diff --git a/roles/matrix-awx/surveys/access_export.json.j2 b/roles/matrix-awx/surveys/access_export.json.j2 new file mode 100644 index 00000000..c20a9749 --- /dev/null +++ b/roles/matrix-awx/surveys/access_export.json.j2 @@ -0,0 +1,42 @@ +{ + "name": "Access Export", + "description": "Access the services export.", + "spec": [ + { + "question_name": "SFTP Authorisation Method", + "question_description": "Set whether you want to disable SFTP, use a password to connect to SFTP or connect with a more secure SSH key.", + "required": true, + "min": null, + "max": null, + "default": "{{ sftp_auth_method | string }}", + "choices": "Disabled\nPassword\nSSH Key", + "new_question": true, + "variable": "sftp_auth_method", + "type": "multiplechoice" + }, + { + "question_name": "SFTP Password", + "question_description": "Sets the password of the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'Password' method is selected. WARNING: You must set a strong and unique password here.", + "required": false, + "min": 0, + "max": 64, + "default": "{{ sftp_password }}", + "choices": "", + "new_question": true, + "variable": "sftp_password", + "type": "password" + }, + { + "question_name": "SFTP Public SSH Key (More Secure)", + "question_description": "Sets the public SSH key used to access the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'SSH Key' method is selected.", + "required": false, + "min": 0, + "max": 16384, + "default": "{{ sftp_public_key }}", + "choices": "", + "new_question": true, + "variable": "sftp_public_key", + "type": "text" + } + ] +} diff --git a/roles/matrix-awx/surveys/backup_server.json.j2 b/roles/matrix-awx/surveys/backup_server.json.j2 index 9b9cddbd..80782b74 100644 --- a/roles/matrix-awx/surveys/backup_server.json.j2 +++ b/roles/matrix-awx/surveys/backup_server.json.j2 @@ -1,6 +1,6 @@ { "name": "Backup Server", - "description": "", + "description": "Performs a backup of the entire service to a remote location.", "spec": [ { "question_name": "Enable Backup", diff --git a/roles/matrix-awx/surveys/configure_corporal.json.j2 b/roles/matrix-awx/surveys/configure_corporal.json.j2 index 4c4ead83..14e417ce 100755 --- a/roles/matrix-awx/surveys/configure_corporal.json.j2 +++ b/roles/matrix-awx/surveys/configure_corporal.json.j2 @@ -1,6 +1,6 @@ { "name": "Configure Matrix Corporal", - "description": "", + "description": "Configure Matrix Corporal, a tool that manages your Matrix server according to a configuration policy.", "spec": [ { "question_name": "Enable Corporal", diff --git a/roles/matrix-awx/surveys/configure_dimension.json.j2 b/roles/matrix-awx/surveys/configure_dimension.json.j2 index 3acbaaaf..2f39e80e 100644 --- a/roles/matrix-awx/surveys/configure_dimension.json.j2 +++ b/roles/matrix-awx/surveys/configure_dimension.json.j2 @@ -1,6 +1,6 @@ { "name": "Configure Dimension", - "description": "", + "description": "Configure Dimension, the self-hosted integrations server.", "spec": [ { "question_name": "Enable Dimension", diff --git a/roles/matrix-awx/surveys/configure_element.json.j2 b/roles/matrix-awx/surveys/configure_element.json.j2 index 0ff02288..02812fbc 100755 --- a/roles/matrix-awx/surveys/configure_element.json.j2 +++ b/roles/matrix-awx/surveys/configure_element.json.j2 @@ -1,6 +1,6 @@ { - "name": "", - "description": "", + "name": "Configure Element", + "description": "Configure Element web client, Element is the most developed Matrix client software.", "spec": [ { "question_name": "Enable Element-Web", diff --git a/roles/matrix-awx/surveys/configure_jitsi.json.j2 b/roles/matrix-awx/surveys/configure_jitsi.json.j2 index 2eb0579b..9cb3044d 100755 --- a/roles/matrix-awx/surveys/configure_jitsi.json.j2 +++ b/roles/matrix-awx/surveys/configure_jitsi.json.j2 @@ -1,6 +1,6 @@ { - "name": "", - "description": "", + "name": "Configure Jitsi", + "description": "Configure Jitsi conferencing settings.", "spec": [ { "question_name": "Enable Jitsi", diff --git a/roles/matrix-awx/surveys/configure_ma1sd.json.j2 b/roles/matrix-awx/surveys/configure_ma1sd.json.j2 index e3c1d448..67c2c88d 100644 --- a/roles/matrix-awx/surveys/configure_ma1sd.json.j2 +++ b/roles/matrix-awx/surveys/configure_ma1sd.json.j2 @@ -1,6 +1,6 @@ { - "name": "", - "description": "", + "name": "Configure ma1sd", + "description": "Configure ma1sd settings, ma1sd is a self-hosted identity server for Matrix.", "spec": [ { "question_name": "Enable ma1sd", diff --git a/roles/matrix-awx/surveys/configure_synapse.json.j2 b/roles/matrix-awx/surveys/configure_synapse.json.j2 index f8d725da..22b80303 100755 --- a/roles/matrix-awx/surveys/configure_synapse.json.j2 +++ b/roles/matrix-awx/surveys/configure_synapse.json.j2 @@ -1,6 +1,6 @@ { "name": "Configure Synapse", - "description": "", + "description": "Configure Synapse settings. Synapse is the homeserver software that powers your Matrix instance.", "spec": [ { "question_name": "Enable Public Registration", diff --git a/roles/matrix-awx/tasks/customise_website_access_export.yml b/roles/matrix-awx/tasks/customise_website_access_export.yml index 580d8bc9..b7e27e9d 100755 --- a/roles/matrix-awx/tasks/customise_website_access_export.yml +++ b/roles/matrix-awx/tasks/customise_website_access_export.yml @@ -8,7 +8,7 @@ insertafter: '# Base Domain Settings Start' with_dict: 'matrix_nginx_proxy_base_domain_homepage_enabled': 'true' - when: customise_base_domain_website|bool == false + when: (customise_base_domain_website is defined) and not customise_base_domain_website|bool - name: Disable index.html creation to allow multi-file site if user does wish to customise base domain delegate_to: 127.0.0.1 @@ -19,7 +19,7 @@ insertafter: '# Base Domain Settings Start' with_dict: 'matrix_nginx_proxy_base_domain_homepage_enabled': 'false' - when: customise_base_domain_website|bool == true + when: (customise_base_domain_website is defined) and customise_base_domain_website|bool - name: Record custom 'Customise Website + Access Export' variables locally on AWX delegate_to: 127.0.0.1 @@ -29,29 +29,53 @@ line: "{{ item.key }}: {{ item.value }}" insertafter: '# Custom Settings Start' with_dict: - 'customise_base_domain_website': '{{ customise_base_domain_website }}' 'sftp_auth_method': '"{{ sftp_auth_method }}"' 'sftp_password': '"{{ sftp_password }}"' 'sftp_public_key': '"{{ sftp_public_key }}"' +- name: Record custom 'Customise Website + Access Export' variables locally on AWX + delegate_to: 127.0.0.1 + lineinfile: + path: '{{ awx_cached_matrix_vars }}' + regexp: "^#? *{{ item.key | regex_escape() }}:" + line: "{{ item.key }}: {{ item.value }}" + insertafter: '# Custom Settings Start' + with_dict: + 'customise_base_domain_website': '{{ customise_base_domain_website }}' + when: customise_base_domain_website is defined + - name: Reload vars in matrix_vars.yml include_vars: file: '{{ awx_cached_matrix_vars }}' no_log: True -# ^ Is this even needed? - - name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template delegate_to: 127.0.0.1 template: src: './roles/matrix-awx/surveys/configure_website_access_export.json.j2' dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json' + when: customise_base_domain_website is defined - name: Copy new 'Customise Website + Access Export' survey.json to target machine copy: src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json' dest: '/matrix/awx/configure_website_access_export.json' mode: '0660' + when: customise_base_domain_website is defined + +- name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template + delegate_to: 127.0.0.1 + template: + src: './roles/matrix-awx/surveys/access_export.json.j2' + dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json' + when: customise_base_domain_website is undefined + +- name: Copy new 'Customise Website + Access Export' survey.json to target machine + copy: + src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json' + dest: '/matrix/awx/access_export.json' + mode: '0660' + when: customise_base_domain_website is undefined - name: Collect AWX admin token the hard way! delegate_to: 127.0.0.1 @@ -60,7 +84,7 @@ register: tower_token no_log: True -- name: Recreate 'Customise Base Domain Export' job template +- name: Recreate 'Configure Website + Access Export' job template delegate_to: 127.0.0.1 awx.awx.tower_job_template: name: "{{ matrix_domain }} - 1 - Configure Website + Access Export" @@ -80,6 +104,29 @@ tower_host: "https://{{ tower_host }}" tower_oauthtoken: "{{ tower_token.stdout }}" validate_certs: yes + when: customise_base_domain_website is defined + +- name: Recreate 'Access Export' job template + delegate_to: 127.0.0.1 + awx.awx.tower_job_template: + name: "{{ matrix_domain }} - 1 - Access Export" + description: "Access the services export." + extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" + job_type: run + job_tags: "start,setup-nginx-proxy" + inventory: "{{ member_id }}" + project: "{{ member_id }} - Matrix Docker Ansible Deploy" + playbook: setup.yml + credential: "{{ member_id }} - AWX SSH Key" + survey_enabled: true + survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json') }}" + become_enabled: yes + state: present + verbosity: 1 + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + when: customise_base_domain_website is undefined - name: Ensure group "sftp" exists group: @@ -113,6 +160,7 @@ name: sftp groups: matrix append: yes + when: customise_base_domain_website is defined - name: Create the ro /chroot directory with sticky bit if it doesn't exist. (/chroot/website has matrix:matrix permissions and is mounted to nginx container) file: @@ -129,6 +177,7 @@ owner: matrix group: matrix mode: '0574' + when: customise_base_domain_website is defined - name: Ensure /chroot/export location exists file: diff --git a/roles/matrix-awx/tasks/import_awx.yml b/roles/matrix-awx/tasks/import_awx.yml index 0100a5d0..6017152f 100644 --- a/roles/matrix-awx/tasks/import_awx.yml +++ b/roles/matrix-awx/tasks/import_awx.yml @@ -16,8 +16,3 @@ - name: Ensure correct ownership of /matrix/synapse shell: chown -R matrix:matrix /matrix/synapse -- name: Fetch matrix_vars.yml file to AWX - fetch: - src: /matrix/awx/matrix_vars.yml - dest: /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/ - flat: yes diff --git a/roles/matrix-awx/tasks/set_variables_dimension.yml b/roles/matrix-awx/tasks/set_variables_dimension.yml index 2d5eb619..53a4dbfc 100644 --- a/roles/matrix-awx/tasks/set_variables_dimension.yml +++ b/roles/matrix-awx/tasks/set_variables_dimension.yml @@ -4,9 +4,11 @@ file: '{{ awx_cached_matrix_vars }}' no_log: True -- name: Install jq on remote machine +- name: Install jq and curl on remote machine apt: - name: jq + name: + - jq + - curl state: present - name: Collect access token of Dimension user diff --git a/roles/matrix-common-after/tasks/awx_post.yml b/roles/matrix-common-after/tasks/awx_post.yml index 568ccd23..cf843d24 100644 --- a/roles/matrix-common-after/tasks/awx_post.yml +++ b/roles/matrix-common-after/tasks/awx_post.yml @@ -35,3 +35,18 @@ with_dict: 'matrix_awx_dimension_user_created': 'true' when: not matrix_awx_dimension_user_created|bool + +- name: Ensure /chroot/website location has correct permissions + file: + path: /chroot/website + state: directory + owner: matrix + group: matrix + mode: '0574' + when: customise_base_domain_website is defined + +- name: Ensure erroneous /chroot/website/matrix-domain location doesn't exist + file: + path: /chroot/website/matrix-domain + state: absent + when: customise_base_domain_website is defined