README.md

@@ -12,7 +12,6 @@ Roles for deploying matrix infrastructure using ansible.
 
 - [`cinny`](roles/cinny/README.md): [Cinny](https://cinny.in/) Web Client
 - [`element`](roles/element/README.md): [Element](https://element.io/) Web Client
-- [`hydrogen`](roles/hydrogen/README.md): [Hydrogen](https://matrix.org/ecosystem/clients/hydrogen/) lightweight web client
 - [`synapse`](roles/synapse/README.md): [Synapse](https://github.com/element-hq/synapse/),
   a matrix homeserver implemention by Element
 

galaxy.yml

@@ -1,22 +1,12 @@
 namespace: finallycoffee
 name: matrix
-version: "0.1.8"
+version: 0.1.1
 readme: README.md
 authors:
 - transcaffeine <transcaffeine@finally.coffee>
 description: Various matrix-related ansible roles
-dependencies:
-  "community.docker": "^4.4.0"
-  "community.general": "^10.0.0"
 license_file: LICENSE.md
 build_ignore:
 - '*.tar.gz'
 repository: https://git.finally.coffee/finallycoffee/matrix
 issues: https://codeberg.org/finallycoffee/ansible-collection-matrix/issues
-tags:
-  - matrix
-  - synapse
-  - homeserver
-  - element
-  - hydrogen
-  - cinny

playbooks/hydrogen.yml

@@ -1,6 +0,0 @@
----
-- name: Deploy and configure hydrogen
-  hosts: "{{ hydrogen_hosts | default('hydrogen') }}"
-  become: "{{ hydrogen_become | default(true) }}"
-  roles:
-    - role: finallycoffee.matrix.hydrogen

roles/cinny/defaults/main/config.yml

@@ -1,4 +1,5 @@
 ---
+cinny_testvar: abc
 cinny_config_complete: >-
   {{ cinny_config | default({})
   | combine(cinny_default_config | default({})) }}

roles/cinny/defaults/main/main.yml

@@ -1,7 +1,7 @@
 ---
 cinny_user: cinny
 cinny_state: "present"
-cinny_version: "4.8.0"
+cinny_version: "4.2.1"
 cinny_deployment_method: "docker"
 
 cinny_base_path: "/opt/cinny"

roles/cinny/docs/docker.md

@@ -14,6 +14,7 @@ are available under the `cinny_container_` prefix:
 - `labels`
 - `networks`
 - `etc_hosts`
+- `purge_networks`
 
 The following variables are pre-populated by the role, so override them with care:
 

roles/cinny/meta/main.yml

@@ -1,12 +0,0 @@
----
-allow_duplicates: true
-dependencies: []
-galaxy_info:
-  role_name: cinny
-  description: Deploy cinny, a matrix web client, using podman, docker or a raw tarball to serve from your webserver
-  galaxy_tags:
-    - cinny
-    - matrix
-    - matrix-client
-    - docker
-    - podman

roles/cinny/tasks/deploy-docker.yml

@@ -30,3 +30,4 @@
     networks: "{{ cinny_container_networks | default(omit) }}"
     etc_hosts: "{{ cinny_container_etc_hosts | default(omit) }}"
     restart_policy: "{{ cinny_container_restart_policy }}"
+    purge_networks: "{{ cinny_container_purge_networks | default(omit) }}"

roles/element/defaults/main/container.yml

@@ -11,15 +11,12 @@ element_container_image_registry: "docker.io"
 element_container_image_namespace: "vectorim"
 element_container_image_name: "element-web"
 element_container_image_tag: ~
-element_container_image_source: pull
-element_container_image_force_source: >-2
-  {{ element_container_image_tag | default(false, true) | bool }}
 element_container_name: "element-web"
 element_container_restart_policy: >-
   {{ (element_deployment_method == 'docker')
       | ternary('unless-stopped',
         (element_deployment_method == 'podman' |
-          ternary('on-failure', 'always')))
+          ternary('on-failure', 'always'))
   }}
 element_container_full_volumes: >-
   {{ element_container_default_volumes

roles/element/defaults/main/main.yml

@@ -1,7 +1,7 @@
 ---
 element_user: element
 element_state: "present"
-element_version: "1.11.102"
+element_version: "1.11.77"
 element_deployment_method: "docker"
 
 element_base_path: "/opt/element"
@@ -10,9 +10,9 @@ element_dist_path: "{{ element_source_path }}/dist"
 element_config_path: "{{ element_base_path }}/config"
 element_config_file: "{{ element_config_path }}/config.json"
 
-element_host_uid: >-2
-  {{ ((element_user_info is defined) and ('uid' in element_user_info))
+element_host_uid: >-
+  {{ element_user_info is defined
   | ternary(element_user_info.uid, element_user) }}
-element_host_gid: >-2
-  {{ ((element_user_info is defined) and ('uid' in element_user_info))
+element_host_gid: >-
+  {{ element_user_info is defined
   | ternary(element_user_info.group, element_user) }}

roles/element/docs/docker.md

@@ -14,6 +14,7 @@ are available under the `element_container_` prefix:
 - `labels`
 - `networks`
 - `etc_hosts`
+- `purge_networks`
 
 The following variables are pre-populated by the role, so override them with care:
 

roles/element/meta/main.yml

@@ -1,12 +0,0 @@
----
-allow_duplicates: true
-dependencies: []
-galaxy_info:
-  role_name: element
-  description: Deploy element, a matrix web client, using either docker, podman or a raw tarball to serve with your webserver
-  galaxy_tags:
-    - element
-    - matrix
-    - matrix-client
-    - docker
-    - podman

roles/element/tasks/deploy-docker.yml

@@ -14,8 +14,8 @@
   community.docker.docker_image:
     name: "{{ element_container_image }}"
     state: "{{ element_state }}"
-    source: "{{ element_container_image_source }}"
-    force_source: "{{ element_container_image_force_source }}"
+    source: "{{ element_container_source }}"
+    force_source: "{{ element_container_image_tag | default(false, true) }}"
 
 - name: Ensure container '{{ element_container_name }}' is {{ element_state }}
   community.docker.docker_container:
@@ -23,10 +23,11 @@
     image: "{{ element_container_image }}"
     state: "{{ (element_state == 'present') | ternary('started', 'absent') }}"
     env: "{{ element_container_env | default(omit) }}"
-    user: "{{ element_container_user | default(omit) }}"
+    user: "{{ element_container_user }}"
     ports: "{{ element_container_ports | default(omit) }}"
     labels: "{{ element_container_labels | default(omit) }}"
     volumes: "{{ element_container_full_volumes }}"
     networks: "{{ element_container_networks | default(omit) }}"
     etc_hosts: "{{ element_container_etc_hosts | default(omit) }}"
     restart_policy: "{{ element_container_restart_policy }}"
+    purge_networks: "{{ element_container_purge_networks | default(omit) }}"

roles/element/tasks/deploy-podman.yml

@@ -3,8 +3,8 @@
   containers.podman.podman_image:
     name: "{{ element_container_image }}"
     state: "{{ element_state }}"
-    pull: "{{ element_container_image_source == 'pull' }}"
-    force: "{{ element_container_image_force_source }}"
+    pull: "{{ element_container_source == 'pull' }}"
+    force: "{{ element_container_image_tag | default(false, true) }}"
 
 - name: Ensure container '{{ element_container_name }}' is {{ element_state }}
   containers.podman.podman_container:
@@ -12,7 +12,7 @@
     image: "{{ element_container_image }}"
     state: "{{ (element_state == 'present') | ternary('started', 'absent') }}"
     env: "{{ element_container_env | default(omit) }}"
-    user: "{{ element_container_user | default(omit) }}"
+    user: "{{ element_container_user }}"
     ports: "{{ element_container_ports | default(omit) }}"
     labels: "{{ element_container_labels | default(omit) }}"
     volumes: "{{ element_container_full_volumes }}"

roles/element/vars/main.yml

@@ -1,5 +1,5 @@
 ---
-element_states:
+element_state:
   - present
   - absent
 

roles/hydrogen/README.md

@@ -1,13 +0,0 @@
-# `finallycoffee.matrix.hydrogen` ansible role
-
-Deploy [hydrogen](https://matrix.org/ecosystem/clients/hydrogen/),
-a lightweight matrix web client with SSO, multi-account and E2EE
-Support.
-
-## Configuration
-
-All configuration keys which would be written in the `config.json`
-are available under the `hydrogen_config_*` as flattened camelcase keys.
-As an alternative, the entire config structure can be passed into
-`hydrogen_config` (in combine mode) or `hydrogen_full_config` (ignores
-all defaults).

roles/hydrogen/defaults/main/container.yml

@@ -1,42 +0,0 @@
----
-hydrogen_container_name: hydrogen
-hydrogen_container_image_server: ghcr.io
-hydrogen_container_image_namespace: element-hq
-hydrogen_container_image_name: hydrogen-web
-hydrogen_container_image_tag: ~
-hydrogen_container_image: >-2
-  {{
-    ([
-      hydrogen_container_image_server,
-      hydrogen_container_image_namespace,
-      hydrogen_container_image_name,
-    ] | join('/'))
-    + ':' + (hydrogen_container_image_tag
-      | default('v' + hydrogen_version, true))
-  }}
-
-hydrogen_container_working_directory: "/usr/share/nginx/html"
-hydrogen_container_config_file: >-2
-  {{ hydrogen_container_working_directory }}/config.json
-hydrogen_container_base_volumes:
-  - "{{ hydrogen_config_file }}:{{ hydrogen_container_config_file }}:ro"
-hydrogen_container_full_volumes: >-2
-  {{ hydrogen_container_base_volumes | default([], true)
-    + (hydrogen_container_volumes | default([], true))
-
-hydrogen_container_image_source: pull
-hydrogen_container_image_force_source: >-2
-  {{ hydrogen_container_image_tag | default(false, true) | bool }}
-hydrogen_container_state: >-2
-  {{ (hydrogen_state == 'present') | ternary('started', 'absent') }}
-hydrogen_container_env: ~
-hydrogen_container_user: >-2
-  {{ hydrogen_run_user_id }}:{{ hydrogen_run_group_id }}
-hydrogen_container_ports: ~
-hydrogen_container_labels: ~
-hydrogen_container_ulimits: ~
-hydrogen_container_volumes: ~
-hydrogen_container_networks: ~
-hydrogen_container_dns_servers: ~
-hydrogen_container_etc_hosts: ~
-hydrogen_container_restart_policy: unless-stopped

roles/hydrogen/defaults/main/main.yml

@@ -1,21 +0,0 @@
----
-hydrogen_state: present
-hydrogen_user: hydrogen
-hydrogen_version: "0.5.1"
-hydrogen_deployment_method: docker
-
-hydrogen_config_file: "/etc/hydrogen/config.json"
-
-hydrogen_config: ~
-hydrogen_config_default_home_server: matrix.org
-hydrogen_config_default_theme_light: "element-light"
-hydrogen_config_default_theme_dark: "element-dark"
-hydrogen_config_default_theme:
-  light: "{{ hydrogen_config_default_theme_light }}"
-  dark: "{{ hydrogen_config_default_theme_dark }}"
-hydrogen_base_config:
-  defaultHomeServer: "{{ hydrogen_config_default_home_server }}"
-  defaultTheme: "{{ hydrogen_config_default_theme }}"
-hydrogen_full_config: >-2
-  {{ hydrogen_base_config | default({}, true)
-      | combine(hydrogen_config | default({}, true)) }}

roles/hydrogen/defaults/main/user.yml

@@ -1,5 +0,0 @@
----
-hydrogen_run_user_id: >-2
-  {{ hydrogen_user_info.uid | default(hydrogen_user) }}
-hydrogen_run_group_id: >-2
-  {{ hydrogen_user_info.group | default(hydrogen_user) }}

roles/hydrogen/meta/main.yml

@@ -1,12 +0,0 @@
----
-allow_duplicates: true
-dependencies: []
-galaxy_info:
-  role_name: hydrogen
-  description: Deploy hydrogen, a lightweight matrix web client
-  galaxy_tags:
-    - hydrogen
-    - matrix
-    - matrix-client
-    - docker
-    - podman

roles/hydrogen/tasks/deploy-docker.yml

@@ -1,31 +0,0 @@
----
-- name: Ensure container image '{{ hydrogen_container_image }}' is {{ hydrogen_state }} on host
-  community.docker.docker_image:
-    name: "{{ hydrogen_container_image }}"
-    state: "{{ hydrogen_state }}"
-    source: "{{ hydrogen_container_image_source }}"
-    force_source: >-2
-      {{ hydrogen_container_image_force_source }}
-  register: hydrogen_container_image_info
-  until: hydrogen_container_image_info is success
-  retries: 5
-  delay: 3
-
-- name: Ensure hydrogen container '{{ hydrogen_container_name }}' is {{ hydrogen_container_state }}
-  community.docker.docker_container:
-    name: "{{ hydrogen_container_name }}"
-    image: "{{ hydrogen_container_image }}"
-    env: "{{ hydrogen_container_env | default(omit, true) }}"
-    user: "{{ hydrogen_container_user }}"
-    ports: "{{ hydrogen_container_ports | default(omit, true) }}"
-    labels: "{{ hydrogen_container_labels | default(omit, true) }}"
-    ulimits: "{{ hydrogen_container_ulimits | default(omit, true) }}"
-    volumes: "{{ hydrogen_container_volumes }}"
-    networks: "{{ hydrogen_container_networks | default(omit, true) }}"
-    dns_servers: >-2
-      {{ hydrogen_container_dns_servers | default(omit, true) }}
-    etc_hosts: >-2
-      {{ hydrogen_container_etc_hosts | default(omit, true) }}
-    restart_policy: >-2
-      {{ hydrogen_container_restart_policy | default(omit, true) }}
-    state: "{{ hydrogen_container_state }}"

roles/hydrogen/tasks/deploy-podman.yml

@@ -1,30 +0,0 @@
----
-- name: Ensure container image '{{ hydrogen_container_image }}' is {{ hydrogen_state }} on host
-  containers.podman.podman_image:
-    name: "{{ hydrogen_container_image }}"
-    state: "{{ hydrogen_state }}"
-    pull: "{{ hydrogen_container_image_source == 'pull' }}"
-    force: "{{ hydrogen_container_image_force_source }}"
-  register: hydrogen_container_image_info
-  until: hydrogen_container_image_info is success
-  retries: 5
-  delay: 3
-
-- name: Ensure hydrogen container '{{ hydrogen_container_name }}' is {{ hydrogen_container_state }}
-  containers.podman.podman_container:
-    name: "{{ hydrogen_container_name }}"
-    image: "{{ hydrogen_container_image }}"
-    env: "{{ hydrogen_container_env | default(omit, true) }}"
-    user: "{{ hydrogen_container_user }}"
-    ports: "{{ hydrogen_container_ports | default(omit, true) }}"
-    labels: "{{ hydrogen_container_labels | default(omit, true) }}"
-    ulimits: "{{ hydrogen_container_ulimits | default(omit, true) }}"
-    volumes: "{{ hydrogen_container_volumes }}"
-    network: "{{ hydrogen_container_networks | default(omit, true) }}"
-    dns_servers: >-2
-      {{ hydrogen_container_dns_servers | default(omit, true) }}
-    etc_hosts: >-2
-      {{ hydrogen_container_etc_hosts | default(omit, true) }}
-    restart_policy: >-2
-      {{ hydrogen_container_restart_policy | default(omit, true) }}
-    state: "{{ hydrogen_container_state }}"

roles/hydrogen/tasks/main.yml

@@ -1,57 +0,0 @@
----
-- name: Check if deployment method is supported
-  ansible.builtin.fail:
-    msg: >-2
-      Deployment method '{{ hydrogen_deployment_method }}'
-      is not supported. Support methods are
-      {{ hydrogen_deployment_methods | join(', ') }}.
-  when: hydrogen_deployment_method not in hydrogen_deployment_methods
-
-- name: Check if state is supported
-  ansible.builtin.fail:
-    msg: >-2
-      State '{{ hydrogen_state }}' is not supported.
-      Supported states are: {{ hydrogen_states | join(', ') }}
-  when: hydrogen_state not in hydrogen_states
-
-- name: Ensure hydrogen user '{{ hydrogen_user }}' is {{ hydrogen_state }}
-  ansible.builtin.user:
-    name: "{{ hydrogen_user }}"
-    system: "{{ hydrogen_user_system | default(true, true) }}"
-    groups: "{{ hydrogen_user_groups | default(omit, true) }}"
-    append: >-2
-      {{ hydrogen_user_append_groups
-        | default(hydrogen_user_groups | default([]) | length > 0, true)
-        | bool
-      }}
-    state: "{{ hydrogen_state }}"
-  register: hydrogen_user_info
-
-- name: Ensure hydrogen config file is {{ hydrogen_state }}
-  ansible.builtin.file:
-    path: "{{ hydrogen_config_file }}"
-    state: "{{ hydrogen_state }}"
-  when: hydrogen_state == 'absent'
-
-- name: Ensure hydrogen config folder is {{ hydrogen_state }}
-  ansible.builtin.file:
-    path: "{{ hydrogen_config_file | ansible.builtin.basename }}"
-    state: >-2
-      {{ (hydrogen_state == 'present')
-        | ternary('directory', 'absent') }}
-    owner: "{{ hydrogen_run_user_id }}"
-    group: "{{ hydrogen_run_group_id }}"
-    mode: "0755"
-
-- name: Ensure hydrogen config file is {{ hydrogen_state }}
-  ansible.builtin.copy:
-    dest: "{{ hydrogen_config_file }}"
-    content: "{{ hydrogen_config | to_nice_json }}"
-    owner: "{{ hydrogen_run_user_id }}"
-    group: "{{ hydrogen_run_group_id }}"
-    mode: "0640"
-  when: hydrogen_state == 'present'
-
-- name: Deploy using {{ hydrogen_deployment_method }}
-  ansible.builtin.include_tasks:
-    file: "deploy-{{ hydrogen_deployment_method }}.yml"

roles/hydrogen/vars/main.yml

@@ -1,7 +0,0 @@
----
-hydrogen_states:
-  - present
-  - absent
-hydrogen_deployment_methods:
-  - docker
-  - podman

roles/synapse/defaults/main/container.yml

@@ -30,6 +30,7 @@ synapse_container_ports: ~
 synapse_container_labels: ~
 synapse_container_ulimits: ~
 synapse_container_networks: ~
+synapse_container_purge_networks: ~
 synapse_container_dns_servers: ~
 synapse_container_etc_hosts: ~
 synapse_container_memory: ~

roles/synapse/defaults/main/homeserver.config.yml

@@ -23,9 +23,8 @@ synapse_default_config: >-
     | combine(synapse_metrics_config)
     | combine(synapse_api_config)
     | combine(synapse_push_config)
-    | combine(synapse_registration_config)
   }}
 
 synapse_homeserver_config: >-
   {{ synapse_default_config
-    | combine(synapse_config | default({}), recursive=True) }}
+    | combine(synapse_config | default({})) }}

roles/synapse/defaults/main/homeserver.registration.yml

@@ -1,41 +0,0 @@
----
-synapse_config_enable_registration: false
-synapse_config_enable_registration_without_verification: false
-synapse_config_registrations_require_3pid: []
-synapse_config_registration_requires_token: true
-synapse_config_registration_shared_secret: ~
-synapse_config_registration_shared_secret_path: ~
-synapse_config_allowed_local_3pids: []
-synapse_config_enable_3pid_lookup: true
-
-synapse_config_bcrypt_rounds: 14
-synapse_config_allow_guest_access: false
-synapse_config_default_identity_server: ~
-synapse_config_enable_set_displayname: true
-synapse_config_enable_set_avatar_url: true
-synapse_config_enable_3pid_changes: true
-
-synapse_registration_base_config:
-  enable_set_displayname: "{{ synapse_config_enable_set_displayname }}"
-  enable_set_avatar_url: "{{ synapse_config_enable_set_avatar_url }}"
-  enable_3pid_changes: "{{ synapse_config_enable_3pid_changes }}"
-  allow_guest_access: "{{ synapse_config_allow_guest_access }}"
-  enable_registration: "{{ synapse_config_enable_registration }}"
-  enable_registration_without_verification: >-2
-    {{ synapse_config_enable_registration_without_verification }}
-  allowed_local_3pids: "{{ synapse_config_allowed_local_3pids }}"
-  enable_3pid_lookup: "{{ synapse_config_enable_3pid_lookup }}"
-  registrations_require_3pid: "{{ synapse_config_registrations_require_3pid }}"
-  registration_requires_token: "{{ synapse_config_registration_requires_token }}"
-  registration_shared_secret: "{{ synapse_config_registration_shared_secret }}"
-  registration_shared_secret_path: >-2
-    {{ synapse_config_registration_shared_secret_path }}
-  bcrypt_rounds: "{{ synapse_config_bcrypt_rounds }}"
-
-synapse_registration_config: >-2
-  {{
-    synapse_registration_base_config
-    | combine(({"default_identity_server": synapse_config_default_identity_server})
-      if (synapse_config_default_identity_server | default(false, true)
-        and synapse_config_default_identity_server | length > 0) else {})
-  }}

roles/synapse/defaults/main/main.yml

@@ -1,7 +1,7 @@
 ---
 synapse_user: synapse
 synapse_group: synapse
-synapse_version: "1.131.0"
+synapse_version: "1.116.0"
 synapse_state: "present"
 synapse_deployment_method: "docker"
 

roles/synapse/meta/main.yml

@@ -1,12 +0,0 @@
----
-allow_duplicates: true
-dependencies: []
-galaxy_info:
-  role_name: synapse
-  description: Deploy synapse, a matrix homeserver. Supports docker, podman, virtualenv
-  galaxy_tags:
-    - synapse
-    - matrix
-    - homeserver
-    - docker
-    - podman

roles/synapse/tasks/check.yml

@@ -17,8 +17,8 @@
     msg: "Required variable '{{ item }}' is undefined!"
   loop: "{{ synapse_required_variables }}"
   when: >-2
-    item not in hostvars[inventory_hostname]
-    or hostvars[inventory_hostname][item] | length == 0
+    item not in hostvars[ansible_host]
+    or hostvars[ansible_host][item] | length == 0
 
 - name: Ensure conditionally required variables are given
   ansible.builtin.fail:
@@ -28,5 +28,5 @@
     label: "{{ item.name }}"
   when: >-2
     item.when
-    and (item.name not in hostvars[inventory_hostname]
-        or hostvars[inventory_hostname][item.name] | length == 0)
+    and (item.name not in hostvars[ansible_host]
+        or hostvars[ansible_host][item.name] | length == 0)

roles/synapse/tasks/deploy-docker.yml

@@ -22,6 +22,7 @@
     ulimits: "{{ synapse_container_ulimits | default(omit, true) }}"
     volumes: "{{ synapse_container_all_volumes }}"
     networks: "{{ synapse_container_networks | default(omit, true) }}"
+    purge_networks: "{{ synapse_container_purge_networks | default(omit, true) }}"
     dns_servers: "{{ synapse_container_dns_servers | default(omit, true) }}"
     etc_hosts: "{{ synapse_container_etc_hosts | default(omit, true) }}"
     memory: "{{ synapse_container_memory | default(omit, true) }}"