diff --git a/README.md b/README.md index 7d9c160..5fada48 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,7 @@ Roles for deploying matrix infrastructure using ansible. - [`cinny`](roles/cinny/README.md): [Cinny](https://cinny.in/) Web Client - [`element`](roles/element/README.md): [Element](https://element.io/) Web Client +- [`hydrogen`](roles/hydrogen/README.md): [Hydrogen](https://matrix.org/ecosystem/clients/hydrogen/) lightweight web client - [`synapse`](roles/synapse/README.md): [Synapse](https://github.com/element-hq/synapse/), a matrix homeserver implemention by Element diff --git a/galaxy.yml b/galaxy.yml index c6f79ee..c8253a3 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -10,3 +10,10 @@ build_ignore: - '*.tar.gz' repository: https://git.finally.coffee/finallycoffee/matrix issues: https://codeberg.org/finallycoffee/ansible-collection-matrix/issues +tags: + - matrix + - synapse + - homeserver + - element + - hydrogen + - cinny diff --git a/playbooks/hydrogen.yml b/playbooks/hydrogen.yml new file mode 100644 index 0000000..f007f92 --- /dev/null +++ b/playbooks/hydrogen.yml @@ -0,0 +1,6 @@ +--- +- name: Deploy and configure hydrogen + hosts: "{{ hydrogen_hosts | default('hydrogen') }}" + become: "{{ hydrogen_become | default(true) }}" + roles: + - role: finallycoffee.matrix.hydrogen diff --git a/roles/hydrogen/README.md b/roles/hydrogen/README.md new file mode 100644 index 0000000..8687b71 --- /dev/null +++ b/roles/hydrogen/README.md @@ -0,0 +1,13 @@ +# `finallycoffee.matrix.hydrogen` ansible role + +Deploy [hydrogen](https://matrix.org/ecosystem/clients/hydrogen/), +a lightweight matrix web client with SSO, multi-account and E2EE +Support. + +## Configuration + +All configuration keys which would be written in the `config.json` +are available under the `hydrogen_config_*` as flattened camelcase keys. +As an alternative, the entire config structure can be passed into +`hydrogen_config` (in combine mode) or `hydrogen_full_config` (ignores +all defaults). diff --git a/roles/hydrogen/defaults/main/container.yml b/roles/hydrogen/defaults/main/container.yml new file mode 100644 index 0000000..1e26dcf --- /dev/null +++ b/roles/hydrogen/defaults/main/container.yml @@ -0,0 +1,43 @@ +--- +hydrogen_container_name: hydrogen +hydrogen_container_image_server: ghcr.io +hydrogen_container_image_namespace: element-hq +hydrogen_container_image_name: hydrogen-web +hydrogen_container_image_tag: ~ +hydrogen_container_image: >-2 + {{ + ([ + hydrogen_container_image_server, + hydrogen_container_image_namespace, + hydrogen_container_image_name, + ] | join('/')) + + ':' + (hydrogen_container_image_tag + | default('v' + hydrogen_version, true)) + }} + +hydrogen_container_working_directory: "/usr/share/nginx/html" +hydrogen_container_config_file: >-2 + {{ hydrogen_container_working_directory }}/config.json +hydrogen_container_base_volumes: + - "{{ hydrogen_config_file }}:{{ hydrogen_container_config_file }}:ro" +hydrogen_container_full_volumes: >-2 + {{ hydrogen_container_base_volumes | default([], true) + + (hydrogen_container_volumes | default([], true)) + +hydrogen_container_image_source: pull +hydrogen_container_image_force_source: >-2 + {{ hydrogen_container_image_tag | default(false, true) | bool }} +hydrogen_container_state: >-2 + {{ (hydrogen_state == 'present') | ternary('started', 'absent') }} +hydrogen_container_env: ~ +hydrogen_container_user: >-2 + {{ hydrogen_run_user_id }}:{{ hydrogen_run_group_id }} +hydrogen_container_ports: ~ +hydrogen_container_labels: ~ +hydrogen_container_ulimits: ~ +hydrogen_container_volumes: ~ +hydrogen_container_networks: ~ +hydrogen_container_purge_networks: ~ +hydrogen_container_dns_servers: ~ +hydrogen_container_etc_hosts: ~ +hydrogen_container_restart_policy: unless-stopped diff --git a/roles/hydrogen/defaults/main/main.yml b/roles/hydrogen/defaults/main/main.yml new file mode 100644 index 0000000..6c90b77 --- /dev/null +++ b/roles/hydrogen/defaults/main/main.yml @@ -0,0 +1,21 @@ +--- +hydrogen_state: present +hydrogen_user: hydrogen +hydrogen_version: "0.5.0" +hydrogen_deployment_method: docker + +hydrogen_config_file: "/etc/hydrogen/config.json" + +hydrogen_config: ~ +hydrogen_config_default_home_server: matrix.org +hydrogen_config_default_theme_light: "element-light" +hydrogen_config_default_theme_dark: "element-dark" +hydrogen_config_default_theme: + light: "{{ hydrogen_config_default_theme_light }}" + dark: "{{ hydrogen_config_default_theme_dark }}" +hydrogen_base_config: + defaultHomeServer: "{{ hydrogen_config_default_home_server }}" + defaultTheme: "{{ hydrogen_config_default_theme }}" +hydrogen_full_config: >-2 + {{ hydrogen_base_config | default({}, true) + | combine(hydrogen_config | default({}, true)) }} diff --git a/roles/hydrogen/defaults/main/user.yml b/roles/hydrogen/defaults/main/user.yml new file mode 100644 index 0000000..257ae4e --- /dev/null +++ b/roles/hydrogen/defaults/main/user.yml @@ -0,0 +1,5 @@ +--- +hydrogen_run_user_id: >-2 + {{ hydrogen_user_info.uid | default(hydrogen_user) }} +hydrogen_run_group_id: >-2 + {{ hydrogen_user_info.group | default(hydrogen_user) }} diff --git a/roles/hydrogen/meta/main.yml b/roles/hydrogen/meta/main.yml new file mode 100644 index 0000000..4aaf2d8 --- /dev/null +++ b/roles/hydrogen/meta/main.yml @@ -0,0 +1,12 @@ +--- +allow_duplicates: true +dependencies: [] +galaxy_info: + role_name: hydrogen + description: Deploy hydrogen, a lightweight matrix web client + galaxy_tags: + - hydrogen + - matrix + - matrix-client + - docker + - podman diff --git a/roles/hydrogen/tasks/deploy-docker.yml b/roles/hydrogen/tasks/deploy-docker.yml new file mode 100644 index 0000000..bbb26c5 --- /dev/null +++ b/roles/hydrogen/tasks/deploy-docker.yml @@ -0,0 +1,33 @@ +--- +- name: Ensure container image '{{ hydrogen_container_image }}' is {{ hydrogen_state }} on host + community.docker.docker_image: + name: "{{ hydrogen_container_image }}" + state: "{{ hydrogen_state }}" + source: "{{ hydrogen_container_image_source }}" + force_source: >-2 + {{ hydrogen_container_image_force_source }} + register: hydrogen_container_image_info + until: hydrogen_container_image_info is success + retries: 5 + delay: 3 + +- name: Ensure hydrogen container '{{ hydrogen_container_name }}' is {{ hydrogen_container_state }} + community.docker.docker_container: + name: "{{ hydrogen_container_name }}" + image: "{{ hydrogen_container_image }}" + env: "{{ hydrogen_container_env | default(omit, true) }}" + user: "{{ hydrogen_container_user }}" + ports: "{{ hydrogen_container_ports | default(omit, true) }}" + labels: "{{ hydrogen_container_labels | default(omit, true) }}" + ulimits: "{{ hydrogen_container_ulimits | default(omit, true) }}" + volumes: "{{ hydrogen_container_volumes }}" + networks: "{{ hydrogen_container_networks | default(omit, true) }}" + purge_networks: >-2 + {{ hydrogen_container_purge_networks | default(omit, true) }} + dns_servers: >-2 + {{ hydrogen_container_dns_servers | default(omit, true) }} + etc_hosts: >-2 + {{ hydrogen_container_etc_hosts | default(omit, true) }} + restart_policy: >-2 + {{ hydrogen_container_restart_policy | default(omit, true) }} + state: "{{ hydrogen_container_state }}" diff --git a/roles/hydrogen/tasks/deploy-podman.yml b/roles/hydrogen/tasks/deploy-podman.yml new file mode 100644 index 0000000..e26fc5a --- /dev/null +++ b/roles/hydrogen/tasks/deploy-podman.yml @@ -0,0 +1,32 @@ +--- +- name: Ensure container image '{{ hydrogen_container_image }}' is {{ hydrogen_state }} on host + containers.podman.podman_image: + name: "{{ hydrogen_container_image }}" + state: "{{ hydrogen_state }}" + pull: "{{ hydrogen_container_image_source == 'pull' }}" + force: "{{ hydrogen_container_image_force_source }}" + register: hydrogen_container_image_info + until: hydrogen_container_image_info is success + retries: 5 + delay: 3 + +- name: Ensure hydrogen container '{{ hydrogen_container_name }}' is {{ hydrogen_container_state }} + containers.podman.podman_container: + name: "{{ hydrogen_container_name }}" + image: "{{ hydrogen_container_image }}" + env: "{{ hydrogen_container_env | default(omit, true) }}" + user: "{{ hydrogen_container_user }}" + ports: "{{ hydrogen_container_ports | default(omit, true) }}" + labels: "{{ hydrogen_container_labels | default(omit, true) }}" + ulimits: "{{ hydrogen_container_ulimits | default(omit, true) }}" + volumes: "{{ hydrogen_container_volumes }}" + network: "{{ hydrogen_container_networks | default(omit, true) }}" + purge_networks: >-2 + {{ hydrogen_container_purge_networks | default(omit, true) }} + dns_servers: >-2 + {{ hydrogen_container_dns_servers | default(omit, true) }} + etc_hosts: >-2 + {{ hydrogen_container_etc_hosts | default(omit, true) }} + restart_policy: >-2 + {{ hydrogen_container_restart_policy | default(omit, true) }} + state: "{{ hydrogen_container_state }}" diff --git a/roles/hydrogen/tasks/main.yml b/roles/hydrogen/tasks/main.yml new file mode 100644 index 0000000..180e2ac --- /dev/null +++ b/roles/hydrogen/tasks/main.yml @@ -0,0 +1,57 @@ +--- +- name: Check if deployment method is supported + ansible.builtin.fail: + msg: >-2 + Deployment method '{{ hydrogen_deployment_method }}' + is not supported. Support methods are + {{ hydrogen_deployment_methods | join(', ') }}. + when: hydrogen_deployment_method not in hydrogen_deployment_methods + +- name: Check if state is supported + ansible.builtin.fail: + msg: >-2 + State '{{ hydrogen_state }}' is not supported. + Supported states are: {{ hydrogen_states | join(', ') }} + when: hydrogen_state not in hydrogen_states + +- name: Ensure hydrogen user '{{ hydrogen_user }}' is {{ hydrogen_state }} + ansible.builtin.user: + name: "{{ hydrogen_user }}" + system: "{{ hydrogen_user_system | default(true, true) }}" + groups: "{{ hydrogen_user_groups | default(omit, true) }}" + append: >-2 + {{ hydrogen_user_append_groups + | default(hydrogen_user_groups | default([]) | length > 0, true) + | bool + }} + state: "{{ hydrogen_state }}" + register: hydrogen_user_info + +- name: Ensure hydrogen config file is {{ hydrogen_state }} + ansible.builtin.file: + path: "{{ hydrogen_config_file }}" + state: "{{ hydrogen_state }}" + when: hydrogen_state == 'absent' + +- name: Ensure hydrogen config folder is {{ hydrogen_state }} + ansible.builtin.file: + path: "{{ hydrogen_config_file | ansible.builtin.basename }}" + state: >-2 + {{ (hydrogen_state == 'present') + | ternary('directory', 'absent') }} + owner: "{{ hydrogen_run_user_id }}" + group: "{{ hydrogen_run_group_id }}" + mode: "0755" + +- name: Ensure hydrogen config file is {{ hydrogen_state }} + ansible.builtin.copy: + dest: "{{ hydrogen_config_file }}" + content: "{{ hydrogen_config | to_nice_json }}" + owner: "{{ hydrogen_run_user_id }}" + group: "{{ hydrogen_run_group_id }}" + mode: "0640" + when: hydrogen_state == 'present' + +- name: Deploy using {{ hydrogen_deployment_method }} + ansible.builtin.include_tasks: + file: "deploy-{{ hydrogen_deployment_method }}.yml" diff --git a/roles/hydrogen/vars/main.yml b/roles/hydrogen/vars/main.yml new file mode 100644 index 0000000..9149e0c --- /dev/null +++ b/roles/hydrogen/vars/main.yml @@ -0,0 +1,7 @@ +--- +hydrogen_states: + - present + - absent +hydrogen_deployment_methods: + - docker + - podman