
|
||||||
|
|
||||||
|
Set `synapse_deployment_method: docker` to deploy synapse in docker container(s).
|
||||||
|
This is currently the default.
|
||||||
|
|
||||||
|
### Planned methods
|
||||||
|
|
||||||
|
- virtual env + systemd
|
||||||
|
- podman
|
43
roles/synapse/defaults/main/container.yml
Normal file
43
roles/synapse/defaults/main/container.yml
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
---
|
||||||
|
synapse_container_name: synapse
|
||||||
|
synapse_container_image: >-2
|
||||||
|
{{
|
||||||
|
[
|
||||||
|
synapse_container_image_repository,
|
||||||
|
synapse_container_image_tag | default('v' ~ synapse_version, true)
|
||||||
|
] | join(':')
|
||||||
|
}}
|
||||||
|
synapse_container_image_registry: ghcr.io
|
||||||
|
synapse_container_image_namespace: element-hq
|
||||||
|
synapse_container_image_name: synapse
|
||||||
|
synapse_container_image_repository: >-2
|
||||||
|
{{ synapse_container_image_registry
|
||||||
|
~ (('/' ~ synapse_container_image_namespace)
|
||||||
|
if synapse_container_image_namespace else '')
|
||||||
|
~ '/' ~ synapse_container_image_name }}
|
||||||
|
synapse_container_image_source: pull
|
||||||
|
synapse_container_image_tag: ~
|
||||||
|
synapse_container_env: {}
|
||||||
|
synapse_container_user: ~
|
||||||
|
synapse_container_group: ~
|
||||||
|
synapse_container_ports: ~
|
||||||
|
synapse_container_labels: ~
|
||||||
|
synapse_container_ulimits: ~
|
||||||
|
synapse_container_networks: ~
|
||||||
|
synapse_container_purge_networks: ~
|
||||||
|
synapse_container_dns_servers: ~
|
||||||
|
synapse_container_etc_hosts: ~
|
||||||
|
synapse_container_memory: ~
|
||||||
|
synapse_container_memory_reservation: ~
|
||||||
|
synapse_container_memory_swap: ~
|
||||||
|
synapse_container_state: "started"
|
||||||
|
synapse_container_restart_policy: "unless-stopped"
|
||||||
|
|
||||||
|
synapse_container_volumes: ~
|
||||||
|
synapse_container_default_volumes:
|
||||||
|
- "{{ synapse_homeserver_config_file }}:{{ synapse_homeserver_config_file }}:ro"
|
||||||
|
- "{{ synapse_logging_config_file }}:{{ synapse_logging_config_file }}:ro"
|
||||||
|
- "{{ synapse_signing_key_file }}:{{ synapse_signing_key_file }}:ro"
|
||||||
|
- "{{ synapse_data_path }}:{{ synapse_data_path }}:z"
|
||||||
|
- "{{ synapse_media_store_path }}:{{ synapse_media_store_path }}:z"
|
||||||
|
|
15
roles/synapse/defaults/main/homeserver.cache.yml
Normal file
15
roles/synapse/defaults/main/homeserver.cache.yml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
---
|
||||||
|
synapse_config_event_cache_size: "10K"
|
||||||
|
synapse_config_caches_global_factor: "0.5"
|
||||||
|
synapse_config_caches_per_cache_factors: {}
|
||||||
|
synapse_config_caches_expire_caches: true
|
||||||
|
synapse_config_caches_sync_response_cache_duration: "2m"
|
||||||
|
|
||||||
|
synapse_cache_config:
|
||||||
|
event_cache_size: "{{ synapse_config_event_cache_size }}"
|
||||||
|
caches:
|
||||||
|
global_factor: "{{ synapse_config_caches_global_factor }}"
|
||||||
|
per_cache_factors: "{{ synapse_config_caches_per_cache_factors }}"
|
||||||
|
expire_caches: "{{ synapse_config_caches_expire_caches }}"
|
||||||
|
sync_response_cache_duration: >-
|
||||||
|
{{ synapse_config_caches_sync_response_cache_duration }}
|
28
roles/synapse/defaults/main/homeserver.config.yml
Normal file
28
roles/synapse/defaults/main/homeserver.config.yml
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
---
|
||||||
|
synapse_config_server_name: "{{ synapse_domain }}"
|
||||||
|
synapse_config_log_config_path: >-
|
||||||
|
{{ synapse_logging_config_file }}
|
||||||
|
synapse_config_media_store_path: >-
|
||||||
|
{{ synapse_media_store_path }}
|
||||||
|
synapse_config_signing_key_path: >-
|
||||||
|
{{ synapse_signing_key_file }}
|
||||||
|
synapse_config_trusted_key_servers:
|
||||||
|
- "matrix.org"
|
||||||
|
synapse_listeners_config: "{{ synapse_config_listeners }}"
|
||||||
|
|
||||||
|
synapse_default_config: >-
|
||||||
|
{{
|
||||||
|
synapse_default_server_config
|
||||||
|
| combine(synapse_tls_config)
|
||||||
|
| combine(synapse_email_config)
|
||||||
|
| combine(synapse_federation_config)
|
||||||
|
| combine(synapse_media_config)
|
||||||
|
| combine(synapse_turn_config)
|
||||||
|
| combine(synapse_cache_config)
|
||||||
|
| combine(synapse_ratelimit_config)
|
||||||
|
| combine(synapse_metrics_config)
|
||||||
|
}}
|
||||||
|
|
||||||
|
synapse_homeserver_config: >-
|
||||||
|
{{ synapse_default_config
|
||||||
|
| combine(synapse_config | default({})) }}
|
10
roles/synapse/defaults/main/homeserver.database.yml
Normal file
10
roles/synapse/defaults/main/homeserver.database.yml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
synapse_config_database_name: sqlite3
|
||||||
|
synapse_config_database_args:
|
||||||
|
database: "{{ synapse_sqlite_database_file }}"
|
||||||
|
synapse_config_database_txn_limit: "{{ 10000 | int}}"
|
||||||
|
|
||||||
|
synapse_database_config:
|
||||||
|
name: "{{ synapse_config_database_name }}"
|
||||||
|
args: "{{ synapse_config_database_args }}"
|
||||||
|
txn_limit: "{{ synapse_config_database_txn_limit }}"
|
7
roles/synapse/defaults/main/homeserver.email.yml
Normal file
7
roles/synapse/defaults/main/homeserver.email.yml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
synapse_config_email_smtp_host: ~
|
||||||
|
synapse_config_email_smtp_port: 465
|
||||||
|
synapse_email_config:
|
||||||
|
email:
|
||||||
|
smtp_host: "{{ synapse_config_email_smtp_host }}"
|
||||||
|
smtp_port: "{{ synapse_config_email_smtp_port }}"
|
37
roles/synapse/defaults/main/homeserver.federation.yml
Normal file
37
roles/synapse/defaults/main/homeserver.federation.yml
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
---
|
||||||
|
# see https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#federation
|
||||||
|
synapse_config_federation_domain_whitelist: ~
|
||||||
|
synapse_config_federation_whitelist_endpoint_enabled: true
|
||||||
|
synapse_config_federation_metrics_domains: []
|
||||||
|
# see https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#federation-1
|
||||||
|
# for federation retry / network tuning
|
||||||
|
synapse_config_federation: {}
|
||||||
|
synapse_config_allow_profile_lookup_over_federation: false
|
||||||
|
synapse_config_allow_device_name_lookup_over_federation: false
|
||||||
|
|
||||||
|
synapse_config_federation_verify_certificates: true
|
||||||
|
synapse_config_federation_client_minimum_tls_version: "1.2"
|
||||||
|
synapse_config_federation_verification_whitelist: []
|
||||||
|
synapse_config_federation_custom_ca_list: []
|
||||||
|
|
||||||
|
synapse_federation_tls_config:
|
||||||
|
federation_verify_certificates: "{{ synapse_config_federation_verify_certificates }}"
|
||||||
|
federation_client_minimum_tls_version: >-
|
||||||
|
{{ synapse_config_federation_client_minimum_tls_version }}
|
||||||
|
federation_certificate_verification_whitelist: >-
|
||||||
|
{{ synapse_config_federation_verification_whitelist }}
|
||||||
|
federation_custom_ca_list: "{{ synapse_config_federation_custom_ca_list }}"
|
||||||
|
|
||||||
|
synapse_federation_config: >-
|
||||||
|
{{
|
||||||
|
{
|
||||||
|
"federation_whitelist_endpoint_enabled" : synapse_config_federation_whitelist_endpoint_enabled,
|
||||||
|
"federation_metrics_domains": synapse_config_federation_metrics_domains,
|
||||||
|
"allow_profile_lookup_over_federation": synapse_config_allow_profile_lookup_over_federation,
|
||||||
|
"allow_device_name_lookup_over_federation": synapse_config_allow_device_name_lookup_over_federation,
|
||||||
|
"federation": synapse_config_federation
|
||||||
|
}
|
||||||
|
| combine(synapse_federation_tls_config)
|
||||||
|
| combine(({"federation_domain_whitelist": synapse_config_federation_domain_whitelist})
|
||||||
|
if synapse_config_federation_domain_whitelist | default(false, true) else {})
|
||||||
|
}}
|
95
roles/synapse/defaults/main/homeserver.media_repo.yml
Normal file
95
roles/synapse/defaults/main/homeserver.media_repo.yml
Normal file
@ -0,0 +1,95 @@
|
|||||||
|
---
|
||||||
|
# Media repo configuration
|
||||||
|
synapse_config_enable_media_repo: true #TODO: set to false if workers enabled
|
||||||
|
synapse_config_enable_authenticated_media: true
|
||||||
|
synapse_config_media_store_path: "{{ synapse_media_store_path }}"
|
||||||
|
synapse_config_max_pending_media_uploads: 10
|
||||||
|
synapse_config_unused_expiration_time: "1h"
|
||||||
|
# see https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#media_storage_providers
|
||||||
|
synapse_config_media_store_providers: []
|
||||||
|
synapse_config_max_upload_size: "50M"
|
||||||
|
synapse_config_max_image_pixels: "32M"
|
||||||
|
synapse_config_dynamic_thumbnails: true
|
||||||
|
|
||||||
|
# The following values are KiB/Mib per burst/second
|
||||||
|
synapse_config_remote_media_download_burst_count: "500M"
|
||||||
|
synapse_config_remote_media_download_per_second: "87K"
|
||||||
|
|
||||||
|
# Blacklist known spam servers here
|
||||||
|
synapse_config_prevent_media_downloads_from: []
|
||||||
|
|
||||||
|
synapse_config_media_retention_local_media_lifetime: ~
|
||||||
|
synapse_config_media_retention_remote_media_lifetime: ~
|
||||||
|
synapse_config_media_retention: >-
|
||||||
|
{{ {}
|
||||||
|
| combine(({"local_media_lifetime": synapse_config_media_retention_local_media_lifetime})
|
||||||
|
if synapse_config_media_retention_local_media_lifetime | default(false, true) else {})
|
||||||
|
| combine(({"remote_media_lifetime": synapse_config_media_retention_remote_media_lifetime })
|
||||||
|
if synapse_config_media_retention_remote_media_lifetime | default(false, true) else {})
|
||||||
|
}}
|
||||||
|
|
||||||
|
# URL preview handling
|
||||||
|
synapse_config_url_preview_enabled: true
|
||||||
|
# Following recommendations from
|
||||||
|
# https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#url_preview_ip_range_blacklist
|
||||||
|
synapse_config_url_preview_ip_range_blacklist:
|
||||||
|
- '127.0.0.0/8'
|
||||||
|
- '10.0.0.0/8'
|
||||||
|
- '172.16.0.0/12'
|
||||||
|
- '192.168.0.0/16'
|
||||||
|
- '100.64.0.0/10'
|
||||||
|
- '192.0.0.0/24'
|
||||||
|
- '169.254.0.0/16'
|
||||||
|
- '192.88.99.0/24'
|
||||||
|
- '198.18.0.0/15'
|
||||||
|
- '192.0.2.0/24'
|
||||||
|
- '198.51.100.0/24'
|
||||||
|
- '203.0.113.0/24'
|
||||||
|
- '224.0.0.0/4'
|
||||||
|
- '::1/128'
|
||||||
|
- 'fe80::/10'
|
||||||
|
- 'fc00::/7'
|
||||||
|
- '2001:db8::/32'
|
||||||
|
- 'ff00::/8'
|
||||||
|
- 'fec0::/10'
|
||||||
|
synapse_config_url_preview_ip_range_whitelist: ~
|
||||||
|
# see https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#url_preview_url_blacklist
|
||||||
|
synapse_config_url_preview_url_blacklist:
|
||||||
|
- username: "*"
|
||||||
|
- netloc: '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'
|
||||||
|
# see https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#url_preview_accept_language
|
||||||
|
synapse_config_url_preview_accept_language:
|
||||||
|
- "en"
|
||||||
|
synapse_config_max_spider_size: 8M
|
||||||
|
synapse_config_oembed_disable_default_providers: false
|
||||||
|
synapse_config_oembed_additional_providers: []
|
||||||
|
|
||||||
|
synapse_media_config:
|
||||||
|
enable_media_repo: "{{ synapse_config_enable_media_repo }}"
|
||||||
|
enable_authenticated_media: "{{ synapse_config_enable_authenticated_media }}"
|
||||||
|
media_store_path: "{{ synapse_config_media_store_path }}"
|
||||||
|
max_pending_media_uploads: "{{ synapse_config_max_pending_media_uploads }}"
|
||||||
|
unused_expiration_time: "{{ synapse_config_unused_expiration_time }}"
|
||||||
|
media_store_providers: "{{ synapse_config_media_store_providers }}"
|
||||||
|
max_upload_size: "{{ synapse_config_max_upload_size }}"
|
||||||
|
max_image_pixels: "{{ synapse_config_max_image_pixels }}"
|
||||||
|
# Media - remote media handling
|
||||||
|
remote_media_download_burst_count: >-
|
||||||
|
{{ synapse_config_remote_media_download_burst_count }}
|
||||||
|
remote_media_download_per_second: >-
|
||||||
|
{{ synapse_config_remote_media_download_per_second }}
|
||||||
|
prevent_media_downloads_from: "{{ synapse_config_prevent_media_downloads_from }}"
|
||||||
|
media_retention: "{{ synapse_config_media_retention }}"
|
||||||
|
# Media - URL preview options
|
||||||
|
dynamic_thumbnails: "{{ synapse_config_dynamic_thumbnails }}"
|
||||||
|
url_preview_enabled: "{{ synapse_config_url_preview_enabled }}"
|
||||||
|
url_preview_ip_range_blacklist: >-
|
||||||
|
{{ synapse_config_url_preview_ip_range_blacklist }}
|
||||||
|
url_preview_ip_range_whitelist: >-
|
||||||
|
{{ synapse_config_url_preview_ip_range_whitelist }}
|
||||||
|
url_preview_url_blacklist: "{{ synapse_config_url_preview_url_blacklist }}"
|
||||||
|
url_preview_accept_language: "{{ synapse_config_url_preview_accept_language }}"
|
||||||
|
max_spider_size: "{{ synapse_config_max_spider_size }}"
|
||||||
|
oembed:
|
||||||
|
disable_default_providers: "{{ synapse_config_oembed_disable_default_providers }}"
|
||||||
|
additional_providers: "{{ synapse_config_oembed_additional_providers }}"
|
24
roles/synapse/defaults/main/homeserver.metrics.yml
Normal file
24
roles/synapse/defaults/main/homeserver.metrics.yml
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
---
|
||||||
|
synapse_config_enable_metrics: false
|
||||||
|
synapse_config_sentry_environment: ~
|
||||||
|
synapse_config_sentry_dsn: ~
|
||||||
|
synapse_config_metrics_flags_known_servers: true
|
||||||
|
synapse_config_report_stats: true
|
||||||
|
synapse_config_report_stats_endpoint: >-
|
||||||
|
https://matrix.org/report-usage-stats/push
|
||||||
|
|
||||||
|
synapse_metrics_sentry_config: >-
|
||||||
|
{{ {}
|
||||||
|
| combine(({"environment": synapse_config_sentry_environment })
|
||||||
|
if synapse_config_sentry_environment | default(false, true) else {})
|
||||||
|
| combine(({"dsn": synapse_config_sentry_dsn })
|
||||||
|
if synapse_config_sentry_dsn | default(false, true) else {})
|
||||||
|
}}
|
||||||
|
|
||||||
|
synapse_metrics_config:
|
||||||
|
enable_metrics: "{{ synapse_config_enable_metrics }}"
|
||||||
|
sentry: "{{ synapse_metrics_sentry_config }}"
|
||||||
|
metrics_flags:
|
||||||
|
known_servers: "{{ synapse_config_metrics_flags_known_servers }}"
|
||||||
|
report_stats: "{{ synapse_config_report_stats }}"
|
||||||
|
report_stats_endpoint: "{{ synapse_config_report_stats_endpoint }}"
|
112
roles/synapse/defaults/main/homeserver.ratelimits.yml
Normal file
112
roles/synapse/defaults/main/homeserver.ratelimits.yml
Normal file
@ -0,0 +1,112 @@
|
|||||||
|
---
|
||||||
|
# Ratelimit config, see
|
||||||
|
# https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#ratelimiting
|
||||||
|
synapse_config_rc_message_per_second: 0.2
|
||||||
|
synapse_config_rc_message_burst_count: 10
|
||||||
|
|
||||||
|
synapse_config_rc_registration_per_second: 0.1
|
||||||
|
synapse_config_rc_registration_burst_count: 5
|
||||||
|
|
||||||
|
synapse_config_rc_registration_token_validity_per_second: 0.1
|
||||||
|
synapse_config_rc_registration_token_validity_burst_count: 5
|
||||||
|
|
||||||
|
synapse_config_rc_login_address_per_second: 0.003
|
||||||
|
synapse_config_rc_login_address_burst_count: 5
|
||||||
|
synapse_config_rc_login_account_per_second: 0.003
|
||||||
|
synapse_config_rc_login_account_burst_count: 5
|
||||||
|
synapse_config_rc_login_failed_attempts_per_second: 0.17
|
||||||
|
synapse_config_rc_login_failed_attempts_burst_count: 3
|
||||||
|
|
||||||
|
synapse_config_rc_admin_redaction_per_second: 2
|
||||||
|
synapse_config_rc_admin_redaction_burst_count: 75
|
||||||
|
|
||||||
|
synapse_config_rc_joins_local_per_second: 0.1
|
||||||
|
synapse_config_rc_joins_local_burst_count: 10
|
||||||
|
synapse_config_rc_joins_remote_per_second: 0.01
|
||||||
|
synapse_config_rc_joins_remote_burst_count: 10
|
||||||
|
synapse_config_rc_joins_per_room_per_second: 1
|
||||||
|
synapse_config_rc_joins_per_room_burst_count: 10
|
||||||
|
|
||||||
|
synapse_config_rc_3pid_validation_per_second: 0.003
|
||||||
|
synapse_config_rc_3pid_validation_burst_count: 5
|
||||||
|
|
||||||
|
synapse_config_rc_invites_per_room_per_second: 0.3
|
||||||
|
synapse_config_rc_invites_per_room_burst_count: 10
|
||||||
|
synapse_config_rc_invites_per_user_per_second: 0.003
|
||||||
|
synapse_config_rc_invites_per_user_burst_count: 5
|
||||||
|
synapse_config_rc_invites_per_issuer_per_second: 0.3
|
||||||
|
synapse_config_rc_invites_per_issuer_burst_count: 10
|
||||||
|
|
||||||
|
synapse_config_rc_third_party_invite_per_second: 0.2
|
||||||
|
synapse_config_rc_third_party_invite_burst_count: 10
|
||||||
|
|
||||||
|
synapse_config_rc_media_create_per_second: 10
|
||||||
|
synapse_config_rc_media_create_burst_count: 50
|
||||||
|
|
||||||
|
synapse_config_rc_federation_window_size: 1000 # in ms
|
||||||
|
synapse_config_rc_federation_sleep_limit: 10
|
||||||
|
synapse_config_rc_federation_sleep_delay: 500 # in ms
|
||||||
|
synapse_config_rc_federation_reject_limit: 50
|
||||||
|
synapse_config_rc_federation_concurrent: 5
|
||||||
|
synapse_config_federation_rr_transactions_per_room_per_second: 50
|
||||||
|
|
||||||
|
synapse_ratelimit_config:
|
||||||
|
rc_message:
|
||||||
|
per_second: "{{ synapse_config_rc_message_per_second }}"
|
||||||
|
burst_count: "{{ synapse_config_rc_message_burst_count }}"
|
||||||
|
rc_registration:
|
||||||
|
per_second: "{{ synapse_config_rc_registration_per_second }}"
|
||||||
|
burst_count: "{{ synapse_config_rc_registration_burst_count }}"
|
||||||
|
rc_registration_token_validity:
|
||||||
|
per_second: "{{ synapse_config_rc_registration_token_validity_per_second }}"
|
||||||
|
burst_count: "{{ synapse_config_rc_registration_token_validity_burst_count }}"
|
||||||
|
rc_login:
|
||||||
|
address:
|
||||||
|
per_second: "{{ synapse_config_rc_login_address_per_second }}"
|
||||||
|
burst_count: "{{ synapse_config_rc_login_address_burst_count }}"
|
||||||
|
account:
|
||||||
|
per_second: "{{ synapse_config_rc_login_account_per_second }}"
|
||||||
|
burst_count: "{{ synapse_config_rc_login_account_burst_count}}"
|
||||||
|
failed_attemps:
|
||||||
|
per_second: "{{ synapse_config_rc_login_failed_attempts_per_second }}"
|
||||||
|
burst_count: "{{ synapse_config_rc_login_failed_attempts_burst_count }}"
|
||||||
|
rc_admin_redaction:
|
||||||
|
per_second: "{{ synapse_config_rc_admin_redaction_per_second }}"
|
||||||
|
burst_count: "{{ synapse_config_rc_admin_redaction_burst_count }}"
|
||||||
|
rc_joins:
|
||||||
|
local:
|
||||||
|
per_second: "{{ synapse_config_rc_joins_local_per_second }}"
|
||||||
|
burst_count: "{{ synapse_config_rc_joins_local_burst_count }}"
|
||||||
|
remote:
|
||||||
|
per_second: "{{ synapse_config_rc_joins_remote_per_second }}"
|
||||||
|
burst_count: "{{ synapse_config_rc_joins_remote_burst_count}}"
|
||||||
|
rc_joins_per_room:
|
||||||
|
per_second: "{{ synapse_config_rc_joins_per_room_per_second }}"
|
||||||
|
burst_count: "{{ synapse_config_rc_joins_per_room_burst_count }}"
|
||||||
|
rc_3pid_validation:
|
||||||
|
per_second: "{{ synapse_config_rc_3pid_validation_per_second }}"
|
||||||
|
burst_count: "{{ synapse_config_rc_3pid_validation_burst_count }}"
|
||||||
|
rc_invites:
|
||||||
|
per_room:
|
||||||
|
per_second: "{{ synapse_config_rc_invites_per_room_per_second }}"
|
||||||
|
burst_count: "{{ synapse_config_rc_invites_per_room_burst_count }}"
|
||||||
|
per_user:
|
||||||
|
per_second: "{{ synapse_config_rc_invites_per_user_per_second }}"
|
||||||
|
burst_count: "{{ synapse_config_rc_invites_per_user_burst_count }}"
|
||||||
|
per_issuer:
|
||||||
|
per_second: "{{ synapse_config_rc_invites_per_issuer_per_second }}"
|
||||||
|
burst_count: "{{ synapse_config_rc_invites_per_issuer_burst_count }}"
|
||||||
|
rc_third_party_invite:
|
||||||
|
per_second: "{{ synapse_config_rc_third_party_invite_per_second }}"
|
||||||
|
burst_count: "{{ synapse_config_rc_third_party_invite_burst_count }}"
|
||||||
|
rc_media_create:
|
||||||
|
per_second: "{{ synapse_config_rc_media_create_per_second }}"
|
||||||
|
burst_count: "{{ synapse_config_rc_media_create_burst_count }}"
|
||||||
|
rc_federation:
|
||||||
|
window_size: "{{ synapse_config_rc_federation_window_size }}"
|
||||||
|
sleep_limit: "{{ synapse_config_rc_federation_sleep_limit }}"
|
||||||
|
sleep_delay: "{{ synapse_config_rc_federation_sleep_delay }}"
|
||||||
|
reject_limit: "{{ synapse_config_rc_federation_reject_limit }}"
|
||||||
|
concurrent: "{{ synapse_config_rc_federation_concurrent }}"
|
||||||
|
federation_rr_transactions_per_room_per_second: >-
|
||||||
|
{{ synapse_config_federation_rr_transactions_per_room_per_second }}
|
74
roles/synapse/defaults/main/homeserver.server.yml
Normal file
74
roles/synapse/defaults/main/homeserver.server.yml
Normal file
@ -0,0 +1,74 @@
|
|||||||
|
---
|
||||||
|
# Config options from the `server` section of
|
||||||
|
# https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#server
|
||||||
|
synapse_config_pid_file: "{{ synapse_pid_file }}"
|
||||||
|
synapse_config_public_baseurl: "https://{{ synapse_config_server_name }}"
|
||||||
|
synapse_config_serve_server_wellknown: false
|
||||||
|
synapse_config_extra_well_known_client_content: {}
|
||||||
|
synapse_config_soft_file_limit: 0
|
||||||
|
synapse_config_require_auth_for_profile_requests: false
|
||||||
|
synapse_config_limit_profile_requests_to_users_who_share_rooms: false
|
||||||
|
synapse_config_include_profile_data_on_invite: true
|
||||||
|
synapse_config_allow_public_rooms_without_auth: false
|
||||||
|
synapse_config_allow_public_rooms_over_federation: false
|
||||||
|
synapse_config_default_room_version: "10"
|
||||||
|
synapse_config_filter_timeline_limit: 200
|
||||||
|
synapse_config_block_non_admin_invites: false
|
||||||
|
synapse_config_enable_search: true
|
||||||
|
synapse_config_dummy_events_threshold: 10
|
||||||
|
synapse_config_delete_stale_devices_after: "90d"
|
||||||
|
|
||||||
|
synapse_config_ip_range_blacklist:
|
||||||
|
- '127.0.0.0/8'
|
||||||
|
- '10.0.0.0/8'
|
||||||
|
- '172.16.0.0/12'
|
||||||
|
- '192.168.0.0/16'
|
||||||
|
- '100.64.0.0/10'
|
||||||
|
- '192.0.0.0/24'
|
||||||
|
- '169.254.0.0/16'
|
||||||
|
- '192.88.99.0/24'
|
||||||
|
- '198.18.0.0/15'
|
||||||
|
- '192.0.2.0/24'
|
||||||
|
- '198.51.100.0/24'
|
||||||
|
- '203.0.113.0/24'
|
||||||
|
- '224.0.0.0/4'
|
||||||
|
- '::1/128'
|
||||||
|
- 'fe80::/10'
|
||||||
|
- 'fc00::/7'
|
||||||
|
- '2001:db8::/32'
|
||||||
|
- 'ff00::/8'
|
||||||
|
- 'fec0::/10'
|
||||||
|
synapse_config_ip_range_whitelist: []
|
||||||
|
|
||||||
|
synapse_default_server_config:
|
||||||
|
server_name: "{{ synapse_config_server_name }}"
|
||||||
|
pid_file: "{{ synapse_config_pid_file }}"
|
||||||
|
listeners: "{{ synapse_listeners_config }}"
|
||||||
|
database: "{{ synapse_listeners_config }}"
|
||||||
|
log_config: "{{ synapse_config_log_config_path }}"
|
||||||
|
signing_key_path: "{{ synapse_config_signing_key_path }}"
|
||||||
|
trusted_key_servers: "{{ synapse_config_trusted_key_servers }}"
|
||||||
|
public_baseurl: "{{ synapse_config_public_baseurl }}"
|
||||||
|
serve_server_wellknown: "{{ synapse_config_serve_server_wellknown }}"
|
||||||
|
extra_well_known_client_content: >-
|
||||||
|
{{ synapse_config_extra_well_known_client_content }}
|
||||||
|
soft_file_limit: "{{ synapse_config_soft_file_limit }}"
|
||||||
|
# presence: TODO
|
||||||
|
require_auth_for_profile_requests: >-
|
||||||
|
{{ synapse_config_require_auth_for_profile_requests }}
|
||||||
|
limit_profile_requests_to_users_who_share_rooms: >-
|
||||||
|
{{ synapse_config_limit_profile_requests_to_users_who_share_rooms }}
|
||||||
|
include_profile_data_on_invite: >-
|
||||||
|
{{ synapse_config_include_profile_data_on_invite }}
|
||||||
|
allow_public_rooms_without_auth: >-
|
||||||
|
{{ synapse_config_allow_public_rooms_without_auth }}
|
||||||
|
allow_public_rooms_over_federation: >-
|
||||||
|
{{ synapse_config_allow_public_rooms_over_federation }}
|
||||||
|
default_room_version: "{{ synapse_config_default_room_version }}"
|
||||||
|
filter_timeline_limit: "{{ synapse_config_filter_timeline_limit }}"
|
||||||
|
block_non_admin_invites: "{{ synapse_config_block_non_admin_invites }}"
|
||||||
|
enable_search: "{{ synapse_config_enable_search }}"
|
||||||
|
ip_range_blacklist: "{{ synapse_config_ip_range_blacklist }}"
|
||||||
|
ip_range_whitelist: "{{ synapse_config_ip_range_whitelist }}"
|
||||||
|
dummy_events_threshold: "{{ synapse_config_dummy_events_threshold }}"
|
||||||
|
delete_stale_devices_after: "{{ synapse_config_delete_stale_devices_after }}"
|
10
roles/synapse/defaults/main/homeserver.tls.yml
Normal file
10
roles/synapse/defaults/main/homeserver.tls.yml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
synapse_config_tls_certificate_path: ~
|
||||||
|
synapse_config_tls_private_key_path: ~
|
||||||
|
synapse_tls_config: >-
|
||||||
|
{{ {}
|
||||||
|
| combine(({"tls_certificate_path": synapse_config_tls_certificate_path })
|
||||||
|
if synapse_config_tls_certificate_path | default(false, true) else {})
|
||||||
|
| combine(({"tls_private_key_path": synapse_config_tls_private_key_path })
|
||||||
|
if synapse_config_tls_private_key_path | default(false, true) else {})
|
||||||
|
}}
|
16
roles/synapse/defaults/main/homeserver.turn.yml
Normal file
16
roles/synapse/defaults/main/homeserver.turn.yml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
---
|
||||||
|
# TURN / RTC configuration
|
||||||
|
synapse_config_turn_uris: []
|
||||||
|
synapse_config_turn_shared_secret: ~
|
||||||
|
synapse_config_turn_username: ~
|
||||||
|
synapse_config_turn_password: ~
|
||||||
|
synapse_config_turn_user_lifetime: "2h"
|
||||||
|
synapse_config_turn_allow_guests: false
|
||||||
|
|
||||||
|
synapse_turn_config:
|
||||||
|
turn_uris: "{{ synapse_config_turn_uris }}"
|
||||||
|
turn_shared_secret: "{{ synapse_config_turn_shared_secret }}"
|
||||||
|
turn_username: "{{ synapse_config_turn_username }}"
|
||||||
|
turn_password: "{{ synapse_config_turn_password }}"
|
||||||
|
turn_user_lifetime: "{{ synapse_config_turn_user_lifetime }}"
|
||||||
|
turn_allow_guests: "{{ synapse_config_turn_allow_guests }}"
|
24
roles/synapse/defaults/main/homeservers.listeners.yml
Normal file
24
roles/synapse/defaults/main/homeservers.listeners.yml
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
---
|
||||||
|
synapse_config_listeners: >-
|
||||||
|
{{ synapse_listeners_default_config }}
|
||||||
|
synapse_config_listeners_port: "8080"
|
||||||
|
synapse_config_listeners_tls: false
|
||||||
|
synapse_config_listeners_type: http
|
||||||
|
synapse_config_listeners_x_forwarded: true
|
||||||
|
synapse_config_listeners_bind_addresses:
|
||||||
|
- "::1"
|
||||||
|
- "127.0.0.1"
|
||||||
|
synapse_config_listeners_resources:
|
||||||
|
- names: "{{ synapse_config_listeners_resources_names }}"
|
||||||
|
compress: "{{ synapse_config_listeners_resources_compress }}"
|
||||||
|
synapse_config_listeners_resources_names:
|
||||||
|
- client
|
||||||
|
- federation
|
||||||
|
synapse_config_listeners_resources_compress: false
|
||||||
|
synapse_listeners_default_config:
|
||||||
|
- port: "{{ synapse_config_listeners_port }}"
|
||||||
|
tls: "{{ synapse_config_listeners_tls }}"
|
||||||
|
type: "{{ synapse_config_listeners_type }}"
|
||||||
|
x_forwarded: "{{ synapse_config_listeners_x_forwarded }}"
|
||||||
|
bind_addresses: "{{ synapse_config_listeners_bind_addresses }}"
|
||||||
|
resources: "{{ synapse_config_listeners_resources }}"
|
14
roles/synapse/defaults/main/log.config.yml
Normal file
14
roles/synapse/defaults/main/log.config.yml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
synapse_log_config_root_level: "INFO"
|
||||||
|
synapse_log_config_disable_existing_loggers: false
|
||||||
|
synapse_log_config_root_handlers:
|
||||||
|
- buffer
|
||||||
|
# TODO
|
||||||
|
|
||||||
|
synapse_log_config:
|
||||||
|
version: 1
|
||||||
|
root:
|
||||||
|
level: "{{ synapse_log_config_root_level }}"
|
||||||
|
handlers: "{{ synapse_log_config_root_handlers }}"
|
||||||
|
disable_existing_loggers: "{{ synapse_log_config_disable_existing_loggers }}"
|
22
roles/synapse/defaults/main/main.yml
Normal file
22
roles/synapse/defaults/main/main.yml
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
synapse_user: synapse
|
||||||
|
synapse_version: "1.115.0"
|
||||||
|
synapse_state: "present"
|
||||||
|
synapse_deployment_method: "docker"
|
||||||
|
|
||||||
|
synapse_base_path: /opt/synapse
|
||||||
|
synapse_config_path: "{{ synapse_base_path }}/config"
|
||||||
|
synapse_data_path: "{{ synapse_base_path }}/data"
|
||||||
|
synapse_media_store_path: "{{ synapse_data_path }}/media_store"
|
||||||
|
|
||||||
|
synapse_signing_key: ~
|
||||||
|
synapse_signing_key_file: >-
|
||||||
|
{{ synapse_config_path }}/{{ synapse_domain }}.signing.key
|
||||||
|
synapse_homeserver_config_file: "{{ synapse_config_path }}/homeserver.yaml"
|
||||||
|
synapse_logging_config_file: >-
|
||||||
|
{{ synapse_config_path }}/{{ synapse_domain }}.log.config
|
||||||
|
synapse_pid_file: "{{ synapse_data_path }}/homeserver.pid"
|
||||||
|
synapse_sqlite_database_file: "{{ synapse_data_path }}/homeserver.db"
|
||||||
|
|
||||||
|
synapse_role_generate_signing_key: false
|
27
roles/synapse/docs/database.md
Normal file
27
roles/synapse/docs/database.md
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
# `synapse` database configuration
|
||||||
|
|
||||||
|
Per default, the ansible role supplies a `sqlite`-database (file-based),
|
||||||
|
which is located in `/opt/synapse/data/homeserver.db` (`synapse_sqlite_database_file`).
|
||||||
|
|
||||||
|
## PostgresQL
|
||||||
|
|
||||||
|
To configure synapse for use with postgresql, set `synapse_config_database_name` to `psycopg2`.
|
||||||
|
|
||||||
|
Set your connection information in `synapse_config_database_args` like this:
|
||||||
|
```yaml
|
||||||
|
synapse_config_database_args:
|
||||||
|
user: my_synapse_db_user
|
||||||
|
password: my_synapse_db_password
|
||||||
|
host: my_database_host
|
||||||
|
port: my_database_port_to_connect_to | int
|
||||||
|
# connection pooling (cp) settings, min and max connections
|
||||||
|
cp_min: 5 | int
|
||||||
|
cp_max: 20 | int
|
||||||
|
```
|
||||||
|
|
||||||
|
Also see [the upstream documentation on the `database` config key](https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#database-1).
|
||||||
|
|
||||||
|
## Transaction limits
|
||||||
|
|
||||||
|
The ansible role sets a default transaction limit of 10.000 concurrent transactions.
|
||||||
|
This configuration can be overridden in `synapse_config_database_txn_limit`.
|
24
roles/synapse/docs/listeners.md
Normal file
24
roles/synapse/docs/listeners.md
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
# `synapse` listener config
|
||||||
|
|
||||||
|
Synapse serves endpoints under so-called listeners, which are
|
||||||
|
defined in `synapse_listeners_config`. The role gives some pre-
|
||||||
|
configured options to set for use in various scenarios:
|
||||||
|
|
||||||
|
## Behind reverse proxy which does SSL offloading
|
||||||
|
|
||||||
|
The `synapse_listeners_default_config` is analog to the upstream
|
||||||
|
defaults and will serve both federation and client API on a
|
||||||
|
single HTTP port, without TLS or compression, while trusting the
|
||||||
|
`X-Forwarded-For` headers.
|
||||||
|
|
||||||
|
Use it like this:
|
||||||
|
```yaml
|
||||||
|
synapse_listeners_config: "{{ synapse_listeners_default_config }}"
|
||||||
|
# Change the port like this
|
||||||
|
synapse_config_listeners_port: "8090"
|
||||||
|
# If you use docker or your reverse-proxy is not local,
|
||||||
|
# set the listen_addresses like this
|
||||||
|
synapse_config_listeners_bind_addresses:
|
||||||
|
- "::"
|
||||||
|
- "0.0.0.0"
|
||||||
|
```
|
32
roles/synapse/tasks/check.yml
Normal file
32
roles/synapse/tasks/check.yml
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
---
|
||||||
|
- name: Ensure synapse_state is valid
|
||||||
|
ansible.builtin.fail:
|
||||||
|
msg: "State '{{ synapse_state }}' is not known, supported states are {{ synapse_states | join(', ') }}"
|
||||||
|
when: synapse_state not in synapse_states
|
||||||
|
|
||||||
|
- name: Ensure synapse deployment method is supported
|
||||||
|
ansible.builtin.fail:
|
||||||
|
msg: >-
|
||||||
|
Deployment method '{{ synapse_deployment_method }}'
|
||||||
|
is unknown! Supported methods are:
|
||||||
|
{{ synapse_deployment_methods | join(', ') }}
|
||||||
|
when: synapse_deployment_method not in synapse_deployment_methods
|
||||||
|
|
||||||
|
- name: Ensure required variables are given
|
||||||
|
fail:
|
||||||
|
msg: "Required variable '{{ item }}' is undefined!"
|
||||||
|
loop: "{{ synapse_required_variables }}"
|
||||||
|
when: >-2
|
||||||
|
item not in hostvars[ansible_host]
|
||||||
|
or hostvars[ansible_host][item] | length == 0
|
||||||
|
|
||||||
|
- name: Ensure conditionally required variables are given
|
||||||
|
fail:
|
||||||
|
msg: "Required variable '{{ item.name }}' is undefined!"
|
||||||
|
loop: "{{ synapse_conditionally_required_variables }}"
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.name }}"
|
||||||
|
when: >-2
|
||||||
|
item.when
|
||||||
|
and (item.name not in hostvars[ansible_host]
|
||||||
|
or hostvars[ansible_host][item.name] | length == 0)
|
59
roles/synapse/tasks/configure.yml
Normal file
59
roles/synapse/tasks/configure.yml
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
---
|
||||||
|
- name: Ensure synapse user '{{ synapse_user }}' is {{ synapse_state }}
|
||||||
|
ansible.builtin.user:
|
||||||
|
name: "{{ synapse_user }}"
|
||||||
|
state: "{{ synapse_state }}"
|
||||||
|
system: "{{ synapse_user_system | default(true, true) }}"
|
||||||
|
create_home: "{{ synapse_user_create_home | default(false, true) }}"
|
||||||
|
groups: "{{ synapse_user_groups | default(omit, true) }}"
|
||||||
|
append: "{{ (synapse_user_groups is defined) | ternary(true, omit) }}"
|
||||||
|
register: synapse_user_info
|
||||||
|
|
||||||
|
- name: Ensure directories for synapse are {{ synapse_state }}
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ item.path }}"
|
||||||
|
state: "{{ (synapse_state == 'present') | ternary('directory', 'absent') }}"
|
||||||
|
mode: "{{ item.mode | default('0750') }}"
|
||||||
|
owner: "{{ item.owner | default(synapse_user_info.uid | default(synapse_user)) }}"
|
||||||
|
group: "{{ item.group | default(synapse_user_info.group | default(synapse_user)) }}"
|
||||||
|
loop:
|
||||||
|
- path: "{{ synapse_base_path }}"
|
||||||
|
mode: "0755"
|
||||||
|
- path: "{{ synapse_config_path }}"
|
||||||
|
- path: "{{ synapse_data_path }}"
|
||||||
|
- path: "{{ synapse_media_store_path }}"
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.path }}"
|
||||||
|
|
||||||
|
- name: Ensure synapse signing key is generated
|
||||||
|
finallycoffee.matrix.synapse_signing_key:
|
||||||
|
path: "{{ synapse_signing_key_file }}"
|
||||||
|
state: "{{ synapse_state }}"
|
||||||
|
when: synapse_role_generate_signing_key
|
||||||
|
|
||||||
|
- name: Ensure configuration files are templated
|
||||||
|
ansible.builtin.copy:
|
||||||
|
dest: "{{ config_file.path }}"
|
||||||
|
content: "{{ config_file.content }}"
|
||||||
|
mode: "{{ config_file.mode | default('0640') }}"
|
||||||
|
owner: "{{ config_file.owner | default(synapse_user_info.uid | default(synapse_user)) }}"
|
||||||
|
group: "{{ config_file.group | default(synapse_user_info.group | default(synapse_user)) }}"
|
||||||
|
loop: >-
|
||||||
|
{{ synapse_configs_to_write
|
||||||
|
+ (synapse_keys_to_write if not synapse_role_generate_signing_key else [])
|
||||||
|
+ synapse_configs | default([]) }}
|
||||||
|
loop_control:
|
||||||
|
loop_var: config_file
|
||||||
|
label: "{{ config_file.path }}"
|
||||||
|
vars:
|
||||||
|
synapse_configs_to_write:
|
||||||
|
- content: "{{ synapse_homeserver_config | to_nice_yaml(width=1000) }}"
|
||||||
|
path: "{{ synapse_homeserver_config_file }}"
|
||||||
|
- content: "{{ synapse_log_config | to_nice_yaml(width=1000) }}"
|
||||||
|
path: "{{ synapse_logging_config_file }}"
|
||||||
|
synapse_keys_to_write:
|
||||||
|
- content: "{{ synapse_signing_key }}"
|
||||||
|
path: "{{ synapse_signing_key_file }}"
|
||||||
|
mode: "0640"
|
||||||
|
|
||||||
|
# TODO: signing key generation/handling
|
32
roles/synapse/tasks/deploy-docker.yml
Normal file
32
roles/synapse/tasks/deploy-docker.yml
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
---
|
||||||
|
- name: Ensure container image '{{ synapse_container_image }}' is {{ synapse_state }} on host
|
||||||
|
community.docker.docker_image:
|
||||||
|
name: "{{ synapse_container_image }}"
|
||||||
|
state: "{{ synapse_state }}"
|
||||||
|
source: "{{ synapse_container_image_source }}"
|
||||||
|
force_source: "{{ synapse_container_image_tag | default(false, true) | bool }}"
|
||||||
|
register: synapse_container_image_info
|
||||||
|
until: synapse_container_image_info is success
|
||||||
|
retries: 10
|
||||||
|
delay: 5
|
||||||
|
|
||||||
|
- name: Ensure synapse container '{{ synapse_container_name }}' is {{ (synapse_state == 'present') | ternary('started', 'absent') }}
|
||||||
|
community.docker.docker_container:
|
||||||
|
name: "{{ synapse_container_name }}"
|
||||||
|
image: "{{ synapse_container_image }}"
|
||||||
|
env: "{{ synapse_container_env | default(omit, true) }}"
|
||||||
|
user: "{{ synapse_container_user | default(omit, true) }}"
|
||||||
|
group: "{{ synapse_container_group | default(omit, true) }}"
|
||||||
|
ports: "{{ synapse_container_ports | default(omit, true) }}"
|
||||||
|
labels: "{{ synapse_container_labels | default(omit, true) }}"
|
||||||
|
ulimits: "{{ synapse_container_ulimits | default(omit, true) }}"
|
||||||
|
volumes: "{{ synapse_container_volumes | default(omit, true) }}"
|
||||||
|
networks: "{{ synapse_container_networks | default(omit, true) }}"
|
||||||
|
purge_networks: "{{ synapse_container_purge_networks | default(omit, true) }}"
|
||||||
|
dns_servers: "{{ synapse_container_dns_servers | default(omit, true) }}"
|
||||||
|
etc_hosts: "{{ synapse_container_etc_hosts | default(omit, true) }}"
|
||||||
|
memory: "{{ synapse_container_memory | default(omit, true) }}"
|
||||||
|
memory_reservation: "{{ synapse_container_memory_reservation | default(omit, true) }}"
|
||||||
|
memory_swap: "{{ synapse_container_memory_swap | default(omit, true) }}"
|
||||||
|
restart_policy: "{{ synapse_container_restart_policy }}"
|
||||||
|
state: "{{ synapse_container_state }}"
|
13
roles/synapse/tasks/main.yml
Normal file
13
roles/synapse/tasks/main.yml
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Ensure checks are passing
|
||||||
|
ansible.builtin.include_tasks:
|
||||||
|
file: "check.yml"
|
||||||
|
|
||||||
|
- name: Ensure base configuration is created
|
||||||
|
ansible.builtin.include_tasks:
|
||||||
|
file: "configure.yml"
|
||||||
|
|
||||||
|
- name: Deploy using {{ synapse_deployment_method }}
|
||||||
|
ansible.builtin.include_tasks:
|
||||||
|
file: "deploy-{{ synapse_deployment_method }}.yml"
|
14
roles/synapse/vars/main.yml
Normal file
14
roles/synapse/vars/main.yml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
synapse_states:
|
||||||
|
- present
|
||||||
|
- absent
|
||||||
|
|
||||||
|
synapse_deployment_methods:
|
||||||
|
- docker
|
||||||
|
|
||||||
|
synapse_required_variables:
|
||||||
|
- synapse_domain
|
||||||
|
|
||||||
|
synapse_conditionally_required_variables:
|
||||||
|
- name: synapse_signing_key
|
||||||
|
when: "{{ not synapse_role_generate_signing_key | bool }}"
|
Loading…
x
Reference in New Issue
Block a user