Compare commits
339 Commits
7d2f42cd22
...
c0f6789783
Author | SHA1 | Date |
---|---|---|
josiah | c0f6789783 | 3 years ago |
josiah | 9c20a5288f | 3 years ago |
josiah | 6b67895bac | 3 years ago |
Slavi Pantaleev | c3abcad151 | 3 years ago |
Aaron Raimist | 3c0452ff5a | 3 years ago |
Slavi Pantaleev | 4879fdd46b | 3 years ago |
throwawayay | b2d0a8a5e5 | 3 years ago |
Slavi Pantaleev | 7a086d7dd9 | 3 years ago |
Slavi Pantaleev | 55b92d5a13 | 3 years ago |
Slavi Pantaleev | 0a662dcbcd | 3 years ago |
Slavi Pantaleev | c5d52d49da | 3 years ago |
Slavi Pantaleev | 1ffce13b35 | 3 years ago |
Slavi Pantaleev | 6f80292745 | 3 years ago |
Slavi Pantaleev | d0de21ab34 | 3 years ago |
Aaron Raimist | b714222384 | 3 years ago |
Aaron Raimist | ac4ede20af | 3 years ago |
Aaron Raimist | 1633f61018 | 3 years ago |
Aaron Raimist | 04548f8df2 | 3 years ago |
Aaron Raimist | 9437f78c9e | 3 years ago |
Slavi Pantaleev | 47b4608b96 | 3 years ago |
Slavi Pantaleev | 9a8a81fdb0 | 3 years ago |
Slavi Pantaleev | 1ab507349c | 3 years ago |
Slavi Pantaleev | dd7a23ede6 | 3 years ago |
Slavi Pantaleev | 15f4972dbf | 3 years ago |
Rafael Girão | 729f348864 | 3 years ago |
Slavi Pantaleev | 66615c43a3 | 3 years ago |
Slavi Pantaleev | f7e854c7cc | 3 years ago |
Slavi Pantaleev | d3c7be177a | 3 years ago |
Tobias K | 68aa5094cf | 3 years ago |
Tobias K | 3dcbed6353 | 3 years ago |
sakkiii | 8529ca4c17 | 3 years ago |
Slavi Pantaleev | 073d920a62 | 3 years ago |
Slavi Pantaleev | 3fae13762d | 3 years ago |
Slavi Pantaleev | 9e98450bba | 3 years ago |
Slavi Pantaleev | 1796658a69 | 3 years ago |
Toni Spets | 544915ff76 | 3 years ago |
Slavi Pantaleev | 21eb39f986 | 3 years ago |
Slavi Pantaleev | ee46fabdca | 3 years ago |
sakkiii | e9b878b9e9 | 3 years ago |
Slavi Pantaleev | 2606b41b16 | 3 years ago |
Slavi Pantaleev | e6afa05f7b | 3 years ago |
Slavi Pantaleev | 57a6a98a50 | 3 years ago |
Slavi Pantaleev | b9c4e8ce16 | 3 years ago |
sakkiii | d31b55b2a7 | 3 years ago |
rakshazi | 8bf4c52838 | 3 years ago |
Slavi Pantaleev | 9c0fb98c0d | 3 years ago |
rakshazi | 400371f6dd | 3 years ago |
rakshazi | 578754e60e | 3 years ago |
Slavi Pantaleev | d156c8caa2 | 3 years ago |
Slavi Pantaleev | e4dd933cf0 | 3 years ago |
sakkiii | 2c3da6599b | 3 years ago |
sakkiii | 0dd4459799 | 3 years ago |
sakkiii | c05021640d | 3 years ago |
Aaron Raimist | ca361af616 | 3 years ago |
Slavi Pantaleev | df99c338d3 | 3 years ago |
sakkiii | 4bd7d8b5e4 | 3 years ago |
sakkiii | d5cd3d443d | 3 years ago |
rakshazi | 226d6a6f03 | 3 years ago |
Slavi Pantaleev | f481b1a84b | 3 years ago |
Slavi Pantaleev | 71e271893b | 3 years ago |
rakshazi | 8cace72d95 | 3 years ago |
Slavi Pantaleev | 8e6f1876f5 | 3 years ago |
rakshazi | 9121ef2604 | 3 years ago |
Slavi Pantaleev | 840ff5e19b | 3 years ago |
sakkiii | 8fc55b30c5 | 3 years ago |
Slavi Pantaleev | 2d4b039c55 | 3 years ago |
Michael-GMH | 2b4bada72a | 3 years ago |
Michael-GMH | 0adcef65e6 | 3 years ago |
Michael-GMH | f70102e40c | 3 years ago |
Slavi Pantaleev | f03adc83f1 | 3 years ago |
Slavi Pantaleev | f4657b2cdb | 3 years ago |
Michael-GMH | f827a3cc46 | 3 years ago |
Michael-GMH | 4e6f6e179b | 3 years ago |
Slavi Pantaleev | 3dcc006932 | 3 years ago |
Slavi Pantaleev | 33f0074862 | 3 years ago |
Slavi Pantaleev | c19508087a | 3 years ago |
Slavi Pantaleev | a198b87455 | 3 years ago |
Slavi Pantaleev | 62112789d6 | 3 years ago |
Slavi Pantaleev | ac8a9989aa | 3 years ago |
Aaron Raimist | 65035c62c1 | 3 years ago |
Aaron Raimist | cdaf4695c0 | 3 years ago |
Slavi Pantaleev | 867ebb52ab | 3 years ago |
Slavi Pantaleev | 61220ea487 | 3 years ago |
sakkiii | 9174448e5e | 3 years ago |
sakkiii | 0d5fe2d9f7 | 3 years ago |
Béla Becker | b10655ebb1 | 3 years ago |
Béla Becker | 116bcaa13b | 3 years ago |
sakkiii | 37de7fc96a | 3 years ago |
sakkiii | 303de935d5 | 3 years ago |
Slavi Pantaleev | d4d1e2e922 | 3 years ago |
Slavi Pantaleev | b09a805939 | 3 years ago |
Slavi Pantaleev | 6fdc71c40b | 3 years ago |
Dan Arnfield | cfaa3e598a | 3 years ago |
Dan Arnfield | bec5933db4 | 3 years ago |
Slavi Pantaleev | 612d1fa455 | 3 years ago |
Michael-GMH | 067b61e779 | 3 years ago |
Slavi Pantaleev | 2409c33ea2 | 3 years ago |
Slavi Pantaleev | a90835e5a3 | 3 years ago |
benkuly | 49cb2635a2 | 3 years ago |
Slavi Pantaleev | 961a0e5c6c | 3 years ago |
Michael-GMH | a14bf6c2ed | 3 years ago |
Slavi Pantaleev | 689dcea773 | 3 years ago |
Slavi Pantaleev | 389dc26615 | 3 years ago |
Slavi Pantaleev | 7cf2f352aa | 3 years ago |
Slavi Pantaleev | f6b371164c | 3 years ago |
Slavi Pantaleev | 62c0587b6a | 3 years ago |
Slavi Pantaleev | 72a7cb4145 | 3 years ago |
Slavi Pantaleev | e3fa3e12bc | 3 years ago |
Michael-GMH | 652dbbd244 | 3 years ago |
Michael-GMH | 50d7209c5b | 3 years ago |
Slavi Pantaleev | 378fabf177 | 3 years ago |
Slavi Pantaleev | 1fb54a37cb | 3 years ago |
Slavi Pantaleev | c95ca4badc | 3 years ago |
Slavi Pantaleev | d691cc0920 | 3 years ago |
Slavi Pantaleev | e00ef04b57 | 3 years ago |
Slavi Pantaleev | 7fa7e3e5a6 | 3 years ago |
Slavi Pantaleev | 42783972fd | 3 years ago |
Slavi Pantaleev | ca786cc343 | 3 years ago |
Aaron Raimist | 9ee1d23afe | 3 years ago |
Aaron Raimist | bb64b80697 | 3 years ago |
Slavi Pantaleev | f825c7c263 | 3 years ago |
Slavi Pantaleev | 7eda6a3c12 | 3 years ago |
Slavi Pantaleev | adcecaffaf | 3 years ago |
Dan Arnfield | b2ca1f2829 | 3 years ago |
Slavi Pantaleev | 8da8979a24 | 3 years ago |
Slavi Pantaleev | 398b9f5d66 | 3 years ago |
Dan Arnfield | 82f7e1c7c0 | 3 years ago |
Dan Arnfield | 29177d4922 | 3 years ago |
sak | 88a30fb5ed | 3 years ago |
sak | 0f9a455719 | 3 years ago |
sak | d0cd709c08 | 3 years ago |
Slavi Pantaleev | 4a1739f604 | 3 years ago |
teutat3s | 2bf7c26cfa | 3 years ago |
Slavi Pantaleev | c565e72f0d | 3 years ago |
Slavi Pantaleev | 51b46697c5 | 3 years ago |
Slavi Pantaleev | ac8a835fd2 | 3 years ago |
Dan Arnfield | f04614a993 | 3 years ago |
Slavi Pantaleev | badd81e0ec | 3 years ago |
sakkiii | 1958d0792d | 3 years ago |
sakkiii | b6d45c5fd8 | 3 years ago |
sakkiii | 05042f5ff1 | 3 years ago |
sakkiii | 27377e099d | 3 years ago |
Slavi Pantaleev | 68ca81c8c2 | 3 years ago |
Slavi Pantaleev | 9c1f41eadf | 3 years ago |
Slavi Pantaleev | 92925e5537 | 3 years ago |
Dan Arnfield | 8a550ce67c | 3 years ago |
Dan Arnfield | 83cc5c9e6a | 3 years ago |
sakkiii | 5dc642ace1 | 3 years ago |
Slavi Pantaleev | fcb9e9618a | 3 years ago |
Slavi Pantaleev | 8ae0628c2f | 3 years ago |
sakkiii | 540416e32d | 3 years ago |
Slavi Pantaleev | ed3c9ccbd2 | 3 years ago |
Michael-GMH | 0607e01304 | 3 years ago |
Michael-GMH | 89cb5a3d7a | 3 years ago |
Slavi Pantaleev | c7c137df74 | 3 years ago |
Slavi Pantaleev | 931452bb06 | 3 years ago |
Slavi Pantaleev | 316d7d815a | 3 years ago |
Slavi Pantaleev | 291621c984 | 3 years ago |
rakshazi | 4f8e1bd43a | 3 years ago |
Slavi Pantaleev | 68db6d028b | 3 years ago |
Ahmad Haghighi | 126fbbc0cc | 3 years ago |
Ahmad Haghighi | e335f3fc77 | 3 years ago |
Ahmad Haghighi | f52a8b6484 | 3 years ago |
Slavi Pantaleev | 898c0a842e | 3 years ago |
Aaron Raimist | 3d2142f88b | 3 years ago |
Slavi Pantaleev | f751176069 | 3 years ago |
Slavi Pantaleev | 4ecfd78f92 | 3 years ago |
Aaron Raimist | 3e11ee158e | 3 years ago |
Marcus | 3e119e483e | 3 years ago |
Slavi Pantaleev | 4830b7d830 | 3 years ago |
Slavi Pantaleev | 3f426de599 | 3 years ago |
Slavi Pantaleev | a1a0d91604 | 3 years ago |
Slavi Pantaleev | c386e8e9db | 3 years ago |
Slavi Pantaleev | 832e191ab8 | 3 years ago |
Slavi Pantaleev | 1b55766927 | 3 years ago |
Slavi Pantaleev | 298556e02e | 3 years ago |
Slavi Pantaleev | 6526087c14 | 3 years ago |
Slavi Pantaleev | 37c089bb96 | 3 years ago |
Slavi Pantaleev | 0a107dc0ce | 3 years ago |
foxcris | 14b8e3a3ab | 3 years ago |
foxcris | 2178f3612f | 3 years ago |
Slavi Pantaleev | 560777cc16 | 3 years ago |
Slavi Pantaleev | 3b8d9bcb32 | 3 years ago |
Michael | f41bfb69d2 | 3 years ago |
Michael | 814bdf5a88 | 3 years ago |
Michael | fbe22289bd | 3 years ago |
Aaron Raimist | 458c17b9d0 | 3 years ago |
Aaron Raimist | 504f1b6445 | 3 years ago |
Slavi Pantaleev | 179edb2c06 | 3 years ago |
Aaron Raimist | df31694d12 | 3 years ago |
Slavi Pantaleev | 28a6f8bd57 | 3 years ago |
Slavi Pantaleev | 995c483856 | 3 years ago |
Slavi Pantaleev | a37a8c76d4 | 3 years ago |
Aaron Raimist | 26d334dcb9 | 3 years ago |
Slavi Pantaleev | f183add44d | 3 years ago |
Slavi Pantaleev | 1bb4fe594d | 3 years ago |
Aaron Raimist | 598f00b335 | 3 years ago |
Aaron Raimist | c86cc11386 | 3 years ago |
Aaron Raimist | f85054fd80 | 3 years ago |
Aaron Raimist | 81dddd2e25 | 3 years ago |
Aaron Raimist | b084a35e9d | 3 years ago |
Aaron Raimist | 11c93682db | 3 years ago |
Aaron Raimist | 12a120e175 | 3 years ago |
Aaron Raimist | 219c2fdb12 | 3 years ago |
Aaron Raimist | c43bd412dd | 3 years ago |
Aaron Raimist | b5fb98dd28 | 3 years ago |
Aaron Raimist | 1ecee625d5 | 3 years ago |
Slavi Pantaleev | a88391edf5 | 3 years ago |
Slavi Pantaleev | 40b6711453 | 3 years ago |
teutat3s | 0b5e903693 | 3 years ago |
Christoph Johannes Kleine | fcd66b2889 | 3 years ago |
Christoph Johannes Kleine | 8ba1105010 | 3 years ago |
Christoph Johannes Kleine | 3a772f2f65 | 3 years ago |
Slavi Pantaleev | 93960b70be | 3 years ago |
Slavi Pantaleev | 5e1cf7f8b9 | 3 years ago |
Slavi Pantaleev | 59699e0d98 | 3 years ago |
Slavi Pantaleev | 9409588513 | 3 years ago |
Slavi Pantaleev | 179b416ed5 | 3 years ago |
Slavi Pantaleev | 77d598b315 | 3 years ago |
Slavi Pantaleev | 49868db3de | 3 years ago |
Slavi Pantaleev | 94487dc6a7 | 3 years ago |
Slavi Pantaleev | 5ce6d98f6c | 3 years ago |
transcaffeine | dbae18fd6a | 3 years ago |
Slavi Pantaleev | 59ac8a5921 | 3 years ago |
Slavi Pantaleev | efbeb42857 | 3 years ago |
Slavi Pantaleev | 5b7dbe8275 | 3 years ago |
Slavi Pantaleev | 080658a2a9 | 3 years ago |
Dan Arnfield | 97d8527e00 | 3 years ago |
Slavi Pantaleev | 5a4ea5f866 | 3 years ago |
Slavi Pantaleev | b89936afba | 3 years ago |
Slavi Pantaleev | 19cbdce6d2 | 3 years ago |
Aaron Raimist | c6fb7acf5f | 3 years ago |
Aaron Raimist | bab8b950ca | 3 years ago |
Slavi Pantaleev | 06c74728eb | 3 years ago |
Slavi Pantaleev | d09609daa8 | 3 years ago |
Slavi Pantaleev | 6a3433fbad | 3 years ago |
Slavi Pantaleev | ffe649a240 | 3 years ago |
Slavi Pantaleev | bb49f33c62 | 3 years ago |
rakshazi | 74106f2a80 | 3 years ago |
Slavi Pantaleev | 8bcdbdef8c | 3 years ago |
Thom Wiggers | 54fe59f05c | 3 years ago |
Slavi Pantaleev | 2737ebc290 | 3 years ago |
Slavi Pantaleev | b824522b33 | 3 years ago |
Slavi Pantaleev | 9a0222fa47 | 3 years ago |
Slavi Pantaleev | 54315505de | 3 years ago |
Michael | af240aef37 | 3 years ago |
Michael | 85127bacba | 3 years ago |
Michael | 1e54b1d1a5 | 3 years ago |
Slavi Pantaleev | f99dcd611f | 3 years ago |
Slavi Pantaleev | a5ee39266c | 3 years ago |
Slavi Pantaleev | 3f0550b5d9 | 3 years ago |
Slavi Pantaleev | ff882ceb66 | 3 years ago |
Aaron Raimist | 32b3650c12 | 3 years ago |
chagai95 | 07fb05a4ab | 3 years ago |
Slavi Pantaleev | 41c90d2087 | 3 years ago |
Béla Becker | 2d7e7680e5 | 3 years ago |
Slavi Pantaleev | f4d0abbaf5 | 3 years ago |
Aaron Raimist | 466827139a | 3 years ago |
Slavi Pantaleev | 97c0bf1a73 | 3 years ago |
Béla Becker | 60aa40845f | 3 years ago |
Slavi Pantaleev | a872db07ee | 3 years ago |
Yannick Goossens | 27416607d9 | 3 years ago |
Slavi Pantaleev | 93f79c63e1 | 3 years ago |
Michael | 739cd0e31d | 3 years ago |
Michael | 5a6bdb0c3d | 3 years ago |
Michael | 571b70a1f4 | 3 years ago |
foxcris | 76fbc59b61 | 3 years ago |
foxcris | 11cd1cb0fa | 3 years ago |
foxcris | 43f7d9afb6 | 3 years ago |
foxcris | 604ffe7d79 | 3 years ago |
foxcris | ecc6bdb3ca | 3 years ago |
foxcris | 1e45eeab7b | 3 years ago |
foxcris | d61236213e | 3 years ago |
Slavi Pantaleev | c890e351fc | 3 years ago |
Slavi Pantaleev | 011e95c1d2 | 3 years ago |
Slavi Pantaleev | b46ef46663 | 3 years ago |
Slavi Pantaleev | 6cbfee539c | 3 years ago |
Slavi Pantaleev | 6181861ffe | 3 years ago |
Slavi Pantaleev | 38b3fbd6f9 | 3 years ago |
Slavi Pantaleev | 9c5f4ef3e2 | 3 years ago |
rakshazi | 15fc7ac007 | 3 years ago |
Slavi Pantaleev | c7e9f04756 | 3 years ago |
Alexandros Afentoulis | 28c255539c | 3 years ago |
Yannick Goossens | 9f95cef494 | 3 years ago |
Yannick Goossens | bfe0ca6cf8 | 3 years ago |
Slavi Pantaleev | 7215fd4319 | 3 years ago |
Michael | 5a1f3b7d67 | 3 years ago |
Pablo Montepagano | 52fe8a05b0 | 3 years ago |
Yannick Goossens | 7d6bf446a3 | 3 years ago |
Yannick Goossens | 86cf5d8c74 | 3 years ago |
Yannick Goossens | a640d8f9a6 | 3 years ago |
Yannick Goossens | 9689948e73 | 3 years ago |
Yannick Goossens | 49028f1b05 | 3 years ago |
Yannick Goossens | aaf93cb9fd | 3 years ago |
Yannick Goossens | 20c6bd686e | 3 years ago |
Yannick Goossens | ce14e3e8af | 3 years ago |
Yannick Goossens | 7d1d3b47bc | 3 years ago |
Yannick Goossens | 51e2547484 | 3 years ago |
Slavi Pantaleev | 9b72384df7 | 3 years ago |
Slavi Pantaleev | f0698ee641 | 3 years ago |
Slavi Pantaleev | 5516bc8896 | 3 years ago |
Aaron Raimist | df5cbcc2e1 | 3 years ago |
foxcris | 88d59f97c2 | 3 years ago |
Slavi Pantaleev | 11f8b5f3a7 | 3 years ago |
Markus Ullmann | be23249f4b | 3 years ago |
Slavi Pantaleev | 7d1522d884 | 3 years ago |
Slavi Pantaleev | 0f647594ac | 3 years ago |
SierraKiloBravo | 0de0716527 | 3 years ago |
Slavi Pantaleev | 31d2e013f7 | 3 years ago |
Slavi Pantaleev | 009efdad49 | 3 years ago |
Slavi Pantaleev | a25b8135b8 | 3 years ago |
Slavi Pantaleev | c527f2930e | 3 years ago |
Slavi Pantaleev | fef6d57626 | 3 years ago |
Michael | f4e462af51 | 3 years ago |
Michael | 33ec5710d9 | 3 years ago |
Slavi Pantaleev | c8d4a42367 | 3 years ago |
Hardy Erlinger | f4930d789e | 3 years ago |
Slavi Pantaleev | 6baa91dd9f | 3 years ago |
Slavi Pantaleev | ccf5915874 | 3 years ago |
Slavi Pantaleev | ae091d7b2d | 3 years ago |
Slavi Pantaleev | 1ef683d366 | 3 years ago |
Slavi Pantaleev | 2ef1d9c537 | 3 years ago |
Slavi Pantaleev | f9a0ec6fd1 | 3 years ago |
Slavi Pantaleev | 8f7f45d6e4 | 3 years ago |
Slavi Pantaleev | 50ec607433 | 3 years ago |
tctovsli | 2b96fb0cf1 | 3 years ago |
Slavi Pantaleev | fd18769e55 | 3 years ago |
Slavi Pantaleev | ca22355910 | 3 years ago |
Marc Leuser | 53869ac14a | 3 years ago |
Slavi Pantaleev | 994afcfeb0 | 3 years ago |
Germain | 6768bdcf81 | 3 years ago |
Slavi Pantaleev | 0585a3ed9f | 3 years ago |
Slavi Pantaleev | 38044e8c93 | 3 years ago |
Slavi Pantaleev | 77ab0d3e98 | 3 years ago |
rakshazi | 2f887f292c | 3 years ago |
Germain | 25e136ee0a | 3 years ago |
Michael | 4c882c513b | 3 years ago |
foxcris | 6e72fb9a58 | 3 years ago |
foxcris | 0fe6352cf7 | 3 years ago |
@ -0,0 +1,45 @@
|
||||
# Configuring AWX System (optional)
|
||||
|
||||
An AWX setup for managing multiple Matrix servers.
|
||||
|
||||
This section is used in an AWX system that can create and manage multiple [Matrix](http://matrix.org/) servers. You can issue members an AWX login to their own 'organisation', which they can use to manage/configure 1 to N servers.
|
||||
|
||||
Members can be assigned a server from Digitalocean, or they can connect their own on-premises server. This script is free to use in a commercial context with the 'MemberPress Plus' and 'WP Oauth Sever' addons. It can also be run in a non-commercial context.
|
||||
|
||||
The AWX system is arranged into 'members' each with their own 'subscriptions'. After creating a subscription the user enters the 'provision stage' where they defined the URLs they will use, the servers location and whether or not there's already a website at the base domain. They then proceed onto the 'deploy stage' where they can configure their Matrix server.
|
||||
|
||||
Ideally this system can manage the updates, configuration, backups and monitoring on it's own. It is an extension of the popular deploy script [spantaleev/matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy).
|
||||
|
||||
Warning: This project is currently alpha quality and should only be run by the brave.
|
||||
|
||||
|
||||
## Other Required Playbooks
|
||||
|
||||
The following repositories allow you to copy and use this setup:
|
||||
|
||||
[Create AWX System](https://gitlab.com/GoMatrixHosting/create-awx-system) - Creates and configures the AWX system for you.
|
||||
|
||||
[Ansible Create Delete Subscription Membership](https://gitlab.com/GoMatrixHosting/ansible-create-delete-subscription-membership) - Used by the AWX system to create memberships and subscriptions. Also includes other administrative playbooks for updates, backups and restoring servers.
|
||||
|
||||
[Ansible Provision Server](https://gitlab.com/GoMatrixHosting/ansible-provision-server) - Used by AWX members to perform initial configuration of their DigitalOcean or On-Premises server.
|
||||
|
||||
## Testing Fork For This Playbook
|
||||
|
||||
Updates to this section are trailed here:
|
||||
|
||||
[GoMatrixHosting Matrix Docker Ansible Deploy](https://gitlab.com/GoMatrixHosting/gomatrixhosting-matrix-docker-ansible-deploy)
|
||||
|
||||
|
||||
## Does I need an AWX setup to use this? How do I configure it?
|
||||
|
||||
Yes, you'll need to configure an AWX instance, the [Create AWX System](https://gitlab.com/GoMatrixHosting/create-awx-system) repository makes it easy to do. Just follow the steps listed in ['/docs/Installation.md' of that repository](https://gitlab.com/GoMatrixHosting/create-awx-system/-/blob/master/docs/Installation.md).
|
||||
|
||||
For simpler installation steps you can use to get started with this system, check out our minimal installation guide at ['/doc/Installation_Minimal.md of that repository'](https://gitlab.com/GoMatrixHosting/create-awx-system/-/blob/master/docs/Installation_Minimal.md).
|
||||
|
||||
|
||||
## Does I need a front-end WordPress site? And a DigitalOcean account?
|
||||
|
||||
You do not need a front-end WordPress site or any of the mentioned WordPress plugins to use this setup. It can be run on it's own in a non-commercial context.
|
||||
|
||||
You also don't need a DigitalOcean account, but this will limit you to only being able to connect 'On-Premises' servers.
|
||||
|
@ -0,0 +1,226 @@
|
||||
# Setting up Go-NEB (optional)
|
||||
|
||||
The playbook can install and configure [Go-NEB](https://github.com/matrix-org/go-neb) for you.
|
||||
|
||||
Go-NEB is a Matrix bot written in Go. It is the successor to Matrix-NEB, the original Matrix bot written in Python.
|
||||
|
||||
See the project's [documentation](https://github.com/matrix-org/go-neb) to learn what it does and why it might be useful to you.
|
||||
|
||||
|
||||
## Registering the bot user
|
||||
|
||||
The playbook does not automatically create users for you. The bot requires at least 1 access token to be able to connect to your homeserver.
|
||||
|
||||
You **need to register the bot user manually** before setting up the bot.
|
||||
|
||||
Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`.
|
||||
|
||||
You can use the playbook to [register a new user](registering-users.md):
|
||||
|
||||
```
|
||||
ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.go-neb password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
|
||||
```
|
||||
|
||||
|
||||
## Getting an access token
|
||||
|
||||
If you use curl, you can get an access token like this:
|
||||
|
||||
```
|
||||
curl -X POST --header 'Content-Type: application/json' -d '{
|
||||
"identifier": { "type": "m.id.user", "user": "bot.go-neb" },
|
||||
"password": "a strong password",
|
||||
"type": "m.login.password"
|
||||
}' 'https://matrix.YOURDOMAIN/_matrix/client/r0/login'
|
||||
```
|
||||
|
||||
Alternatively, you can use a full-featured client (such as Element) to log in and get the access token from there (note: don't log out from the client as that will invalidate the token), but doing so might lead to decryption problems. That warning comes from [here](https://github.com/matrix-org/go-neb#quick-start).
|
||||
|
||||
|
||||
## Adjusting the playbook configuration
|
||||
|
||||
Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs):
|
||||
|
||||
```yaml
|
||||
matrix_bot_go_neb_enabled: true
|
||||
|
||||
# You need at least 1 client.
|
||||
# Use the access token you obtained in the step above.
|
||||
matrix_bot_go_neb_clients:
|
||||
- UserID: "@goneb:{{ matrix_domain }}"
|
||||
AccessToken: "MDASDASJDIASDJASDAFGFRGER"
|
||||
DeviceID: "DEVICE1"
|
||||
HomeserverURL: "{{ matrix_homeserver_container_url }}"
|
||||
Sync: true
|
||||
AutoJoinRooms: true
|
||||
DisplayName: "Go-NEB!"
|
||||
AcceptVerificationFromUsers: [":{{ matrix_domain }}"]
|
||||
|
||||
- UserID: "@another_goneb:{{ matrix_domain }}"
|
||||
AccessToken: "MDASDASJDIASDJASDAFGFRGER"
|
||||
DeviceID: "DEVICE2"
|
||||
HomeserverURL: "{{ matrix_homeserver_container_url }}"
|
||||
Sync: false
|
||||
AutoJoinRooms: false
|
||||
DisplayName: "Go-NEB!"
|
||||
AcceptVerificationFromUsers: ["^@admin:{{ matrix_domain }}"]
|
||||
|
||||
# Optional, for use with the github_cmd, github_webhooks or jira services
|
||||
matrix_bot_go_neb_realms:
|
||||
- ID: "github_realm"
|
||||
Type: "github"
|
||||
Config: {} # No need for client ID or Secret as Go-NEB isn't generating OAuth URLs
|
||||
|
||||
# Optional. The list of *authenticated* sessions which Go-NEB is aware of.
|
||||
matrix_bot_go_neb_sessions:
|
||||
- SessionID: "your_github_session"
|
||||
RealmID: "github_realm"
|
||||
UserID: "@YOUR_USER_ID:{{ matrix_domain }}" # This needs to be the username of the person that's allowed to use the !github commands
|
||||
Config:
|
||||
# Populate these fields by generating a "Personal Access Token" on github.com
|
||||
AccessToken: "YOUR_GITHUB_ACCESS_TOKEN"
|
||||
Scopes: "admin:org_hook,admin:repo_hook,repo,user"
|
||||
|
||||
# The list of services which Go-NEB is aware of.
|
||||
# Delete or modify this list as appropriate.
|
||||
# See the docs for /configureService for the full list of options:
|
||||
# https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ConfigureServiceRequest
|
||||
# You need at least 1 service.
|
||||
matrix_bot_go_neb_services:
|
||||
- ID: "echo_service"
|
||||
Type: "echo"
|
||||
UserID: "@goneb:{{ matrix_domain }}"
|
||||
Config: {}
|
||||
|
||||
# Can be obtained from https://developers.giphy.com/dashboard/
|
||||
- ID: "giphy_service"
|
||||
Type: "giphy"
|
||||
UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
|
||||
Config:
|
||||
api_key: "qwg4672vsuyfsfe"
|
||||
use_downsized: false
|
||||
|
||||
# This service has been dead for over a year :/
|
||||
- ID: "guggy_service"
|
||||
Type: "guggy"
|
||||
UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
|
||||
Config:
|
||||
api_key: "2356saaqfhgfe"
|
||||
|
||||
# API Key via https://developers.google.com/custom-search/v1/introduction
|
||||
# CX via http://www.google.com/cse/manage/all
|
||||
# https://stackoverflow.com/questions/6562125/getting-a-cx-id-for-custom-search-google-api-python
|
||||
# 'Search the entire web' and 'Image search' enabled for best results
|
||||
- ID: "google_service"
|
||||
Type: "google"
|
||||
UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
|
||||
Config:
|
||||
api_key: "AIzaSyA4FD39m9"
|
||||
cx: "AIASDFWSRRtrtr"
|
||||
|
||||
# Get a key via https://api.imgur.com/oauth2/addclient
|
||||
# Select "oauth2 without callback url"
|
||||
- ID: "imgur_service"
|
||||
Type: "imgur"
|
||||
UserID: "@imgur:{{ matrix_domain }}" # requires a Syncing client
|
||||
Config:
|
||||
client_id: "AIzaSyA4FD39m9"
|
||||
client_secret: "somesecret"
|
||||
|
||||
- ID: "wikipedia_service"
|
||||
Type: "wikipedia"
|
||||
UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
|
||||
Config:
|
||||
|
||||
- ID: "rss_service"
|
||||
Type: "rssbot"
|
||||
UserID: "@another_goneb:{{ matrix_domain }}"
|
||||
Config:
|
||||
feeds:
|
||||
"http://lorem-rss.herokuapp.com/feed?unit=second&interval=60":
|
||||
rooms: ["!qmElAGdFYCHoCJuaNt:{{ matrix_domain }}"]
|
||||
must_include:
|
||||
author:
|
||||
- author1
|
||||
description:
|
||||
- lorem
|
||||
- ipsum
|
||||
must_not_include:
|
||||
title:
|
||||
- Lorem
|
||||
- Ipsum
|
||||
|
||||
- ID: "github_cmd_service"
|
||||
Type: "github"
|
||||
UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
|
||||
Config:
|
||||
RealmID: "github_realm"
|
||||
|
||||
# Make sure your BASE_URL can be accessed by Github!
|
||||
- ID: "github_webhook_service"
|
||||
Type: "github-webhook"
|
||||
UserID: "@another_goneb:{{ matrix_domain }}"
|
||||
Config:
|
||||
RealmID: "github_realm"
|
||||
ClientUserID: "@YOUR_USER_ID:{{ matrix_domain }}" # needs to be an authenticated user so Go-NEB can create webhooks. Check the UserID field in the github_realm in matrix_bot_go_neb_sessions.
|
||||
Rooms:
|
||||
"!someroom:id":
|
||||
Repos:
|
||||
"matrix-org/synapse":
|
||||
Events: ["push", "issues"]
|
||||
"matrix-org/dendron":
|
||||
Events: ["pull_request"]
|
||||
"!anotherroom:id":
|
||||
Repos:
|
||||
"matrix-org/synapse":
|
||||
Events: ["push", "issues"]
|
||||
"matrix-org/dendron":
|
||||
Events: ["pull_request"]
|
||||
|
||||
- ID: "slackapi_service"
|
||||
Type: "slackapi"
|
||||
UserID: "@slackapi:{{ matrix_domain }}"
|
||||
Config:
|
||||
Hooks:
|
||||
"hook1":
|
||||
RoomID: "!someroom:id"
|
||||
MessageType: "m.text" # default is m.text
|
||||
|
||||
- ID: "alertmanager_service"
|
||||
Type: "alertmanager"
|
||||
UserID: "@alertmanager:{{ matrix_domain }}"
|
||||
Config:
|
||||
# This is for information purposes only. It should point to Go-NEB path as follows:
|
||||
# `/services/hooks/<base64 encoded service ID>`
|
||||
# Where in this case "service ID" is "alertmanager_service"
|
||||
# Make sure your BASE_URL can be accessed by the Alertmanager instance!
|
||||
webhook_url: "http://localhost/services/hooks/YWxlcnRtYW5hZ2VyX3NlcnZpY2U"
|
||||
# Each room will get the notification with the alert rendered with the given template
|
||||
rooms:
|
||||
"!someroomid:domain.tld":
|
||||
text_template: "{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\" }}: {{index .Annotations \"description\"}} {{ end -}}"
|
||||
html_template: "{{range .Alerts -}} {{ $severity := index .Labels \"severity\" }} {{ if eq .Status \"firing\" }} {{ if eq $severity \"critical\"}} <font color='red'><b>[FIRING - CRITICAL]</b></font> {{ else if eq $severity \"warning\"}} <font color='orange'><b>[FIRING - WARNING]</b></font> {{ else }} <b>[FIRING - {{ $severity }}]</b> {{ end }} {{ else }} <font color='green'><b>[RESOLVED]</b></font> {{ end }} {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}} <a href=\"{{ .GeneratorURL }}\">source</a><br/>{{end -}}"
|
||||
msg_type: "m.text" # Must be either `m.text` or `m.notice`
|
||||
```
|
||||
|
||||
|
||||
## Installing
|
||||
|
||||
Don't forget to add `goneb.<your-domain>` to DNS as described in [Configuring DNS](configuring-dns.md) before running the playbook.
|
||||
|
||||
After configuring the playbook, run the [installation](installing.md) command again:
|
||||
|
||||
```
|
||||
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
|
||||
```
|
||||
|
||||
|
||||
## Usage
|
||||
|
||||
To use the bot, invite it to any existing Matrix room (`/invite @whatever_you_chose:DOMAIN` where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain, make sure you have permission from the room owner if that's not you).
|
||||
|
||||
Basic usage is like this: `!echo hi` or `!imgur puppies` or `!giphy matrix`
|
||||
|
||||
If you enabled the github_cmd service you can get the supported commands via `!github help`
|
||||
|
||||
You can also refer to the upstream [Documentation](https://github.com/matrix-org/go-neb).
|
@ -0,0 +1,121 @@
|
||||
# Setting up Mjolnir (optional)
|
||||
|
||||
The playbook can install and configure the [Mjolnir](https://github.com/matrix-org/mjolnir) moderation bot for you.
|
||||
|
||||
See the project's [documentation](https://github.com/matrix-org/mjolnir) to learn what it does and why it might be useful to you.
|
||||
|
||||
Note: the playbook does not currently support the Mjolnir Synapse module. The playbook does support another antispam module, see [Setting up Synapse Simple Antispam](configuring-playbook-synapse-simple-antispam.md).
|
||||
|
||||
|
||||
## 1. Register the bot account
|
||||
|
||||
The playbook does not automatically create users for you. The bot requires an access token to be able to connect to your homeserver.
|
||||
|
||||
You **need to register the bot user manually** before setting up the bot.
|
||||
|
||||
Choose a strong password for the bot. You can generate a good password with a command like this: `pwgen -s 64 1`.
|
||||
|
||||
You can use the playbook to [register a new user](registering-users.md):
|
||||
|
||||
```
|
||||
ansible-playbook -i inventory/hosts setup.yml --extra-vars='username=bot.mjolnir password=PASSWORD_FOR_THE_BOT admin=no' --tags=register-user
|
||||
```
|
||||
|
||||
If you would like Mjolnir to be able to deactivate users, move aliases, shutdown rooms, etc then it must be a server admin so you need to change `admin=no` to `admin=yes` in the command above.
|
||||
|
||||
|
||||
## 2. Get an access token
|
||||
|
||||
If you use curl, you can get an access token like this:
|
||||
|
||||
```
|
||||
curl -X POST --header 'Content-Type: application/json' -d '{
|
||||
"identifier": { "type": "m.id.user", "user": "bot.mjolnir" },
|
||||
"password": "PASSWORD_FOR_THE_BOT",
|
||||
"type": "m.login.password"
|
||||
}' 'https://matrix.DOMAIN/_matrix/client/r0/login'
|
||||
```
|
||||
|
||||
Alternatively, you can use a full-featured client (such as Element) to log in and get the access token from there (note: don't log out from the client as that will invalidate the token).
|
||||
|
||||
|
||||
## 3. Make sure the account is free from rate limiting
|
||||
|
||||
You will need to prevent Synapse from rate limiting the bot's account. This is not an optional step. If you do not do this step Mjolnir will crash. [Currently there is no Synapse config option for this](https://github.com/matrix-org/synapse/issues/6286) so you have to manually edit the Synapse database. Manually editing the Synapse database is rarely a good idea but in this case it is required. Please ask for help if you are uncomfortable with these steps.
|
||||
|
||||
1. Copy the statement below into a text editor.
|
||||
|
||||
```
|
||||
INSERT INTO ratelimit_override VALUES ('@bot.mjolnir:DOMAIN', 0, 0);
|
||||
```
|
||||
|
||||
1. Change the username (`@bot.mjolnir:DOMAIN`) to the username you used when you registered the bot's account. You must change `DOMAIN` to your server's domain.
|
||||
|
||||
1. Get a database terminal by following these steps: [maintenance-postgres.md#getting-a-database-terminal](maintenance-postgres.md#getting-a-database-terminal)
|
||||
|
||||
1. Connect to Synapse's database by typing `\connect synapse` into the database terminal
|
||||
|
||||
1. Paste in the `INSERT INTO` command that you edited and press enter.
|
||||
|
||||
You can run `SELECT * FROM ratelimit_override;` to see if it worked. If the output looks like this:
|
||||
|
||||
```
|
||||
user_id | messages_per_second | burst_count
|
||||
-----------------------+---------------------+-------------
|
||||
@bot.mjolnir:raim.ist | 0 | 0`
|
||||
```
|
||||
then you did it correctly.
|
||||
|
||||
|
||||
## 4. Create a management room
|
||||
|
||||
Using your own account, create a new invite only room that you will use to manage the bot. This is the room where you will see the status of the bot and where you will send commands to the bot, such as the command to ban a user from another room. Anyone in this room can control the bot so it is important that you only invite trusted users to this room. The room must be unencrypted since the playbook does not support installing Pantalaimon yet.
|
||||
|
||||
Once you have created the room you need to copy the room ID so you can tell the bot to use that room. In Element you can do this by going to the room's settings, clicking Advanced, and then coping the internal room ID. The room ID will look something like `!QvgVuKq0ha8glOLGMG:DOMAIN`.
|
||||
|
||||
Finally invite the `@bot.mjolnir:DOMAIN` account you created earlier into the room.
|
||||
|
||||
|
||||
## 5. Adjusting the playbook configuration
|
||||
|
||||
Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs):
|
||||
|
||||
You must replace `ACCESS_TOKEN_FROM_STEP_2_GOES_HERE` and `ROOM_ID_FROM_STEP_4_GOES_HERE` with the your own values.
|
||||
|
||||
```yaml
|
||||
matrix_bot_mjolnir_enabled: true
|
||||
|
||||
matrix_bot_mjolnir_access_token: "ACCESS_TOKEN_FROM_STEP_2_GOES_HERE"
|
||||
|
||||
matrix_bot_mjolnir_management_room: "ROOM_ID_FROM_STEP_4_GOES_HERE"
|
||||
```
|
||||
|
||||
|
||||
## 6. Installing
|
||||
|
||||
After configuring the playbook, run the [installation](installing.md) command:
|
||||
|
||||
```
|
||||
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
|
||||
```
|
||||
|
||||
|
||||
## Usage
|
||||
|
||||
You can refer to the upstream [documentation](https://github.com/matrix-org/mjolnir) for additional ways to use and configure mjolnir. Check out their [quickstart guide](https://github.com/matrix-org/mjolnir#quickstart-guide) for some basic commands you can give to the bot.
|
||||
|
||||
You can configure additional options by adding the `matrix_bot_mjolnir_configuration_extension_yaml` variable to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file.
|
||||
|
||||
For example to change mjolnir's `recordIgnoredInvites` option to `true` you would add the following to your `vars.yml` file.
|
||||
|
||||
```yaml
|
||||
matrix_bot_mjolnir_configuration_extension_yaml: |
|
||||
# Your custom YAML configuration goes here.
|
||||
# This configuration extends the default starting configuration (`matrix_bot_mjolnir_configuration_yaml`).
|
||||
#
|
||||
# You can override individual variables from the default configuration, or introduce new ones.
|
||||
#
|
||||
# If you need something more special, you can take full control by
|
||||
# completely redefining `matrix_bot_mjolnir_configuration_yaml`.
|
||||
recordIgnoredInvites: true
|
||||
```
|
@ -0,0 +1,36 @@
|
||||
# Setting up Heisenbridge (optional)
|
||||
|
||||
**Note**: bridging to [IRC](https://en.wikipedia.org/wiki/Internet_Relay_Chat) can also happen via the [matrix-appservice-irc](configuring-playbook-bridge-appservice-irc.md) bridge supported by the playbook.
|
||||
|
||||
The playbook can install and configure [Heisenbridge](https://github.com/hifi/heisenbridge) - the bouncer-style [IRC](https://en.wikipedia.org/wiki/Internet_Relay_Chat) bridge for you.
|
||||
|
||||
See the project's [README](https://github.com/hifi/heisenbridge/blob/master/README.md) to learn what it does and why it might be useful to you.
|
||||
|
||||
## Configuration
|
||||
|
||||
Below are the common configuration options that you may want to set, exhaustive list is in [the bridge's defaults var file](../roles/matrix-bridge-heisenbridge/defaults/main.yml).
|
||||
|
||||
At a minimum, you only need to enable the bridge to get it up and running (`inventory/host_vars/matrix.DOMAIN/vars.yml`):
|
||||
|
||||
```yaml
|
||||
matrix_heisenbridge_enabled: true
|
||||
|
||||
# set owner (optional)
|
||||
matrix_heisenbridge_owner: "@you:your-homeserver"
|
||||
|
||||
# to enable identd on host port 113/TCP (optional)
|
||||
matrix_heisenbridge_identd_enabled: true
|
||||
```
|
||||
|
||||
That's it! A registration file is automatically generated during the setup phase.
|
||||
|
||||
Setting the owner is optional as the first local user to DM `@heisenbridge:your-homeserver` will be made the owner.
|
||||
If you are not using a local user you must set it as otherwise you can't DM it at all.
|
||||
|
||||
## Usage
|
||||
|
||||
After the bridge is successfully running just DM `@heisenbridge:your-homeserver` to start setting it up.
|
||||
Help is available for all commands with the `-h` switch.
|
||||
If the bridge ignores you and a DM is not accepted then the owner setting may be wrong.
|
||||
|
||||
If you encounter issues or feel lost you can join the project room at [#heisenbridge:vi.fi](https://matrix.to/#/#heisenbridge:vi.fi) for help.
|
@ -0,0 +1,21 @@
|
||||
# Configuring Hydrogen (optional)
|
||||
|
||||
This playbook can install the [Hydrogen](https://github.com/vector-im/hydrogen-web) Matrix web client for you.
|
||||
Hydrogen is a lightweight web client that supports mobile and legacy web browsers.
|
||||
Hydrogen can be installed alongside or instead of Element.
|
||||
|
||||
If you'd like Hydrogen to be installed, add the following to your configuration file (`inventory/host_vars/matrix.<your-domain>/vars.yml`):
|
||||
|
||||
```yaml
|
||||
matrix_client_hydrogen_enabled: true
|
||||
```
|
||||
|
||||
You will also need to add a DNS record so that Hydrogen can be accessed.
|
||||
By default Hydrogen will use https://hydrogen.DOMAIN so you will need to create an CNAME record
|
||||
for `hydrogen`. See [Configuring DNS](configuring-dns.md).
|
||||
|
||||
If you would like to use a different domain, add the following to your configuration file (changing it to use your preferred domain):
|
||||
|
||||
```yaml
|
||||
matrix_server_fqn_hydrogen: "helium.{{ matrix_domain }}"
|
||||
```
|
@ -0,0 +1,32 @@
|
||||
# Setting up postgres backup (optional)
|
||||
|
||||
The playbook can install and configure [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) for you.
|
||||
|
||||
## Adjusting the playbook configuration
|
||||
|
||||
Minimal working configuration (`inventory/host_vars/matrix.DOMAIN/vars.yml`) to enable Postgres backup:
|
||||
|
||||
```yaml
|
||||
matrix_postgres_backup_enabled: true
|
||||
```
|
||||
|
||||
Refer to the table below for additional configuration variables and their default values.
|
||||
|
||||
|
||||
| Name | Default value | Description |
|
||||
| :-------------------------------- | :--------------------------- | :--------------------------------------------------------------- |
|
||||
|`matrix_postgres_backup_enabled`|`false`|Set to true to use [docker-postgres-backup-local](https://github.com/prodrigestivill/docker-postgres-backup-local) to create automatic database backups|
|
||||
|`matrix_postgres_backup_schedule`| `'@daily'` |Cron-schedule specifying the interval between postgres backups.|
|
||||
|`matrix_postgres_backup_keep_days`|`7`|Number of daily backups to keep|
|
||||
|`matrix_postgres_backup_keep_weeks`|`4`|Number of weekly backups to keep|
|
||||
|`matrix_postgres_backup_keep_months`|`12`|Number of monthly backups to keep|
|
||||
|`matrix_postgres_backup_path` | `"{{ matrix_base_data_path }}/postgres-backup"` | Storagepath for the database backups|
|
||||
|
||||
|
||||
## Installing
|
||||
|
||||
After configuring the playbook, run the [installation](installing.md) command again:
|
||||
|
||||
```
|
||||
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
|
||||
```
|
@ -0,0 +1,71 @@
|
||||
# Setting up Sygnal (optional)
|
||||
|
||||
The playbook can install and configure the [Sygnal](https://github.com/matrix-org/sygnal) push gateway for you.
|
||||
|
||||
See the project's [documentation](https://github.com/matrix-org/sygnal) to learn what it does and why it might be useful to you.
|
||||
|
||||
**Note**: most people don't need to install their own gateway. As Sygnal's [Notes for application developers](https://github.com/matrix-org/sygnal/blob/master/docs/applications.md) documentation says:
|
||||
|
||||
> It is not feasible to allow end-users to configure their own Sygnal instance, because the Sygnal instance needs the appropriate FCM or APNs secrets that belong to the application.
|
||||
|
||||
This optional playbook component is only useful to people who develop/build their own Matrix client applications themselves.
|
||||
|
||||
|
||||
## Adjusting the playbook configuration
|
||||
|
||||
Add the following configuration to your `inventory/host_vars/matrix.DOMAIN/vars.yml` file (adapt to your needs):
|
||||
|
||||
```yaml
|
||||
matrix_sygnal_enabled: true
|
||||
|
||||
# You need at least 1 app defined.
|
||||
# The configuration below is incomplete. Read more below.
|
||||
matrix_sygnal_apps:
|
||||
com.example.myapp.ios:
|
||||
type: apns
|
||||
keyfile: /data/my_key.p8
|
||||
# .. more configuration ..
|
||||
com.example.myapp.android:
|
||||
type: gcm
|
||||
api_key: your_api_key_for_gcm
|
||||
# .. more configuration ..
|
||||
|
||||
matrix_aux_file_definitions:
|
||||
- dest: "{{ matrix_sygnal_data_path }}/my_key.p8"
|
||||
content: |
|
||||
some
|
||||
content
|
||||
here
|
||||
mode: '0600'
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
```
|
||||
|
||||
For a more complete example of available fields and values they can take, see `roles/matrix-sygnal/templates/sygnal.yaml.j2` (or the [upstream `sygnal.yaml.sample` configuration file](https://github.com/matrix-org/sygnal/blob/master/sygnal.yaml.sample)).
|
||||
|
||||
Configuring [GCM/FCM](https://firebase.google.com/docs/cloud-messaging/) is easier, as it only requires that you provide some config values.
|
||||
|
||||
To configure [APNS](https://developer.apple.com/notifications/) (Apple Push Notification Service), you'd need to provide one or more certificate files.
|
||||
To do that, the above example configuration:
|
||||
|
||||
- makes use of the `matrix-aux` role (and its `matrix_aux_file_definitions` variable) to make the playbook install files into `/matrix/sygnal/data` (the `matrix_sygnal_data_path` variable). See `roles/matrix-aux/defaults/main.yml` for usage examples. It also makes sure the files are owned by `matrix:matrix`, so that Sygnal can read them. Of course, you can also install these files manually yourself, if you'd rather not use `matrix-aux`.
|
||||
|
||||
- references these files in the Sygnal configuration (`matrix_sygnal_apps`) using a path like `/data/..` (the `/matrix/sygnal/data` directory on the host system is mounted into the `/data` directory inside the container)
|
||||
|
||||
|
||||
## Installing
|
||||
|
||||
Don't forget to add `sygnal.<your-domain>` to DNS as described in [Configuring DNS](configuring-dns.md) before running the playbook.
|
||||
|
||||
After configuring the playbook, run the [installation](installing.md) command again:
|
||||
|
||||
```
|
||||
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
|
||||
```
|
||||
|
||||
|
||||
## Usage
|
||||
|
||||
To make use of your Sygnal installation, you'd need to build your own Matrix client application, which uses the same API keys (for [GCM/FCM](https://firebase.google.com/docs/cloud-messaging/)) and certificates (for [APNS](https://developer.apple.com/notifications/)) and is also pointed to `https://sygnal.DOMAIN` as the configured push server.
|
||||
|
||||
Refer to Sygnal's [Notes for application developers](https://github.com/matrix-org/sygnal/blob/master/docs/applications.md) document.
|
@ -0,0 +1 @@
|
||||
matrix_awx_enabled: true
|
@ -0,0 +1,42 @@
|
||||
{
|
||||
"name": "Access Export",
|
||||
"description": "Access the services export.",
|
||||
"spec": [
|
||||
{
|
||||
"question_name": "SFTP Authorisation Method",
|
||||
"question_description": "Set whether you want to disable SFTP, use a password to connect to SFTP or connect with a more secure SSH key.",
|
||||
"required": true,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ sftp_auth_method | string }}",
|
||||
"choices": "Disabled\nPassword\nSSH Key",
|
||||
"new_question": true,
|
||||
"variable": "sftp_auth_method",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "SFTP Password",
|
||||
"question_description": "Sets the password of the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'Password' method is selected. WARNING: You must set a strong and unique password here.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 64,
|
||||
"default": "{{ sftp_password }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "sftp_password",
|
||||
"type": "password"
|
||||
},
|
||||
{
|
||||
"question_name": "SFTP Public SSH Key (More Secure)",
|
||||
"question_description": "Sets the public SSH key used to access the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'SSH Key' method is selected.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 16384,
|
||||
"default": "{{ sftp_public_key }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "sftp_public_key",
|
||||
"type": "text"
|
||||
}
|
||||
]
|
||||
}
|
@ -0,0 +1,19 @@
|
||||
{
|
||||
"name": "Backup Server",
|
||||
"description": "Performs a backup of the entire service to a remote location.",
|
||||
"spec": [
|
||||
{
|
||||
"question_name": "Enable Backup",
|
||||
"question_description": "Set if remote backup is enabled or not. If enabled a daily backup of your server will be sent to the backup server located in {{ backup_server_location }}.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_awx_backup_enabled | string | lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_awx_backup_enabled",
|
||||
"type": "multiplechoice"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -0,0 +1,88 @@
|
||||
{
|
||||
"name": "Configure Matrix Corporal",
|
||||
"description": "Configure Matrix Corporal, a tool that manages your Matrix server according to a configuration policy.",
|
||||
"spec": [
|
||||
{
|
||||
"question_name": "Enable Corporal",
|
||||
"question_description": "Controls if Matrix Corporal is enabled at all. If you're unsure if you need Matrix Corporal or not, you most likely don't.",
|
||||
"required": true,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_corporal_enabled|string|lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_corporal_enabled",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Corporal Policy Provider",
|
||||
"question_description": "Controls what provider policy is used with Matrix Corporal.",
|
||||
"required": true,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_corporal_policy_provider_mode }}",
|
||||
"choices": "Simple Static File\nHTTP Pull Mode (API Enabled)\nHTTP Push Mode (API Enabled)",
|
||||
"new_question": true,
|
||||
"variable": "matrix_corporal_policy_provider_mode",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Simple Static File Configuration",
|
||||
"question_description": "The configuration file for Matrix Corporal, only needed if 'Simple Static File' provider is selected, any configuration entered here will be saved and applied.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 65536,
|
||||
"default": "",
|
||||
"new_question": true,
|
||||
"variable": "matrix_corporal_simple_static_config",
|
||||
"type": "textarea"
|
||||
},
|
||||
{
|
||||
"question_name": "HTTP Pull Mode URI",
|
||||
"question_description": "The network address to remotely fetch the configuration from. Only needed if 'HTTP Pull Mode (API Enabled)' provider is selected.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 4096,
|
||||
"default": "{{ matrix_corporal_pull_mode_uri }}",
|
||||
"new_question": true,
|
||||
"variable": "matrix_corporal_pull_mode_uri",
|
||||
"type": "text"
|
||||
},
|
||||
{
|
||||
"question_name": "HTTP Pull Mode Authentication Token",
|
||||
"question_description": "An authentication token for pulling the Corporal configuration from a network location. Only needed if 'HTTP Pull Mode (API Enabled)' provider is selected. WARNING: You must set a strong and unique password here.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 256,
|
||||
"default": "{{ matrix_corporal_pull_mode_token }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "matrix_corporal_pull_mode_token",
|
||||
"type": "password"
|
||||
},
|
||||
{
|
||||
"question_name": "Corporal API Authentication Token",
|
||||
"question_description": "An authentication token for interfacing with Corporals API. Only needed to be set if 'HTTP Pull Mode (API Enabled)' or 'HTTP Push Mode (API Enabled)' provider is selected. WARNING: You must set a strong and unique password here.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 256,
|
||||
"default": "{{ matrix_corporal_http_api_auth_token }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "matrix_corporal_http_api_auth_token",
|
||||
"type": "password"
|
||||
},
|
||||
{
|
||||
"question_name": "Raise Synapse Ratelimits",
|
||||
"question_description": "For Matrix Corporal to work you will need to temporarily raise the rate limits for logins, please return this value to 'Normal' after you're done using Corporal.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_corporal_raise_ratelimits }}",
|
||||
"choices": "Normal\nRaised",
|
||||
"new_question": true,
|
||||
"variable": "matrix_corporal_raise_ratelimits",
|
||||
"type": "multiplechoice"
|
||||
}
|
||||
]
|
||||
}
|
@ -0,0 +1,30 @@
|
||||
{
|
||||
"name": "Configure Dimension",
|
||||
"description": "Configure Dimension, the self-hosted integrations server.",
|
||||
"spec": [
|
||||
{
|
||||
"question_name": "Enable Dimension",
|
||||
"question_description": "Enables the Dimension integration server, before doing this you need to create a CNAME record for 'dimension.{{ matrix_domain }}' that points to 'matrix.{{ matrix_domain }}'.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_dimension_enabled | string | lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_dimension_enabled",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Dimension Users",
|
||||
"question_description": "Here you can list the user accounts that will be able to configure Dimension. Entries must be seperated with newlines and must be a complete Matrix ID. For example: '@dimension:{{ matrix_domain }}'",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 65536,
|
||||
"default": {{ ext_dimension_users_raw_final | to_json }},
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "ext_dimension_users_raw",
|
||||
"type": "textarea"
|
||||
}
|
||||
]
|
||||
}
|
@ -0,0 +1,78 @@
|
||||
{
|
||||
"name": "Configure Element",
|
||||
"description": "Configure Element web client, Element is the most developed Matrix client software.",
|
||||
"spec": [
|
||||
{
|
||||
"question_name": "Enable Element-Web",
|
||||
"question_description": "Set if Element web client is enabled or not.",
|
||||
"required": true,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_client_element_enabled }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_client_element_enabled",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Set Branding for Web Client",
|
||||
"question_description": "Sets the 'branding' seen in the tab and on the welcome page to a custom value.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 256,
|
||||
"default": "{{ matrix_client_element_brand }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "matrix_client_element_brand",
|
||||
"type": "text"
|
||||
},
|
||||
{
|
||||
"question_name": "Set Theme for Web Client",
|
||||
"question_description": "Sets the default theme for the web client, can be changed later by individual users.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_client_element_default_theme }}",
|
||||
"choices": "light\ndark",
|
||||
"new_question": true,
|
||||
"variable": "matrix_client_element_default_theme",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Set Welcome Page Background",
|
||||
"question_description": "URL to Wallpaper, shown in background of the welcome page. Must be a 'https' link, otherwise it won't be set.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 1024,
|
||||
"default": "{{ matrix_client_element_branding_welcomeBackgroundUrl }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "matrix_client_element_branding_welcomeBackgroundUrl",
|
||||
"type": "text"
|
||||
},
|
||||
{
|
||||
"question_name": "Show Registration Button",
|
||||
"question_description": "If you show the registration button on the welcome page.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_client_element_registration_enabled }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_client_element_registration_enabled",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Set Element Subdomain",
|
||||
"question_description": "Sets the subdomain of the Element web-client, you should only specify the subdomain, not the base domain you've already set. (Eg: 'element' for element.example.org) Note that if you change this value you'll need to reconfigure your DNS.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 2048,
|
||||
"default": "{{ element_subdomain }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "element_subdomain",
|
||||
"type": "text"
|
||||
}
|
||||
]
|
||||
}
|
@ -0,0 +1,31 @@
|
||||
{
|
||||
"name": "Configure Jitsi",
|
||||
"description": "Configure Jitsi conferencing settings.",
|
||||
"spec": [
|
||||
{
|
||||
"question_name": "Enable Jitsi",
|
||||
"question_description": "Set if Jitsi is enabled or not. If disabled your server will use the https://jitsi.riot.im server. If you're on a smaller server disabling this might increase the performance of your Matrix service.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_jitsi_enabled }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_jitsi_enabled",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Set Default Language",
|
||||
"question_description": "2 digit 639-1 language code to adjust the language of the web client. For a list of possible codes see: https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 2,
|
||||
"default": "{{ matrix_jitsi_web_config_defaultLanguage }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "matrix_jitsi_web_config_defaultLanguage",
|
||||
"type": "text"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -0,0 +1,41 @@
|
||||
{
|
||||
"name": "Configure ma1sd",
|
||||
"description": "Configure ma1sd settings, ma1sd is a self-hosted identity server for Matrix.",
|
||||
"spec": [
|
||||
{
|
||||
"question_name": "Enable ma1sd",
|
||||
"question_description": "Set if ma1sd is enabled or not. If disabled your server will loose identity functionality (not recommended).",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_ma1sd_enabled | string | lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_ma1sd_enabled",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "ma1sd Authentication Mode",
|
||||
"question_description": "Set the source of user account authentication credentials with the ma1sd.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ ext_matrix_ma1sd_auth_store }}",
|
||||
"choices": "Synapse Internal\nLDAP/AD",
|
||||
"new_question": true,
|
||||
"variable": "ext_matrix_ma1sd_auth_store",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "LDAP/AD Configuration",
|
||||
"question_description": "Settings for connecting LDAP/AD to the ma1sd service. (ignored if using Synapse Internal, see https://github.com/ma1uta/ma1sd/blob/master/docs/stores/README.md )",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 65536,
|
||||
"default": {{ ext_matrix_ma1sd_configuration_extension_yaml | to_json }},
|
||||
"new_question": true,
|
||||
"variable": "ext_matrix_ma1sd_configuration_extension_yaml",
|
||||
"type": "textarea"
|
||||
}
|
||||
]
|
||||
}
|
@ -0,0 +1,198 @@
|
||||
{
|
||||
"name": "Configure Synapse",
|
||||
"description": "Configure Synapse settings. Synapse is the homeserver software that powers your Matrix instance.",
|
||||
"spec": [
|
||||
{
|
||||
"question_name": "Enable Public Registration",
|
||||
"question_description": "Controls whether people with access to the homeserver can register by themselves.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_synapse_enable_registration | string | lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_synapse_enable_registration",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Enable Federation",
|
||||
"question_description": "Controls whether Synapse will federate at all. Disable this to completely isolate your server from the rest of the Matrix network.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_synapse_federation_enabled | string | lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_synapse_federation_enabled",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Allow Public Rooms Over Federation",
|
||||
"question_description": "Controls whether remote servers can fetch this server's public rooms directory via federation. For private servers, you'll most likely want to forbid this.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_synapse_allow_public_rooms_over_federation | string | lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_synapse_allow_public_rooms_over_federation",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Enable Community Creation",
|
||||
"question_description": "Allows regular users (who aren't server admins) to create 'communities', which are basically groups of rooms.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_synapse_enable_group_creation | string | lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_synapse_enable_group_creation",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Enable Synapse Presence",
|
||||
"question_description": "Controls whether presence is enabled. This shows who's online and reading your posts. Disabling it will increase both performance and user privacy.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_synapse_presence_enabled | string | lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_synapse_presence_enabled",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Enable URL Previews",
|
||||
"question_description": "Controls whether URL previews should be generated. This will cause a request from Synapse to URLs shared by users.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_synapse_url_preview_enabled | string | lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_synapse_url_preview_enabled",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Enable Guest Access",
|
||||
"question_description": "Controls whether 'guest accounts' can access rooms without registering. Guest users do not count towards your servers user limit.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_synapse_allow_guest_access | string | lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_synapse_allow_guest_access",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Registration Requires Email",
|
||||
"question_description": "Controls whether an email address is required to register on the server.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ ext_registrations_require_3pid | string | lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "ext_registrations_require_3pid",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Registration Shared Secret",
|
||||
"question_description": "A secret that allows registration of standard or admin accounts by anyone who has the shared secret, even if registration is otherwise disabled. WARNING: You must set a strong and unique password here.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 256,
|
||||
"default": "",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "matrix_synapse_registration_shared_secret",
|
||||
"type": "password"
|
||||
},
|
||||
{
|
||||
"question_name": "Synapse Max Upload Size",
|
||||
"question_description": "Sets the maximum size for uploaded files in MB.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 3,
|
||||
"default": "{{ matrix_synapse_max_upload_size_mb }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "matrix_synapse_max_upload_size_mb_raw",
|
||||
"type": "text"
|
||||
},
|
||||
{
|
||||
"question_name": "URL Preview Languages",
|
||||
"question_description": "Sets the languages that URL previews will be generated in. Entries are a 2-3 letter IETF language tag, they must be seperated with newlines. For example: 'fr' https://en.wikipedia.org/wiki/IETF_language_tag",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 65536,
|
||||
"default": {{ ext_url_preview_accept_language_default | to_json }},
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "ext_url_preview_accept_language_raw",
|
||||
"type": "textarea"
|
||||
},
|
||||
{
|
||||
"question_name": "Federation Whitelist",
|
||||
"question_description": "Here you can list the URLs of other Matrix homeservers and Synapse will only federate with those homeservers. Entries must be seperated with newlines and must not have a 'https://' prefix. For example: 'matrix.example.org'",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 65536,
|
||||
"default": {{ ext_federation_whitelist_raw | to_json }},
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "ext_federation_whitelist_raw",
|
||||
"type": "textarea"
|
||||
},
|
||||
{
|
||||
"question_name": "Synapse Auto-Join Rooms",
|
||||
"question_description": "Sets the 'auto-join' rooms, where new users will be automatically invited to, these rooms must already exist. Entries must be room addresses that are separated with newlines. For example: '#announcements:example.org'",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 65536,
|
||||
"default": {{ matrix_synapse_auto_join_rooms_raw | to_json }},
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "matrix_synapse_auto_join_rooms_raw",
|
||||
"type": "textarea"
|
||||
},
|
||||
{
|
||||
"question_name": "Enable ReCaptcha on Registration",
|
||||
"question_description": "Enables Googles ReCaptcha verification for registering an account, recommended for public servers.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ ext_enable_registration_captcha | string | lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "ext_enable_registration_captcha",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Recaptcha Public Key",
|
||||
"question_description": "Sets the Google ReCaptcha public key for this website.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 40,
|
||||
"default": "{{ ext_recaptcha_public_key }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "ext_recaptcha_public_key",
|
||||
"type": "text"
|
||||
},
|
||||
{
|
||||
"question_name": "Recaptcha Private Key",
|
||||
"question_description": "Sets the Google ReCaptcha private key for this website.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 40,
|
||||
"default": "{{ ext_recaptcha_private_key }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "ext_recaptcha_private_key",
|
||||
"type": "text"
|
||||
}
|
||||
]
|
||||
}
|
@ -0,0 +1,18 @@
|
||||
{
|
||||
"name": "Configure Synapse Admin",
|
||||
"description": "Configure 'Synapse Admin', a moderation tool to help you manage your server.",
|
||||
"spec": [
|
||||
{
|
||||
"question_name": "Enable Synapse Admin",
|
||||
"question_description": "Set if Synapse Admin is enabled or not. If enabled you can access it at https://{{ matrix_server_fqn_matrix }}/synapse-admin.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_synapse_admin_enabled | string | lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_synapse_admin_enabled",
|
||||
"type": "multiplechoice"
|
||||
}
|
||||
]
|
||||
}
|
@ -0,0 +1,54 @@
|
||||
{
|
||||
"name": "Configure Website Access Backup",
|
||||
"description": "Configure base domain website settings and access the services backup.",
|
||||
"spec": [
|
||||
{
|
||||
"question_name": "Customise Base Domain Website",
|
||||
"question_description": "Set if you want to adjust the base domain website using SFTP.",
|
||||
"required": true,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ customise_base_domain_website | string | lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "customise_base_domain_website",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "SFTP Authorisation Method",
|
||||
"question_description": "Set whether you want to disable SFTP, use a password to connect to SFTP or connect with a more secure SSH key.",
|
||||
"required": true,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ sftp_auth_method | string }}",
|
||||
"choices": "Disabled\nPassword\nSSH Key",
|
||||
"new_question": true,
|
||||
"variable": "sftp_auth_method",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "SFTP Password",
|
||||
"question_description": "Sets the password of the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'Password' method is selected. WARNING: You must set a strong and unique password here.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 64,
|
||||
"default": "{{ sftp_password }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "sftp_password",
|
||||
"type": "password"
|
||||
},
|
||||
{
|
||||
"question_name": "SFTP Public SSH Key (More Secure)",
|
||||
"question_description": "Sets the public SSH key used to access the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'SSH Key' method is selected.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 16384,
|
||||
"default": "{{ sftp_public_key }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "sftp_public_key",
|
||||
"type": "text"
|
||||
}
|
||||
]
|
||||
}
|
@ -0,0 +1,83 @@
|
||||
|
||||
- name: Record Backup Server variables locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# AWX Settings Start'
|
||||
with_dict:
|
||||
'matrix_awx_backup_enabled': '{{ matrix_awx_backup_enabled }}'
|
||||
tags: use-survey
|
||||
|
||||
- name: Save new 'Backup Server' survey.json to the AWX tower, template
|
||||
delegate_to: 127.0.0.1
|
||||
template:
|
||||
src: 'roles/matrix-awx/surveys/backup_server.json.j2'
|
||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json'
|
||||
tags: use-survey
|
||||
|
||||
- name: Copy new 'Backup Server' survey.json to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json'
|
||||
dest: '/matrix/awx/backup_server.json'
|
||||
mode: '0660'
|
||||
tags: use-survey
|
||||
|
||||
- name: Collect AWX admin token the hard way!
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
||||
register: tower_token
|
||||
no_log: True
|
||||
tags: use-survey
|
||||
|
||||
- name: Recreate 'Backup Server' job template
|
||||
delegate_to: 127.0.0.1
|
||||
awx.awx.tower_job_template:
|
||||
name: "{{ matrix_domain }} - 0 - Backup Server"
|
||||
description: "Performs a backup of the entire service to a remote location."
|
||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
||||
job_type: run
|
||||
job_tags: "backup-server,use-survey"
|
||||
inventory: "{{ member_id }}"
|
||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
||||
playbook: setup.yml
|
||||
credential: "{{ member_id }} - AWX SSH Key"
|
||||
survey_enabled: true
|
||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json') }}"
|
||||
become_enabled: yes
|
||||
state: present
|
||||
verbosity: 1
|
||||
tower_host: "https://{{ tower_host }}"
|
||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
||||
validate_certs: yes
|
||||
tags: use-survey
|
||||
|
||||
- name: Run export.sh if this job template is run by the client
|
||||
command: /bin/sh /root/export.sh
|
||||
tags: use-survey
|
||||
|
||||
- name: Include vars in matrix_vars.yml
|
||||
include_vars:
|
||||
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
no_log: True
|
||||
|
||||
- name: Copy new 'matrix_vars.yml' to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
dest: '/matrix/awx/matrix_vars.yml'
|
||||
mode: '0660'
|
||||
tags: use-survey
|
||||
|
||||
- name: Perform the borg backup
|
||||
command: borgmatic
|
||||
when: matrix_awx_backup_enabled|bool
|
||||
|
||||
- name: Set boolean value to exit playbook
|
||||
set_fact:
|
||||
end_playbook: true
|
||||
|
||||
- name: End playbook if this task list is called.
|
||||
meta: end_play
|
||||
when: end_playbook is defined and end_playbook|bool
|
@ -0,0 +1,12 @@
|
||||
|
||||
- name: Collect current datetime
|
||||
set_fact:
|
||||
awx_datetime: "{{ lookup('pipe', 'date +%Y-%m-%d_%H:%M') }}"
|
||||
|
||||
- name: Create cached matrix_vars.yml file location
|
||||
set_fact:
|
||||
awx_cached_matrix_vars: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars_{{ awx_datetime }}.yml'
|
||||
|
||||
- name: Create cached matrix_vars.yml
|
||||
delegate_to: 127.0.0.1
|
||||
shell: "cp /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml {{ awx_cached_matrix_vars }}"
|
@ -0,0 +1,31 @@
|
||||
#
|
||||
# Create user and define if they are admin
|
||||
#
|
||||
# /usr/local/bin/matrix-synapse-register-user <your_username> <your_password> <admin access: 0 or 1>
|
||||
#
|
||||
|
||||
- name: Set admin bool to zero
|
||||
set_fact:
|
||||
admin_bool: 0
|
||||
when: admin_access == 'false'
|
||||
|
||||
- name: Examine if server admin set
|
||||
set_fact:
|
||||
admin_bool: 1
|
||||
when: admin_access == 'true'
|
||||
|
||||
- name: Set boolean value to exit playbook
|
||||
set_fact:
|
||||
end_playbook: true
|
||||
|
||||
- name: Create user account
|
||||
command: |
|
||||
/usr/local/bin/matrix-synapse-register-user {{ new_username | quote }} {{ new_password | quote }} {{ admin_bool }}
|
||||
register: cmd
|
||||
|
||||
- name: Result
|
||||
debug: msg="{{ cmd.stdout }}"
|
||||
|
||||
- name: End playbook if this task list is called.
|
||||
meta: end_play
|
||||
when: end_playbook is defined and end_playbook|bool
|
@ -0,0 +1,273 @@
|
||||
|
||||
- name: Enable index.html creation if user doesn't wish to customise base domain
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Base Domain Settings Start'
|
||||
with_dict:
|
||||
'matrix_nginx_proxy_base_domain_homepage_enabled': 'true'
|
||||
when: (customise_base_domain_website is defined) and not customise_base_domain_website|bool
|
||||
|
||||
- name: Disable index.html creation to allow multi-file site if user does wish to customise base domain
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Base Domain Settings Start'
|
||||
with_dict:
|
||||
'matrix_nginx_proxy_base_domain_homepage_enabled': 'false'
|
||||
when: (customise_base_domain_website is defined) and customise_base_domain_website|bool
|
||||
|
||||
- name: Record custom 'Customise Website + Access Export' variables locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Custom Settings Start'
|
||||
with_dict:
|
||||
'sftp_auth_method': '"{{ sftp_auth_method }}"'
|
||||
'sftp_password': '"{{ sftp_password }}"'
|
||||
'sftp_public_key': '"{{ sftp_public_key }}"'
|
||||
|
||||
- name: Record custom 'Customise Website + Access Export' variables locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Custom Settings Start'
|
||||
with_dict:
|
||||
'customise_base_domain_website': '{{ customise_base_domain_website }}'
|
||||
when: customise_base_domain_website is defined
|
||||
|
||||
- name: Reload vars in matrix_vars.yml
|
||||
include_vars:
|
||||
file: '{{ awx_cached_matrix_vars }}'
|
||||
no_log: True
|
||||
|
||||
- name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template
|
||||
delegate_to: 127.0.0.1
|
||||
template:
|
||||
src: './roles/matrix-awx/surveys/configure_website_access_export.json.j2'
|
||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json'
|
||||
when: customise_base_domain_website is defined
|
||||
|
||||
- name: Copy new 'Customise Website + Access Export' survey.json to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json'
|
||||
dest: '/matrix/awx/configure_website_access_export.json'
|
||||
mode: '0660'
|
||||
when: customise_base_domain_website is defined
|
||||
|
||||
- name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template
|
||||
delegate_to: 127.0.0.1
|
||||
template:
|
||||
src: './roles/matrix-awx/surveys/access_export.json.j2'
|
||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json'
|
||||
when: customise_base_domain_website is undefined
|
||||
|
||||
- name: Copy new 'Customise Website + Access Export' survey.json to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json'
|
||||
dest: '/matrix/awx/access_export.json'
|
||||
mode: '0660'
|
||||
when: customise_base_domain_website is undefined
|
||||
|
||||
- name: Collect AWX admin token the hard way!
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
||||
register: tower_token
|
||||
no_log: True
|
||||
|
||||
- name: Recreate 'Configure Website + Access Export' job template
|
||||
delegate_to: 127.0.0.1
|
||||
awx.awx.tower_job_template:
|
||||
name: "{{ matrix_domain }} - 1 - Configure Website + Access Export"
|
||||
description: "Configure base domain website settings and access the servers export."
|
||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
||||
job_type: run
|
||||
job_tags: "start,setup-nginx-proxy"
|
||||
inventory: "{{ member_id }}"
|
||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
||||
playbook: setup.yml
|
||||
credential: "{{ member_id }} - AWX SSH Key"
|
||||
survey_enabled: true
|
||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json') }}"
|
||||
become_enabled: yes
|
||||
state: present
|
||||
verbosity: 1
|
||||
tower_host: "https://{{ tower_host }}"
|
||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
||||
validate_certs: yes
|
||||
when: customise_base_domain_website is defined
|
||||
|
||||
- name: Recreate 'Access Export' job template
|
||||
delegate_to: 127.0.0.1
|
||||
awx.awx.tower_job_template:
|
||||
name: "{{ matrix_domain }} - 1 - Access Export"
|
||||
description: "Access the services export."
|
||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
||||
job_type: run
|
||||
job_tags: "start,setup-nginx-proxy"
|
||||
inventory: "{{ member_id }}"
|
||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
||||
playbook: setup.yml
|
||||
credential: "{{ member_id }} - AWX SSH Key"
|
||||
survey_enabled: true
|
||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json') }}"
|
||||
become_enabled: yes
|
||||
state: present
|
||||
verbosity: 1
|
||||
tower_host: "https://{{ tower_host }}"
|
||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
||||
validate_certs: yes
|
||||
when: customise_base_domain_website is undefined
|
||||
|
||||
- name: Ensure group "sftp" exists
|
||||
group:
|
||||
name: sftp
|
||||
state: present
|
||||
|
||||
- name: If user doesn't define a sftp_password, create a disabled 'sftp' account
|
||||
user:
|
||||
name: sftp
|
||||
comment: SFTP user to set custom web files and access servers export
|
||||
shell: /bin/false
|
||||
home: /home/sftp
|
||||
group: sftp
|
||||
password: '*'
|
||||
update_password: always
|
||||
when: sftp_password|length == 0
|
||||
|
||||
- name: If user defines sftp_password, enable account and set password on 'stfp' account
|
||||
user:
|
||||
name: sftp
|
||||
comment: SFTP user to set custom web files and access servers export
|
||||
shell: /bin/false
|
||||
home: /home/sftp
|
||||
group: sftp
|
||||
password: "{{ sftp_password | password_hash('sha512') }}"
|
||||
update_password: always
|
||||
when: sftp_password|length > 0
|
||||
|
||||
- name: adding existing user 'sftp' to group matrix
|
||||
user:
|
||||
name: sftp
|
||||
groups: matrix
|
||||
append: yes
|
||||
when: customise_base_domain_website is defined
|
||||
|
||||
- name: Create the ro /chroot directory with sticky bit if it doesn't exist. (/chroot/website has matrix:matrix permissions and is mounted to nginx container)
|
||||
file:
|
||||
path: /chroot
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: '1755'
|
||||
|
||||
- name: Ensure /chroot/website location exists.
|
||||
file:
|
||||
path: /chroot/website
|
||||
state: directory
|
||||
owner: matrix
|
||||
group: matrix
|
||||
mode: '0574'
|
||||
when: customise_base_domain_website is defined
|
||||
|
||||
- name: Ensure /chroot/export location exists
|
||||
file:
|
||||
path: /chroot/export
|
||||
state: directory
|
||||
owner: sftp
|
||||
group: sftp
|
||||
mode: '0700'
|
||||
|
||||
- name: Ensure /home/sftp/.ssh location exists
|
||||
file:
|
||||
path: /home/sftp/.ssh
|
||||
state: directory
|
||||
owner: sftp
|
||||
group: sftp
|
||||
mode: '0700'
|
||||
|
||||
- name: Ensure /home/sftp/authorized_keys exists
|
||||
file:
|
||||
path: /home/sftp/.ssh/authorized_keys
|
||||
state: touch
|
||||
owner: sftp
|
||||
group: sftp
|
||||
mode: '0644'
|
||||
|
||||
- name: Clear authorized_keys file
|
||||
shell: echo "" > /home/sftp/.ssh/authorized_keys
|
||||
|
||||
- name: Insert public SSH key into authorized_keys file
|
||||
lineinfile:
|
||||
path: /home/sftp/.ssh/authorized_keys
|
||||
line: "{{ sftp_public_key }}"
|
||||
owner: sftp
|
||||
group: sftp
|
||||
mode: '0644'
|
||||
when: (sftp_public_key | length > 0) and (sftp_auth_method == "SSH Key")
|
||||
|
||||
- name: Alter SSH Subsystem State 1
|
||||
lineinfile:
|
||||
path: /etc/ssh/sshd_config
|
||||
line: "Subsystem sftp /usr/lib/openssh/sftp-server"
|
||||
state: absent
|
||||
|
||||
- name: Alter SSH Subsystem State 2
|
||||
lineinfile:
|
||||
path: /etc/ssh/sshd_config
|
||||
insertafter: "^# override default of no subsystems"
|
||||
line: "Subsystem sftp internal-sftp"
|
||||
|
||||
- name: Add SSH Match User section for disabled auth
|
||||
blockinfile:
|
||||
path: /etc/ssh/sshd_config
|
||||
state: absent
|
||||
block: |
|
||||
Match User sftp
|
||||
ChrootDirectory /chroot
|
||||
PermitTunnel no
|
||||
X11Forwarding no
|
||||
AllowTcpForwarding no
|
||||
PasswordAuthentication yes
|
||||
AuthorizedKeysFile /home/sftp/.ssh/authorized_keys
|
||||
when: sftp_auth_method == "Disabled"
|
||||
|
||||
- name: Add SSH Match User section for password auth
|
||||
blockinfile:
|
||||
path: /etc/ssh/sshd_config
|
||||
state: present
|
||||
block: |
|
||||
Match User sftp
|
||||
ChrootDirectory /chroot
|
||||
PermitTunnel no
|
||||
X11Forwarding no
|
||||
AllowTcpForwarding no
|
||||
PasswordAuthentication yes
|
||||
when: sftp_auth_method == "Password"
|
||||
|
||||
- name: Add SSH Match User section for publickey auth
|
||||
blockinfile:
|
||||
path: /etc/ssh/sshd_config
|
||||
state: present
|
||||
block: |
|
||||
Match User sftp
|
||||
ChrootDirectory /chroot
|
||||
PermitTunnel no
|
||||
X11Forwarding no
|
||||
AllowTcpForwarding no
|
||||
AuthorizedKeysFile /home/sftp/.ssh/authorized_keys
|
||||
when: sftp_auth_method == "SSH Key"
|
||||
|
||||
- name: Restart service ssh.service
|
||||
service:
|
||||
name: ssh.service
|
||||
state: restarted
|
@ -0,0 +1,18 @@
|
||||
|
||||
- name: Ensure /matrix/awx is empty
|
||||
shell: rm -r /matrix/awx/*
|
||||
ignore_errors: yes
|
||||
|
||||
- name: Ensure /matrix/synapse is empty
|
||||
shell: rm -r /matrix/synapse/*
|
||||
ignore_errors: yes
|
||||
|
||||
- name: Extract from /chroot/export
|
||||
shell: tar -xvzf /chroot/export/matrix.tar.gz -C /matrix/
|
||||
|
||||
- name: Ensure correct ownership of /matrix/awx
|
||||
shell: chown -R matrix:matrix /matrix/awx
|
||||
|
||||
- name: Ensure correct ownership of /matrix/synapse
|
||||
shell: chown -R matrix:matrix /matrix/synapse
|
||||
|
@ -0,0 +1,11 @@
|
||||
|
||||
- name: Include vars in organisation.yml
|
||||
include_vars:
|
||||
file: '/var/lib/awx/projects/clients/{{ member_id }}/organisation.yml'
|
||||
no_log: True
|
||||
|
||||
- name: Include vars in hosting_vars.yml
|
||||
include_vars:
|
||||
file: '/var/lib/awx/projects/hosting/hosting_vars.yml'
|
||||
no_log: True
|
||||
|
@ -0,0 +1,15 @@
|
||||
|
||||
- name: Include new vars in matrix_vars.yml
|
||||
include_vars:
|
||||
file: '{{ awx_cached_matrix_vars }}'
|
||||
no_log: True
|
||||
|
||||
- name: If include_vars succeeds overwrite the old matrix_vars.yml
|
||||
delegate_to: 127.0.0.1
|
||||
shell: "cp {{ awx_cached_matrix_vars }} /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml && rm {{ awx_cached_matrix_vars }}"
|
||||
|
||||
- name: Copy new 'matrix_vars.yml' to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
dest: '/matrix/awx/matrix_vars.yml'
|
||||
mode: '0660'
|
@ -0,0 +1,162 @@
|
||||
|
||||
# Load initial hosting and organisation variables from AWX volume
|
||||
- include_tasks:
|
||||
file: "load_hosting_and_org_variables.yml"
|
||||
apply:
|
||||
tags: always
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- always
|
||||
|
||||
# Renames the variables if needed
|
||||
- include_tasks:
|
||||
file: "rename_variables.yml"
|
||||
apply:
|
||||
tags: always
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- always
|
||||
|
||||
# Perform a backup of the server
|
||||
- include_tasks:
|
||||
file: "backup_server.yml"
|
||||
apply:
|
||||
tags: backup-server
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- backup-server
|
||||
|
||||
# Create a user account if called
|
||||
- include_tasks:
|
||||
file: "create_user.yml"
|
||||
apply:
|
||||
tags: create-user
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- create-user
|
||||
|
||||
# Purge local/remote media if called
|
||||
- include_tasks:
|
||||
file: "purge_media_main.yml"
|
||||
apply:
|
||||
tags: purge-media
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- purge-media
|
||||
|
||||
# Purge Synapse database if called
|
||||
- include_tasks:
|
||||
file: "purge_database_main.yml"
|
||||
apply:
|
||||
tags: purge-database
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- purge-database
|
||||
|
||||
# Import configs, media repo from /chroot/backup import
|
||||
- include_tasks:
|
||||
file: "import_awx.yml"
|
||||
apply:
|
||||
tags: import-awx
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- import-awx
|
||||
|
||||
# Perform extra self-check functions
|
||||
- include_tasks:
|
||||
file: "self_check.yml"
|
||||
apply:
|
||||
tags: self-check
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- self-check
|
||||
|
||||
# Create cached matrix_vars.yml file
|
||||
- include_tasks:
|
||||
file: "cache_matrix_variables.yml"
|
||||
apply:
|
||||
tags: always
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- always
|
||||
|
||||
# Configure SFTP so user can upload a static website or access the servers export
|
||||
- include_tasks:
|
||||
file: "customise_website_access_export.yml"
|
||||
apply:
|
||||
tags: setup-nginx-proxy
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- setup-nginx-proxy
|
||||
|
||||
# Additional playbook to set the variable file during Element configuration
|
||||
- include_tasks:
|
||||
file: "set_variables_element.yml"
|
||||
apply:
|
||||
tags: setup-client-element
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- setup-client-element
|
||||
|
||||
# Additional playbook to set the variable file during Synapse configuration
|
||||
- include_tasks:
|
||||
file: "set_variables_synapse.yml"
|
||||
apply:
|
||||
tags: setup-synapse
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- setup-synapse
|
||||
|
||||
# Additional playbook to set the variable file during Jitsi configuration
|
||||
- include_tasks:
|
||||
file: "set_variables_jitsi.yml"
|
||||
apply:
|
||||
tags: setup-jitsi
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- setup-jitsi
|
||||
|
||||
# Additional playbook to set the variable file during Ma1sd configuration
|
||||
- include_tasks:
|
||||
file: "set_variables_ma1sd.yml"
|
||||
apply:
|
||||
tags: setup-ma1sd
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- setup-ma1sd
|
||||
|
||||
# Additional playbook to set the variable file during Corporal configuration
|
||||
- include_tasks:
|
||||
file: "set_variables_corporal.yml"
|
||||
apply:
|
||||
tags: setup-corporal
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- setup-corporal
|
||||
|
||||
# Additional playbook to set the variable file during Dimension configuration
|
||||
- include_tasks:
|
||||
file: "set_variables_dimension.yml"
|
||||
apply:
|
||||
tags: setup-dimension
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- setup-dimension
|
||||
|
||||
# Additional playbook to set the variable file during Synapse Admin configuration
|
||||
- include_tasks:
|
||||
file: "set_variables_synapse_admin.yml"
|
||||
apply:
|
||||
tags: setup-synapse-admin
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- setup-synapse-admin
|
||||
|
||||
# Load newly formed matrix variables from AWX volume
|
||||
- include_tasks:
|
||||
file: "load_matrix_variables.yml"
|
||||
apply:
|
||||
tags: always
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- always
|
@ -0,0 +1,10 @@
|
||||
|
||||
- name: Collect entire room list into stdout
|
||||
shell: |
|
||||
curl -X GET --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/rooms?from={{ item }}'
|
||||
register: rooms_output
|
||||
|
||||
- name: Print stdout to file
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
echo '{{ rooms_output.stdout }}' >> /tmp/{{ subscription_id }}_room_list_complete.json
|
@ -0,0 +1,13 @@
|
||||
|
||||
- name: Purge all rooms with more then N events
|
||||
shell: |
|
||||
curl --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ purge_epoche_time.stdout }}000 }' "{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_history/{{ item[1:-1] }}"
|
||||
register: purge_command
|
||||
|
||||
- name: Print output of purge command
|
||||
debug:
|
||||
msg: "{{ purge_command.stdout }}"
|
||||
|
||||
- name: Pause for 5 seconds to let Synapse breathe
|
||||
pause:
|
||||
seconds: 5
|
@ -0,0 +1,234 @@
|
||||
|
||||
- name: Ensure dateutils and curl is installed in AWX
|
||||
delegate_to: 127.0.0.1
|
||||
yum:
|
||||
name: dateutils
|
||||
state: latest
|
||||
|
||||
- name: Ensure dateutils, curl and jq intalled on target machine
|
||||
apt:
|
||||
pkg:
|
||||
- curl
|
||||
- jq
|
||||
state: present
|
||||
|
||||
- name: Include vars in matrix_vars.yml
|
||||
include_vars:
|
||||
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
no_log: True
|
||||
|
||||
- name: Collect size of Synapse database
|
||||
shell: du -sh /matrix/postgres/data
|
||||
register: db_size_before_stat
|
||||
no_log: True
|
||||
|
||||
- name: Print before size of Synapse database
|
||||
debug:
|
||||
msg: "{{ db_size_before_stat.stdout.split('\n') }}"
|
||||
when: db_size_before_stat is defined
|
||||
|
||||
- name: Collect the internal IP of the matrix-synapse container
|
||||
shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse"
|
||||
register: synapse_container_ip
|
||||
|
||||
- name: Collect access token for janitor user
|
||||
shell: |
|
||||
curl -X POST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ matrix_awx_janitor_user_password }}"}' "{{ synapse_container_ip.stdout }}:8008/_matrix/client/r0/login" | jq '.access_token'
|
||||
register: janitors_token
|
||||
no_log: True
|
||||
|
||||
- name: Collect total number of rooms
|
||||
shell: |
|
||||
curl -X GET --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/rooms' | jq '.total_rooms'
|
||||
when: purge_rooms|bool
|
||||
register: rooms_total
|
||||
|
||||
- name: Print total number of rooms
|
||||
debug:
|
||||
msg: '{{ rooms_total.stdout }}'
|
||||
when: purge_rooms|bool
|
||||
|
||||
- name: Calculate every 100 values for total number of rooms
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
seq 0 100 {{ rooms_total.stdout }}
|
||||
when: purge_rooms|bool
|
||||
register: every_100_rooms
|
||||
|
||||
- name: Ensure room_list_complete.json file exists
|
||||
delegate_to: 127.0.0.1
|
||||
file:
|
||||
path: /tmp/{{ subscription_id }}_room_list_complete.json
|
||||
state: touch
|
||||
when: purge_rooms|bool
|
||||
|
||||
- name: Build file with total room list
|
||||
include_tasks: purge_database_build_list.yml
|
||||
loop: "{{ every_100_rooms.stdout_lines | flatten(levels=1) }}"
|
||||
when: purge_rooms|bool
|
||||
|
||||
- name: Generate list of rooms with no local users
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
jq 'try .rooms[] | select(.joined_local_members == 0) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_no_local_users.txt
|
||||
when: purge_rooms|bool
|
||||
|
||||
- name: Count number of rooms with no local users
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
wc -l /tmp/{{ subscription_id }}_room_list_no_local_users.txt | awk '{ print $1 }'
|
||||
register: rooms_no_local_total
|
||||
when: purge_rooms|bool
|
||||
|
||||
- name: Setting host fact room_list_no_local_users
|
||||
set_fact:
|
||||
room_list_no_local_users: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_no_local_users.txt') }}"
|
||||
no_log: True
|
||||
when: purge_rooms|bool
|
||||
|
||||
- name: Purge all rooms with no local users
|
||||
include_tasks: purge_database_no_local.yml
|
||||
loop: "{{ room_list_no_local_users.splitlines() | flatten(levels=1) }}"
|
||||
when: purge_rooms|bool
|
||||
|
||||
- name: Collect epoche time from date
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
date -d '{{ purge_date }}' +"%s"
|
||||
when: purge_rooms|bool
|
||||
register: purge_epoche_time
|
||||
|
||||
- name: Generate list of rooms with more then N users
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
jq 'try .rooms[] | select(.joined_members > {{ purge_metric_value }}) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_joined_members.txt
|
||||
when: (purge_metric.find("Number of users") != -1) and (purge_rooms|bool)
|
||||
|
||||
- name: Count number of rooms with more then N users
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
wc -l /tmp/{{ subscription_id }}_room_list_joined_members.txt | awk '{ print $1 }'
|
||||
register: rooms_join_members_total
|
||||
when: (purge_metric.find("Number of users") != -1) and (purge_rooms|bool)
|
||||
|
||||
- name: Setting host fact room_list_joined_members
|
||||
delegate_to: 127.0.0.1
|
||||
set_fact:
|
||||
room_list_joined_members: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_joined_members.txt') }}"
|
||||
when: (purge_metric.find("Number of users") != -1) and (purge_rooms|bool)
|
||||
no_log: True
|
||||
|
||||
- name: Purge all rooms with more then N users
|
||||
include_tasks: purge_database_users.yml
|
||||
loop: "{{ room_list_joined_members.splitlines() | flatten(levels=1) }}"
|
||||
when: (purge_metric.find("Number of users") != -1) and (purge_rooms|bool)
|
||||
|
||||
- name: Generate list of rooms with more then N events
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
jq 'try .rooms[] | select(.state_events > {{ purge_metric_value }}) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_state_events.txt
|
||||
when: (purge_metric.find("Number of events") != -1) and (purge_rooms|bool)
|
||||
|
||||
- name: Count number of rooms with more then N users
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
wc -l /tmp/{{ subscription_id }}_room_list_state_events.txt | awk '{ print $1 }'
|
||||
register: rooms_state_events_total
|
||||
when: (purge_metric.find("Number of events") != -1) and (purge_rooms|bool)
|
||||
|
||||
- name: Setting host fact room_list_state_events
|
||||
delegate_to: 127.0.0.1
|
||||
set_fact:
|
||||
room_list_state_events: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_state_events.txt') }}"
|
||||
when: (purge_metric.find("Number of events") != -1) and (purge_rooms|bool)
|
||||
no_log: True
|
||||
|
||||
- name: Purge all rooms with more then N events
|
||||
include_tasks: purge_database_events.yml
|
||||
loop: "{{ room_list_state_events.splitlines() | flatten(levels=1) }}"
|
||||
when: (purge_metric.find("Number of events") != -1) and (purge_rooms|bool)
|
||||
|
||||
- name: Collect AWX admin token the hard way!
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
||||
register: tower_token
|
||||
no_log: True
|
||||
|
||||
- name: Execute rust-synapse-compress-state job template
|
||||
delegate_to: 127.0.0.1
|
||||
awx.awx.tower_job_launch:
|
||||
job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
|
||||
tags: "rust-synapse-compress-state"
|
||||
wait: yes
|
||||
tower_host: "https://{{ tower_host }}"
|
||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
||||
validate_certs: yes
|
||||
register: job
|
||||
|
||||
- name: Stop Synapse service
|
||||
shell: systemctl stop matrix-synapse.service
|
||||
|
||||
- name: Re-index Synapse database
|
||||
shell: docker exec -i matrix-postgres psql "host=127.0.0.1 port=5432 dbname=synapse user=synapse password={{ matrix_synapse_connection_password }}" -c 'REINDEX (VERBOSE) DATABASE synapse'
|
||||
|
||||
- name: Execute run-postgres-vacuum job template
|
||||
delegate_to: 127.0.0.1
|
||||
awx.awx.tower_job_launch:
|
||||
job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
|
||||
tags: "run-postgres-vacuum,start"
|
||||
wait: yes
|
||||
tower_host: "https://{{ tower_host }}"
|
||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
||||
validate_certs: yes
|
||||
register: job
|
||||
|
||||
- name: Cleanup room_list files
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
rm /tmp/{{ subscription_id }}_room_list*
|
||||
when: purge_rooms|bool
|
||||
ignore_errors: yes
|
||||
|
||||
- name: Collect size of Synapse database
|
||||
shell: du -sh /matrix/postgres/data
|
||||
register: db_size_after_stat
|
||||
no_log: True
|
||||
|
||||
- name: Print total number of rooms processed
|
||||
debug:
|
||||
msg: '{{ rooms_total.stdout }}'
|
||||
when: purge_rooms|bool
|
||||
|
||||
- name: Print the number of rooms purged with no local users
|
||||
debug:
|
||||
msg: '{{ rooms_no_local_total.stdout }}'
|
||||
when: purge_rooms|bool
|
||||
|
||||
- name: Print the number of rooms purged with more then N users
|
||||
debug:
|
||||
msg: '{{ rooms_join_members_total.stdout }}'
|
||||
when: (purge_metric.find("Number of users") != -1) and (purge_rooms|bool)
|
||||
|
||||
- name: Print the number of rooms purged with more then N events
|
||||
debug:
|
||||
msg: '{{ rooms_state_events_total.stdout }}'
|
||||
when: (purge_metric.find("Number of events") != -1) and (purge_rooms|bool)
|
||||
|
||||
- name: Print before purge size of Synapse database
|
||||
debug:
|
||||
msg: "{{ db_size_before_stat.stdout.split('\n') }}"
|
||||
when: db_size_before_stat is defined
|
||||
|
||||
- name: Print after purge size of Synapse database
|
||||
debug:
|
||||
msg: "{{ db_size_after_stat.stdout.split('\n') }}"
|
||||
when: db_size_after_stat is defined
|
||||
|
||||
- name: Set boolean value to exit playbook
|
||||
set_fact:
|
||||
end_playbook: true
|
||||
|
||||
- name: End playbook early if this task is called.
|
||||
meta: end_play
|
||||
when: end_playbook is defined and end_playbook|bool
|
@ -0,0 +1,13 @@
|
||||
|
||||
- name: Purge all rooms with no local users
|
||||
shell: |
|
||||
curl --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "room_id": {{ item }} }' '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_room'
|
||||
register: purge_command
|
||||
|
||||
- name: Print output of purge command
|
||||
debug:
|
||||
msg: "{{ purge_command.stdout }}"
|
||||
|
||||
- name: Pause for 5 seconds to let Synapse breathe
|
||||
pause:
|
||||
seconds: 5
|
@ -0,0 +1,13 @@
|
||||
|
||||
- name: Purge all rooms with more then N users
|
||||
shell: |
|
||||
curl --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ purge_epoche_time.stdout }}000 }' "{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_history/{{ item[1:-1] }}"
|
||||
register: purge_command
|
||||
|
||||
- name: Print output of purge command
|
||||
debug:
|
||||
msg: "{{ purge_command.stdout }}"
|
||||
|
||||
- name: Pause for 5 seconds to let Synapse breathe
|
||||
pause:
|
||||
seconds: 5
|
@ -0,0 +1,18 @@
|
||||
|
||||
- name: Collect epoche time from date
|
||||
shell: |
|
||||
date -d '{{ item }}' +"%s"
|
||||
register: epoche_time
|
||||
|
||||
- name: Purge local media to specific date
|
||||
shell: |
|
||||
curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ epoche_time.stdout }}'
|
||||
register: purge_command
|
||||
|
||||
- name: Print output of purge command
|
||||
debug:
|
||||
msg: "{{ purge_command.stdout }}"
|
||||
|
||||
- name: Pause for 5 seconds to let Synapse breathe
|
||||
pause:
|
||||
seconds: 5
|
@ -0,0 +1,98 @@
|
||||
|
||||
- name: Ensure dateutils and curl is installed in AWX
|
||||
delegate_to: 127.0.0.1
|
||||
yum:
|
||||
name: dateutils
|
||||
state: latest
|
||||
|
||||
- name: Include vars in matrix_vars.yml
|
||||
include_vars:
|
||||
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
no_log: True
|
||||
|
||||
- name: Ensure curl and jq intalled on target machine
|
||||
apt:
|
||||
pkg:
|
||||
- curl
|
||||
- jq
|
||||
state: present
|
||||
|
||||
- name: Collect access token for janitor user
|
||||
shell: |
|
||||
curl -XPOST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ matrix_awx_janitor_user_password }}"}' "https://matrix.{{ matrix_domain }}/_matrix/client/r0/login" | jq '.access_token'
|
||||
register: janitors_token
|
||||
|
||||
- name: Collect the internal IP of the matrix-synapse container
|
||||
shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse"
|
||||
register: synapse_container_ip
|
||||
|
||||
- name: Generate list of dates to purge to
|
||||
delegate_to: 127.0.0.1
|
||||
shell: "dateseq {{ matrix_purge_from_date }} {{ matrix_purge_to_date }}"
|
||||
register: purge_dates
|
||||
|
||||
- name: Calculate initial size of local media repository
|
||||
shell: du -sh /matrix/synapse/storage/media-store/local*
|
||||
register: local_media_size_before
|
||||
when: matrix_purge_media_type == "Local Media"
|
||||
ignore_errors: yes
|
||||
no_log: True
|
||||
|
||||
- name: Calculate initial size of remote media repository
|
||||
shell: du -sh /matrix/synapse/storage/media-store/remote*
|
||||
register: remote_media_size_before
|
||||
when: matrix_purge_media_type == "Remote Media"
|
||||
ignore_errors: yes
|
||||
no_log: True
|
||||
|
||||
- name: Purge local media with loop
|
||||
include_tasks: purge_media_local.yml
|
||||
loop: "{{ purge_dates.stdout_lines | flatten(levels=1) }}"
|
||||
when: matrix_purge_media_type == "Local Media"
|
||||
|
||||
- name: Purge remote media with loop
|
||||
include_tasks: purge_media_remote.yml
|
||||
loop: "{{ purge_dates.stdout_lines | flatten(levels=1) }}"
|
||||
when: matrix_purge_media_type == "Remote Media"
|
||||
|
||||
- name: Calculate final size of local media repository
|
||||
shell: du -sh /matrix/synapse/storage/media-store/local*
|
||||
register: local_media_size_after
|
||||
when: matrix_purge_media_type == "Local Media"
|
||||
ignore_errors: yes
|
||||
no_log: True
|
||||
|
||||
- name: Calculate final size of remote media repository
|
||||
shell: du -sh /matrix/synapse/storage/media-store/remote*
|
||||
register: remote_media_size_after
|
||||
when: matrix_purge_media_type == "Remote Media"
|
||||
ignore_errors: yes
|
||||
no_log: True
|
||||
|
||||
- name: Print size of local media repository before purge
|
||||
debug:
|
||||
msg: "{{ local_media_size_before.stdout.split('\n') }}"
|
||||
when: matrix_purge_media_type == "Local Media"
|
||||
|
||||
- name: Print size of local media repository after purge
|
||||
debug:
|
||||
msg: "{{ local_media_size_after.stdout.split('\n') }}"
|
||||
when: matrix_purge_media_type == "Local Media"
|
||||
|
||||
- name: Print size of remote media repository before purge
|
||||
debug:
|
||||
msg: "{{ remote_media_size_before.stdout.split('\n') }}"
|
||||
when: matrix_purge_media_type == "Remote Media"
|
||||
|
||||
- name: Print size of remote media repository after purge
|
||||
debug:
|
||||
msg: "{{ remote_media_size_after.stdout.split('\n') }}"
|
||||
when: matrix_purge_media_type == "Remote Media"
|
||||
|
||||
- name: Set boolean value to exit playbook
|
||||
set_fact:
|
||||
end_playbook: true
|
||||
|
||||
- name: End playbook early if this task is called.
|
||||
meta: end_play
|
||||
when: end_playbook is defined and end_playbook|bool
|
@ -0,0 +1,18 @@
|
||||
|
||||
- name: Collect epoche time from date
|
||||
shell: |
|
||||
date -d '{{ item }}' +"%s"
|
||||
register: epoche_time
|
||||
|
||||
- name: Purge remote media to specific date
|
||||
shell: |
|
||||
curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_media_cache?before_ts={{ epoche_time.stdout }}'
|
||||
register: purge_command
|
||||
|
||||
- name: Print output of purge command
|
||||
debug:
|
||||
msg: "{{ purge_command.stdout }}"
|
||||
|
||||
- name: Pause for 5 seconds to let Synapse breathe
|
||||
pause:
|
||||
seconds: 5
|
@ -0,0 +1,8 @@
|
||||
|
||||
- name: Rename synapse presence variable
|
||||
delegate_to: 127.0.0.1
|
||||
replace:
|
||||
path: "/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml"
|
||||
regexp: 'matrix_synapse_use_presence'
|
||||
replace: 'matrix_synapse_presence_enabled'
|
||||
|
@ -0,0 +1,105 @@
|
||||
|
||||
- name: Install prerequisite apt packages on target
|
||||
apt:
|
||||
name:
|
||||
- sysstat
|
||||
- curl
|
||||
state: present
|
||||
|
||||
- name: Install prerequisite yum packages on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
yum:
|
||||
name:
|
||||
- bind-utils
|
||||
state: present
|
||||
|
||||
- name: Install prerequisite pip packages on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
pip:
|
||||
name:
|
||||
- dnspython
|
||||
state: present
|
||||
|
||||
- name: Calculate MAU value
|
||||
shell: |
|
||||
curl -s localhost:9000 | grep "^synapse_admin_mau_current "
|
||||
register: mau_stat
|
||||
no_log: True
|
||||
|
||||
- name: Print MAU value
|
||||
debug:
|
||||
msg: "{{ mau_stat.stdout.split('\n') }}"
|
||||
when: mau_stat is defined
|
||||
|
||||
- name: Calculate CPU usage statistics
|
||||
shell: iostat -c
|
||||
register: cpu_usage_stat
|
||||
no_log: True
|
||||
|
||||
- name: Print CPU usage statistics
|
||||
debug:
|
||||
msg: "{{ cpu_usage_stat.stdout.split('\n') }}"
|
||||
when: cpu_usage_stat is defined
|
||||
|
||||
- name: Calculate RAM usage statistics
|
||||
shell: free -mh
|
||||
register: ram_usage_stat
|
||||
no_log: True
|
||||
|
||||
- name: Print RAM usage statistics
|
||||
debug:
|
||||
msg: "{{ ram_usage_stat.stdout.split('\n') }}"
|
||||
when: ram_usage_stat is defined
|
||||
|
||||
- name: Calculate free disk space
|
||||
shell: df -h
|
||||
register: disk_space_stat
|
||||
no_log: True
|
||||
|
||||
- name: Print free disk space
|
||||
debug:
|
||||
msg: "{{ disk_space_stat.stdout.split('\n') }}"
|
||||
when: disk_space_stat is defined
|
||||
|
||||
- name: Calculate size of Synapse database
|
||||
shell: du -sh /matrix/postgres/data
|
||||
register: db_size_stat
|
||||
no_log: True
|
||||
|
||||
- name: Print size of Synapse database
|
||||
debug:
|
||||
msg: "{{ db_size_stat.stdout.split('\n') }}"
|
||||
when: db_size_stat is defined
|
||||
|
||||
- name: Calculate size of local media repository
|
||||
shell: du -sh /matrix/synapse/storage/media-store/local*
|
||||
register: local_media_size_stat
|
||||
ignore_errors: yes
|
||||
no_log: True
|
||||
|
||||
- name: Print size of local media repository
|
||||
debug:
|
||||
msg: "{{ local_media_size_stat.stdout.split('\n') }}"
|
||||
when: local_media_size_stat is defined
|
||||
|
||||
- name: Calculate size of remote media repository
|
||||
shell: du -sh /matrix/synapse/storage/media-store/remote*
|
||||
register: remote_media_size_stat
|
||||
ignore_errors: yes
|
||||
no_log: True
|
||||
|
||||
- name: Print size of remote media repository
|
||||
debug:
|
||||
msg: "{{ remote_media_size_stat.stdout.split('\n') }}"
|
||||
when: remote_media_size_stat is defined
|
||||
|
||||
- name: Calculate docker container statistics
|
||||
shell: docker stats --all --no-stream
|
||||
register: docker_stats
|
||||
ignore_errors: yes
|
||||
no_log: True
|
||||
|
||||
- name: Print docker container statistics
|
||||
debug:
|
||||
msg: "{{ docker_stats.stdout.split('\n') }}"
|
||||
when: docker_stats is defined
|
@ -0,0 +1,247 @@
|
||||
|
||||
- name: Record Corporal Enabled/Disabled variable
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Corporal Settings Start'
|
||||
with_dict:
|
||||
'matrix_corporal_enabled': '{{ matrix_corporal_enabled }}'
|
||||
|
||||
- name: Enable Shared Secret Auth if Corporal enabled
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Shared Secret Auth Settings Start'
|
||||
with_dict:
|
||||
'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'true'
|
||||
when: matrix_corporal_enabled|bool
|
||||
|
||||
- name: Disable Shared Secret Auth if Corporal disabled
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Shared Secret Auth Settings Start'
|
||||
with_dict:
|
||||
'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'false'
|
||||
when: not matrix_corporal_enabled|bool
|
||||
|
||||
- name: Enable Rest Auth Endpoint if Corporal enabled
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Synapse Extension Start'
|
||||
with_dict:
|
||||
'matrix_synapse_ext_password_provider_rest_auth_enabled': 'true'
|
||||
when: matrix_corporal_enabled|bool
|
||||
|
||||
- name: Disable Rest Auth Endpoint if Corporal disabled
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Synapse Extension Start'
|
||||
with_dict:
|
||||
'matrix_synapse_ext_password_provider_rest_auth_enabled': 'false'
|
||||
when: not matrix_corporal_enabled|bool
|
||||
|
||||
- name: Disable Corporal API if Simple Static File mode selected
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Corporal Settings Start'
|
||||
with_dict:
|
||||
'matrix_corporal_http_api_enabled': 'false'
|
||||
when: (matrix_corporal_policy_provider_mode == "Simple Static File") or (not matrix_corporal_enabled|bool)
|
||||
|
||||
- name: Enable Corporal API if Push/Pull mode delected
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Corporal Settings Start'
|
||||
with_dict:
|
||||
'matrix_corporal_http_api_enabled': 'true'
|
||||
when: (matrix_corporal_policy_provider_mode != "Simple Static File") and (matrix_corporal_enabled|bool)
|
||||
|
||||
- name: Record Corporal API Access Token if it's defined
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Corporal Settings Start'
|
||||
with_dict:
|
||||
'matrix_corporal_http_api_auth_token': '{{ matrix_corporal_http_api_auth_token }}'
|
||||
when: matrix_corporal_http_api_auth_token|length > 0
|
||||
|
||||
- name: Record 'Simple Static File' configuration variables in matrix_vars.yml
|
||||
delegate_to: 127.0.0.1
|
||||
blockinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
insertafter: "# Corporal Policy Provider Settings Start"
|
||||
block: |
|
||||
matrix_corporal_policy_provider_config: |
|
||||
{
|
||||
"Type": "static_file",
|
||||
"Path": "/etc/matrix-corporal/corporal-policy.json"
|
||||
}
|
||||
when: matrix_corporal_policy_provider_mode == "Simple Static File"
|
||||
|
||||
- name: Touch the /matrix/corporal/ directory
|
||||
file:
|
||||
path: "/matrix/corporal/"
|
||||
state: directory
|
||||
owner: matrix
|
||||
group: matrix
|
||||
mode: '750'
|
||||
|
||||
- name: Touch the /matrix/corporal/config/ directory
|
||||
file:
|
||||
path: "/matrix/corporal/config/"
|
||||
state: directory
|
||||
owner: matrix
|
||||
group: matrix
|
||||
mode: '750'
|
||||
|
||||
- name: Touch the /matrix/corporal/cache/ directory
|
||||
file:
|
||||
path: "/matrix/corporal/cache/"
|
||||
state: directory
|
||||
owner: matrix
|
||||
group: matrix
|
||||
mode: '750'
|
||||
|
||||
- name: Touch the corporal-policy.json file to ensure it exists
|
||||
file:
|
||||
path: "/matrix/corporal/config/corporal-policy.json"
|
||||
state: touch
|
||||
owner: matrix
|
||||
group: matrix
|
||||
mode: '660'
|
||||
|
||||
- name: Touch the last-policy.json file to ensure it exists
|
||||
file:
|
||||
path: "/matrix/corporal/config/last-policy.json"
|
||||
state: touch
|
||||
owner: matrix
|
||||
group: matrix
|
||||
mode: '660'
|
||||
|
||||
- name: Record 'Simple Static File' configuration content in corporal-policy.json
|
||||
copy:
|
||||
content: "{{ matrix_corporal_simple_static_config | string }}"
|
||||
dest: "/matrix/corporal/config/corporal-policy.json"
|
||||
owner: matrix
|
||||
group: matrix
|
||||
mode: '660'
|
||||
when: (matrix_corporal_policy_provider_mode == "Simple Static File") and (matrix_corporal_simple_static_config|length > 0)
|
||||
|
||||
- name: Record 'HTTP Pull Mode' configuration variables in matrix_vars.yml
|
||||
delegate_to: 127.0.0.1
|
||||
blockinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
insertafter: "# Corporal Policy Provider Settings Start"
|
||||
block: |
|
||||
matrix_corporal_policy_provider_config: |
|
||||
{
|
||||
"Type": "http",
|
||||
"Uri": "{{ matrix_corporal_pull_mode_uri }}",
|
||||
"AuthorizationBearerToken": "{{ matrix_corporal_pull_mode_token }}",
|
||||
"CachePath": "/var/cache/matrix-corporal/last-policy.json",
|
||||
"ReloadIntervalSeconds": 1800,
|
||||
"TimeoutMilliseconds": 30000
|
||||
}
|
||||
when: (matrix_corporal_policy_provider_mode == "HTTP Pull Mode (API Enabled)") and (matrix_corporal_pull_mode_uri|length > 0) and (matrix_corporal_pull_mode_token|length > 0)
|
||||
|
||||
- name: Record 'HTTP Push Mode' configuration variables in matrix_vars.yml
|
||||
delegate_to: 127.0.0.1
|
||||
blockinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
insertafter: "# Corporal Policy Provider Settings Start"
|
||||
block: |
|
||||
matrix_corporal_policy_provider_config: |
|
||||
{
|
||||
"Type": "last_seen_store_policy",
|
||||
"CachePath": "/var/cache/matrix-corporal/last-policy.json"
|
||||
}
|
||||
when: (matrix_corporal_policy_provider_mode == "HTTP Push Mode (API Enabled)")
|
||||
|
||||
- name: Lower RateLimit if set to 'Normal'
|
||||
delegate_to: 127.0.0.1
|
||||
replace:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: ' address:\n per_second: 50\n burst_count: 300\n account:\n per_second: 0.17\n burst_count: 300'
|
||||
replace: ' address:\n per_second: 0.17\n burst_count: 3\n account:\n per_second: 0.17\n burst_count: 3'
|
||||
when: matrix_corporal_raise_ratelimits == "Normal"
|
||||
|
||||
- name: Raise RateLimit if set to 'Raised'
|
||||
delegate_to: 127.0.0.1
|
||||
replace:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: ' address:\n per_second: 0.17\n burst_count: 3\n account:\n per_second: 0.17\n burst_count: 3'
|
||||
replace: ' address:\n per_second: 50\n burst_count: 300\n account:\n per_second: 0.17\n burst_count: 300'
|
||||
when: matrix_corporal_raise_ratelimits == "Raised"
|
||||
|
||||
- name: Save new 'Configure Corporal' survey.json to the AWX tower
|
||||
delegate_to: 127.0.0.1
|
||||
template:
|
||||
src: 'roles/matrix-awx/surveys/configure_corporal.json.j2'
|
||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json'
|
||||
|
||||
- name: Copy new 'Configure Corporal' survey.json to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json'
|
||||
dest: '/matrix/awx/configure_corporal.json'
|
||||
mode: '0660'
|
||||
|
||||
- debug:
|
||||
msg: "matrix_corporal_matrix_homeserver_api_endpoint: {{ matrix_corporal_matrix_homeserver_api_endpoint }}"
|
||||
|
||||
- debug:
|
||||
msg: "matrix_corporal_matrix_auth_shared_secret: {{ matrix_corporal_matrix_auth_shared_secret }}"
|
||||
|
||||
- debug:
|
||||
msg: "matrix_corporal_http_gateway_internal_rest_auth_enabled: {{ matrix_corporal_http_gateway_internal_rest_auth_enabled }}"
|
||||
|
||||
- debug:
|
||||
msg: "matrix_corporal_matrix_registration_shared_secret: {{ matrix_corporal_matrix_registration_shared_secret }}"
|
||||
|
||||
- name: Collect AWX admin token the hard way!
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
||||
register: tower_token
|
||||
no_log: True
|
||||
|
||||
- name: Recreate 'Configure Corporal (Advanced)' job template
|
||||
delegate_to: 127.0.0.1
|
||||
awx.awx.tower_job_template:
|
||||
name: "{{ matrix_domain }} - 1 - Configure Corporal (Advanced)"
|
||||
description: "Configure Matrix Corporal, a tool that manages your Matrix server according to a configuration policy."
|
||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
||||
job_type: run
|
||||
job_tags: "start,setup-corporal"
|
||||
inventory: "{{ member_id }}"
|
||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
||||
playbook: setup.yml
|
||||
credential: "{{ member_id }} - AWX SSH Key"
|
||||
survey_enabled: true
|
||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json') }}"
|
||||
become_enabled: yes
|
||||
state: present
|
||||
verbosity: 1
|
||||
tower_host: "https://{{ tower_host }}"
|
||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
||||
validate_certs: yes
|
@ -0,0 +1,111 @@
|
||||
|
||||
- name: Include vars in matrix_vars.yml
|
||||
include_vars:
|
||||
file: '{{ awx_cached_matrix_vars }}'
|
||||
no_log: True
|
||||
|
||||
- name: Install jq and curl on remote machine
|
||||
apt:
|
||||
name:
|
||||
- jq
|
||||
- curl
|
||||
state: present
|
||||
|
||||
- name: Collect access token of Dimension user
|
||||
shell: |
|
||||
curl -X POST --header 'Content-Type: application/json' -d '{ "identifier": { "type": "m.id.user","user": "dimension" }, "password": "{{ matrix_awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//'
|
||||
register: dimension_user_access_token
|
||||
|
||||
- name: Record Synapse variables locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Dimension Settings Start'
|
||||
with_dict:
|
||||
'matrix_dimension_enabled': '{{ matrix_dimension_enabled }}'
|
||||
'matrix_dimension_access_token': '"{{ dimension_user_access_token.stdout }}"'
|
||||
|
||||
- name: Set final users list if users are defined
|
||||
set_fact:
|
||||
ext_dimension_users_raw_final: "{{ ext_dimension_users_raw }}"
|
||||
when: ext_dimension_users_raw|length > 0
|
||||
|
||||
- name: Set final users list if no users are defined
|
||||
set_fact:
|
||||
ext_dimension_users_raw_final: '@dimension:{{ matrix_domain }}'
|
||||
when: ext_dimension_users_raw|length == 0
|
||||
|
||||
- name: Remove Dimension Users
|
||||
delegate_to: 127.0.0.1
|
||||
replace:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: '^ - .*\n'
|
||||
after: 'matrix_dimension_admins:'
|
||||
before: '# Dimension Settings End'
|
||||
|
||||
- name: Set Dimension Users Header
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
insertbefore: '# Dimension Settings End'
|
||||
line: "matrix_dimension_admins:"
|
||||
|
||||
- name: Set Dimension Users
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
insertafter: '^matrix_dimension_admins:'
|
||||
line: ' - "{{ item }}"'
|
||||
with_items: "{{ ext_dimension_users_raw_final.splitlines() }}"
|
||||
|
||||
- name: Record Dimension Custom variables locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Custom Settings Start'
|
||||
with_dict:
|
||||
'ext_dimension_users_raw': '{{ ext_dimension_users_raw.splitlines() | to_json }}'
|
||||
|
||||
- name: Save new 'Configure Dimension' survey.json to the AWX tower, template
|
||||
delegate_to: 127.0.0.1
|
||||
template:
|
||||
src: 'roles/matrix-awx/surveys/configure_dimension.json.j2'
|
||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//configure_dimension.json'
|
||||
|
||||
- name: Copy new 'Configure Dimension' survey.json to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json'
|
||||
dest: '/matrix/awx/configure_dimension.json'
|
||||
mode: '0660'
|
||||
|
||||
- name: Collect AWX admin token the hard way!
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
||||
register: tower_token
|
||||
no_log: True
|
||||
|
||||
- name: Recreate 'Configure Dimension' job template
|
||||
delegate_to: 127.0.0.1
|
||||
awx.awx.tower_job_template:
|
||||
name: "{{ matrix_domain }} - 1 - Configure Dimension"
|
||||
description: "Configure Dimension, the self-hosted integrations server."
|
||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
||||
job_type: run
|
||||
job_tags: "start,setup-all,setup-dimension"
|
||||
inventory: "{{ member_id }}"
|
||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
||||
playbook: setup.yml
|
||||
credential: "{{ member_id }} - AWX SSH Key"
|
||||
survey_enabled: true
|
||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json') }}"
|
||||
become_enabled: yes
|
||||
state: present
|
||||
verbosity: 1
|
||||
tower_host: "https://{{ tower_host }}"
|
||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
||||
validate_certs: yes
|
@ -0,0 +1,70 @@
|
||||
|
||||
- name: Record Element-Web variables locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Element Settings Start'
|
||||
with_dict:
|
||||
'matrix_client_element_enabled': '{{ matrix_client_element_enabled }}'
|
||||
'matrix_client_element_jitsi_preferredDomain': '{{ matrix_client_element_jitsi_preferredDomain }}'
|
||||
'matrix_client_element_brand': '{{ matrix_client_element_brand }}'
|
||||
'matrix_client_element_default_theme': '{{ matrix_client_element_default_theme }}'
|
||||
'matrix_client_element_registration_enabled': '{{ matrix_client_element_registration_enabled }}'
|
||||
'matrix_server_fqn_element': "{{ element_subdomain }}.{{ matrix_domain }}"
|
||||
|
||||
- name: Set fact for 'https' string
|
||||
set_fact:
|
||||
awx_https_string: "https"
|
||||
|
||||
- name: Record Element-Web Background variable locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Element Settings Start'
|
||||
with_dict:
|
||||
'matrix_client_element_branding_welcomeBackgroundUrl': '{{ matrix_client_element_branding_welcomeBackgroundUrl }}'
|
||||
when: (awx_https_string in matrix_client_element_branding_welcomeBackgroundUrl) and ( matrix_client_element_branding_welcomeBackgroundUrl|length > 0 )
|
||||
|
||||
- name: Save new 'Configure Element' survey.json to the AWX tower, template
|
||||
delegate_to: 127.0.0.1
|
||||
template:
|
||||
src: 'roles/matrix-awx/surveys/configure_element.json.j2'
|
||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json'
|
||||
|
||||
- name: Copy new 'Configure Element' survey.json to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json'
|
||||
dest: '/matrix/awx/configure_element.json'
|
||||
mode: '0660'
|
||||
|
||||
- name: Collect AWX admin token the hard way!
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
||||
register: tower_token
|
||||
no_log: True
|
||||
|
||||
- name: Recreate 'Configure Element' job template
|
||||
delegate_to: 127.0.0.1
|
||||
awx.awx.tower_job_template:
|
||||
name: "{{ matrix_domain }} - 1 - Configure Element"
|
||||
description: "Configure Element client via survey."
|
||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
||||
job_type: run
|
||||
job_tags: "start,setup-client-element"
|
||||
inventory: "{{ member_id }}"
|
||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
||||
playbook: setup.yml
|
||||
credential: "{{ member_id }} - AWX SSH Key"
|
||||
survey_enabled: true
|
||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json') }}"
|
||||
become_enabled: yes
|
||||
state: present
|
||||
verbosity: 1
|
||||
tower_host: "https://{{ tower_host }}"
|
||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
||||
validate_certs: yes
|
@ -0,0 +1,51 @@
|
||||
|
||||
- name: Record Jitsi variables locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Jitsi Settings Start'
|
||||
with_dict:
|
||||
'matrix_jitsi_enabled': '{{ matrix_jitsi_enabled }}'
|
||||
'matrix_jitsi_web_config_defaultLanguage': '{{ matrix_jitsi_web_config_defaultLanguage }}'
|
||||
|
||||
- name: Save new 'Configure Jitsi' survey.json to the AWX tower, template
|
||||
delegate_to: 127.0.0.1
|
||||
template:
|
||||
src: 'roles/matrix-awx/surveys/configure_jitsi.json.j2'
|
||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json'
|
||||
|
||||
- name: Copy new 'Configure Jitsi' survey.json to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json'
|
||||
dest: '/matrix/awx/configure_jitsi.json'
|
||||
mode: '0660'
|
||||
|
||||
- name: Collect AWX admin token the hard way!
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
||||
register: tower_token
|
||||
no_log: True
|
||||
|
||||
- name: Recreate 'Configure Jitsi' job template
|
||||
delegate_to: 127.0.0.1
|
||||
awx.awx.tower_job_template:
|
||||
name: "{{ matrix_domain }} - 1 - Configure Jitsi"
|
||||
description: "Configure Jitsi conferencing settings."
|
||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
||||
job_type: run
|
||||
job_tags: "start,setup-jitsi"
|
||||
inventory: "{{ member_id }}"
|
||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
||||
playbook: setup.yml
|
||||
credential: "{{ member_id }} - AWX SSH Key"
|
||||
survey_enabled: true
|
||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json') }}"
|
||||
become_enabled: yes
|
||||
state: present
|
||||
verbosity: 1
|
||||
tower_host: "https://{{ tower_host }}"
|
||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
||||
validate_certs: yes
|
@ -0,0 +1,122 @@
|
||||
|
||||
- name: Record ma1sd variables locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# ma1sd Settings Start'
|
||||
with_dict:
|
||||
'matrix_ma1sd_enabled': '{{ matrix_ma1sd_enabled }}'
|
||||
|
||||
- name: Disable REST auth (matrix-corporal/ma1sd) if using internal auth
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Synapse Extension Start'
|
||||
with_dict:
|
||||
'matrix_synapse_ext_password_provider_rest_auth_enabled': 'false'
|
||||
when: ext_matrix_ma1sd_auth_store == 'Synapse Internal'
|
||||
|
||||
- name: Enable REST auth if using external LDAP/AD with ma1sd
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Synapse Extension Start'
|
||||
with_dict:
|
||||
'matrix_synapse_ext_password_provider_rest_auth_enabled': 'true'
|
||||
'matrix_synapse_ext_password_provider_rest_auth_endpoint': 'http://matrix-ma1sd:8090'
|
||||
when: ext_matrix_ma1sd_auth_store == 'LDAP/AD'
|
||||
|
||||
- name: Strip header from ma1sd configuration extension if using internal auth
|
||||
set_fact:
|
||||
ext_matrix_ma1sd_configuration_extension_yaml_parsed: "{{ ext_matrix_ma1sd_configuration_extension_yaml.splitlines() | reject('search', '^matrix_client_element_configuration_extension_json:') | list }}"
|
||||
when: ext_matrix_ma1sd_auth_store == 'LDAP/AD'
|
||||
|
||||
- name: Remove entire ma1sd configuration extension
|
||||
delegate_to: 127.0.0.1
|
||||
replace:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: '^.*\n'
|
||||
after: '# Start ma1sd Extension'
|
||||
before: '# End ma1sd Extension'
|
||||
|
||||
- name: Replace conjoined ma1sd configuration extension limiters
|
||||
delegate_to: 127.0.0.1
|
||||
replace:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: '^# Start ma1sd Extension# End ma1sd Extension'
|
||||
replace: '# Start ma1sd Extension\n# End ma1sd Extension'
|
||||
|
||||
- name: Insert ma1sd configuration extension header if using external LDAP/AD with ma1sd
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
line: "matrix_ma1sd_configuration_extension_yaml: |"
|
||||
insertafter: '# Start ma1sd Extension'
|
||||
when: ext_matrix_ma1sd_auth_store == 'LDAP/AD'
|
||||
|
||||
- name: Set ma1sd configuration extension if using external LDAP/AD with ma1sd
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
insertbefore: '# End ma1sd Extension'
|
||||
line: '{{ item }}'
|
||||
with_items: "{{ ext_matrix_ma1sd_configuration_extension_yaml_parsed }}"
|
||||
when: ext_matrix_ma1sd_auth_store == 'LDAP/AD'
|
||||
|
||||
- name: Record ma1sd Custom variables locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertbefore: '# Custom Settings Start'
|
||||
with_dict:
|
||||
'ext_matrix_ma1sd_auth_store': '{{ ext_matrix_ma1sd_auth_store }}'
|
||||
'ext_matrix_ma1sd_configuration_extension_yaml': '{{ ext_matrix_ma1sd_configuration_extension_yaml.splitlines() | to_json }}'
|
||||
|
||||
- name: Save new 'Configure ma1sd' survey.json to the AWX tower, template
|
||||
delegate_to: 127.0.0.1
|
||||
template:
|
||||
src: 'roles/matrix-awx/surveys/configure_ma1sd.json.j2'
|
||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json'
|
||||
|
||||
- name: Copy new 'Configure ma1sd' survey.json to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json'
|
||||
dest: '/matrix/awx/configure_ma1sd.json'
|
||||
mode: '0660'
|
||||
|
||||
- name: Collect AWX admin token the hard way!
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
||||
register: tower_token
|
||||
no_log: True
|
||||
|
||||
- name: Recreate 'Configure ma1sd (Advanced)' job template
|
||||
delegate_to: 127.0.0.1
|
||||
awx.awx.tower_job_template:
|
||||
name: "{{ matrix_domain }} - 1 - Configure ma1sd (Advanced)"
|
||||
description: "Configure Jitsi conferencing settings."
|
||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
||||
job_type: run
|
||||
job_tags: "start,setup-ma1sd"
|
||||
inventory: "{{ member_id }}"
|
||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
||||
playbook: setup.yml
|
||||
credential: "{{ member_id }} - AWX SSH Key"
|
||||
survey_enabled: true
|
||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json') }}"
|
||||
become_enabled: yes
|
||||
state: present
|
||||
verbosity: 1
|
||||
tower_host: "https://{{ tower_host }}"
|
||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
||||
validate_certs: yes
|
||||
|
@ -0,0 +1,226 @@
|
||||
|
||||
- name: Limit max upload size to 100MB part 1
|
||||
set_fact:
|
||||
matrix_synapse_max_upload_size_mb: "100"
|
||||
when: matrix_synapse_max_upload_size_mb_raw|int >= 100
|
||||
|
||||
- name: Limit max upload size to 100MB part 2
|
||||
set_fact:
|
||||
matrix_synapse_max_upload_size_mb: "{{ matrix_synapse_max_upload_size_mb_raw }}"
|
||||
when: matrix_synapse_max_upload_size_mb_raw|int < 100
|
||||
|
||||
- name: Record Synapse variables locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Synapse Settings Start'
|
||||
with_dict:
|
||||
'matrix_synapse_allow_public_rooms_over_federation': '{{ matrix_synapse_allow_public_rooms_over_federation }}'
|
||||
'matrix_synapse_enable_registration': '{{ matrix_synapse_enable_registration }}'
|
||||
'matrix_synapse_federation_enabled': '{{ matrix_synapse_federation_enabled }}'
|
||||
'matrix_synapse_enable_group_creation': '{{ matrix_synapse_enable_group_creation }}'
|
||||
'matrix_synapse_presence_enabled': '{{ matrix_synapse_presence_enabled }}'
|
||||
'matrix_synapse_max_upload_size_mb': '{{ matrix_synapse_max_upload_size_mb }}'
|
||||
'matrix_synapse_url_preview_enabled': '{{ matrix_synapse_url_preview_enabled }}'
|
||||
'matrix_synapse_allow_guest_access': '{{ matrix_synapse_allow_guest_access }}'
|
||||
|
||||
- name: Empty Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if raw inputs empty
|
||||
delegate_to: 127.0.0.1
|
||||
replace:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: "^matrix_synapse_auto_join_rooms: .*$"
|
||||
replace: "matrix_synapse_auto_join_rooms: []"
|
||||
when: matrix_synapse_auto_join_rooms_raw|length == 0
|
||||
|
||||
- name: If the raw inputs is not empty start constructing parsed auto_join_rooms list
|
||||
set_fact:
|
||||
matrix_synapse_auto_join_rooms_array: |-
|
||||
{{ matrix_synapse_auto_join_rooms_raw.splitlines() | to_json }}
|
||||
when: matrix_synapse_auto_join_rooms_raw|length > 0
|
||||
|
||||
- name: Record Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if it's not blank
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Synapse Settings Start'
|
||||
with_dict:
|
||||
"matrix_synapse_auto_join_rooms": "{{ matrix_synapse_auto_join_rooms_array }}"
|
||||
when: matrix_synapse_auto_join_rooms_raw|length > 0
|
||||
|
||||
- name: Record Synapse Shared Secret if it's defined
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Synapse Settings Start'
|
||||
with_dict:
|
||||
'matrix_synapse_registration_shared_secret': '{{ matrix_synapse_registration_shared_secret }}'
|
||||
when: matrix_synapse_registration_shared_secret|length > 0
|
||||
|
||||
- name: Record registations_require_3pid extra variable if true
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: "{{ item }}:"
|
||||
line: "{{ item }}"
|
||||
insertbefore: '# Synapse Extension End'
|
||||
with_items:
|
||||
- " registrations_require_3pid:"
|
||||
- " - email"
|
||||
when: ext_registrations_require_3pid|bool
|
||||
|
||||
- name: Remove registrations_require_3pid extra variable if false
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: "{{ item }}:"
|
||||
line: "{{ item }}"
|
||||
insertbefore: '# Synapse Extension End'
|
||||
state: absent
|
||||
with_items:
|
||||
- " registrations_require_3pid:"
|
||||
- " - email"
|
||||
when: not ext_registrations_require_3pid|bool
|
||||
|
||||
- name: Remove URL Languages
|
||||
delegate_to: 127.0.0.1
|
||||
replace:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: '^(?!.*\bemail\b) - [a-zA-Z\-]{2,5}\n'
|
||||
after: ' url_preview_accept_language:'
|
||||
before: '# Synapse Extension End'
|
||||
|
||||
- name: Set URL languages default if raw inputs empty
|
||||
set_fact:
|
||||
ext_url_preview_accept_language_default: 'en'
|
||||
when: ext_url_preview_accept_language_raw|length == 0
|
||||
|
||||
- name: Set URL languages default if raw inputs not empty
|
||||
set_fact:
|
||||
ext_url_preview_accept_language_default: "{{ ext_url_preview_accept_language_raw }}"
|
||||
when: ext_url_preview_accept_language_raw|length > 0
|
||||
|
||||
- name: Set URL languages if raw inputs empty
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
insertafter: '^ url_preview_accept_language:'
|
||||
line: " - {{ ext_url_preview_accept_language_default }}"
|
||||
when: ext_url_preview_accept_language_raw|length == 0
|
||||
|
||||
- name: Set URL languages if raw inputs not empty
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
insertafter: '^ url_preview_accept_language:'
|
||||
line: " - {{ item }}"
|
||||
with_items: "{{ ext_url_preview_accept_language_raw.splitlines() }}"
|
||||
when: ext_url_preview_accept_language_raw|length > 0
|
||||
|
||||
- name: Remove Federation Whitelisting 1
|
||||
delegate_to: 127.0.0.1
|
||||
replace:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: '^ - [a-z0-9]+\.[a-z0-9.]+\n'
|
||||
after: ' federation_domain_whitelist:'
|
||||
before: '# Synapse Extension End'
|
||||
|
||||
- name: Remove Federation Whitelisting 2
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
line: " federation_domain_whitelist:"
|
||||
state: absent
|
||||
|
||||
- name: Set Federation Whitelisting 1
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
insertafter: '^matrix_synapse_configuration_extension_yaml: \|'
|
||||
line: " federation_domain_whitelist:"
|
||||
when: ext_federation_whitelist_raw|length > 0
|
||||
|
||||
- name: Set Federation Whitelisting 2
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
insertafter: '^ federation_domain_whitelist:'
|
||||
line: " - {{ item }}"
|
||||
with_items: "{{ ext_federation_whitelist_raw.splitlines() }}"
|
||||
when: ext_federation_whitelist_raw|length > 0
|
||||
|
||||
- name: Record Synapse Custom variables locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Custom Settings Start'
|
||||
with_dict:
|
||||
'ext_federation_whitelist_raw': '{{ ext_federation_whitelist_raw.splitlines() | to_json }}'
|
||||
'ext_url_preview_accept_language_default': '{{ ext_url_preview_accept_language_default.splitlines() | to_json }}'
|
||||
|
||||
- name: Set ext_recaptcha_public_key to a 'public-key' if undefined
|
||||
set_fact: ext_recaptcha_public_key="public-key"
|
||||
when: (ext_recaptcha_public_key is not defined) or (ext_recaptcha_public_key|length == 0)
|
||||
|
||||
- name: Set ext_recaptcha_private_key to a 'private-key' if undefined
|
||||
set_fact: ext_recaptcha_private_key="private-key"
|
||||
when: (ext_recaptcha_private_key is not defined) or (ext_recaptcha_private_key|length == 0)
|
||||
|
||||
- name: Record Synapse Extension variables locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertbefore: '# Synapse Extension End'
|
||||
with_dict:
|
||||
' enable_registration_captcha': '{{ ext_enable_registration_captcha }}'
|
||||
' recaptcha_public_key': '{{ ext_recaptcha_public_key }}'
|
||||
' recaptcha_private_key': '{{ ext_recaptcha_private_key }}'
|
||||
|
||||
- name: Save new 'Configure Synapse' survey.json to the AWX tower, template
|
||||
delegate_to: 127.0.0.1
|
||||
template:
|
||||
src: 'roles/matrix-awx/surveys/configure_synapse.json.j2'
|
||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//configure_synapse.json'
|
||||
|
||||
- name: Copy new 'Configure Synapse' survey.json to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json'
|
||||
dest: '/matrix/awx/configure_synapse.json'
|
||||
mode: '0660'
|
||||
|
||||
- name: Collect AWX admin token the hard way!
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
||||
register: tower_token
|
||||
no_log: True
|
||||
|
||||
- name: Recreate 'Configure Synapse' job template
|
||||
delegate_to: 127.0.0.1
|
||||
awx.awx.tower_job_template:
|
||||
name: "{{ matrix_domain }} - 1 - Configure Synapse"
|
||||
description: "Configure Synapse (homeserver) settings."
|
||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
||||
job_type: run
|
||||
job_tags: "start,setup-synapse"
|
||||
inventory: "{{ member_id }}"
|
||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
||||
playbook: setup.yml
|
||||
credential: "{{ member_id }} - AWX SSH Key"
|
||||
survey_enabled: true
|
||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json') }}"
|
||||
become_enabled: yes
|
||||
state: present
|
||||
verbosity: 1
|
||||
tower_host: "https://{{ tower_host }}"
|
||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
||||
validate_certs: yes
|
@ -0,0 +1,50 @@
|
||||
|
||||
- name: Record Synapse Admin variables locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '{{ awx_cached_matrix_vars }}'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Synapse Admin Settings Start'
|
||||
with_dict:
|
||||
'matrix_synapse_admin_enabled': '{{ matrix_synapse_admin_enabled }}'
|
||||
|
||||
- name: Save new 'Configure Synapse Admin' survey.json to the AWX tower, template
|
||||
delegate_to: 127.0.0.1
|
||||
template:
|
||||
src: 'roles/matrix-awx/surveys/configure_synapse_admin.json.j2'
|
||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json'
|
||||
|
||||
- name: Copy new 'Configure Synapse Admin' survey.json to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json'
|
||||
dest: '/matrix/awx/configure_synapse_admin.json'
|
||||
mode: '0660'
|
||||
|
||||
- name: Collect AWX admin token the hard way!
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
||||
register: tower_token
|
||||
no_log: True
|
||||
|
||||
- name: Recreate 'Configure Synapse Admin' job template
|
||||
delegate_to: 127.0.0.1
|
||||
awx.awx.tower_job_template:
|
||||
name: "{{ matrix_domain }} - 1 - Configure Synapse Admin"
|
||||
description: "Configure 'Synapse Admin', a moderation tool to help you manage your server."
|
||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
||||
job_type: run
|
||||
job_tags: "start,setup-all"
|
||||
inventory: "{{ member_id }}"
|
||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
||||
playbook: setup.yml
|
||||
credential: "{{ member_id }} - AWX SSH Key"
|
||||
survey_enabled: true
|
||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json') }}"
|
||||
become_enabled: yes
|
||||
state: present
|
||||
verbosity: 1
|
||||
tower_host: "https://{{ tower_host }}"
|
||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
||||
validate_certs: yes
|
@ -1,23 +0,0 @@
|
||||
---
|
||||
|
||||
- set_fact:
|
||||
dns_srv_record_checks: []
|
||||
|
||||
- block:
|
||||
- set_fact:
|
||||
dns_srv_record_check_ma1sd:
|
||||
service_and_protocol: "_matrix-identity._tcp"
|
||||
domain: "{{ (matrix_domain + '.') }}"
|
||||
expected_target: "{{ (matrix_server_fqn_matrix + '.') }}"
|
||||
expected_port: 443
|
||||
|
||||
- name: Determine domains that we require certificates for (ma1sd)
|
||||
set_fact:
|
||||
dns_srv_record_checks: "{{ dns_srv_record_checks + [dns_srv_record_check_ma1sd] }}"
|
||||
when: matrix_ma1sd_enabled|bool
|
||||
|
||||
- name: Perform DNS SRV checks
|
||||
include_tasks: "{{ role_path }}/tasks/self_check_dns_srv.yml"
|
||||
with_items: "{{ dns_srv_record_checks }}"
|
||||
loop_control:
|
||||
loop_var: dns_srv_record_check
|
@ -1,68 +0,0 @@
|
||||
---
|
||||
|
||||
# This requires the dnspython library which is usually unavailable.
|
||||
- name: Check DNS SRV record for {{ dns_srv_record_check.service_and_protocol }} on {{ dns_srv_record_check.domain }} using Ansible dig lookup
|
||||
set_fact:
|
||||
lookup_dig_srv: "{{ lookup('dig', (dns_srv_record_check.service_and_protocol + '.' + dns_srv_record_check.domain + '/SRV'), 'flat=0', wantlist=False) }}"
|
||||
register: result_lookup_dig_srv
|
||||
ignore_errors: true
|
||||
|
||||
- name: Fail if DNS SRV check via Ansible dig lookup failed for non-dependency reason
|
||||
fail:
|
||||
msg: "DNS SRV record check via Ansible dig lookup plugin (which uses the dnspython package) failed. Error is: {{ result_lookup_dig_srv.msg }}"
|
||||
when: "result_lookup_dig_srv.failed and 'dnspython' not in result_lookup_dig_srv.msg"
|
||||
|
||||
# Fallback to using the dig CLI tool if dnspython was unavailable.
|
||||
- name: Check DNS SRV record for {{ dns_srv_record_check.service_and_protocol }} on {{ dns_srv_record_check.domain }} using dig CLI tool
|
||||
shell:
|
||||
cmd: "dig -t srv {{ (dns_srv_record_check.service_and_protocol + '.' + dns_srv_record_check.domain)|quote }}"
|
||||
register: result_cli_dig_srv
|
||||
changed_when: false
|
||||
ignore_errors: true
|
||||
when: "lookup_dig_srv is not defined"
|
||||
|
||||
- name: Fail if dig CLI used and failed
|
||||
fail:
|
||||
msg: >-
|
||||
Failed performing DNS SRV record check.
|
||||
You neither have the `dnspython` Python package, nor the `dig` program installed locally.
|
||||
You need to install one of those, so we could perform a DNS SRV record check.
|
||||
Full error from trying to run `dig`: {{ result_cli_dig_srv }}
|
||||
when: "lookup_dig_srv is not defined and result_cli_dig_srv.stderr != ''"
|
||||
|
||||
# Some DNS servers may respond with '' (stands for "No Answer").
|
||||
# Most usually, a missing record would yield a 'NXDOMAIN' response.
|
||||
# In any case, we consider any non-mapping response to mean "missing record".
|
||||
- name: Fail if DNS SRV record missing (Ansible dig lookup)
|
||||
fail:
|
||||
msg: >-
|
||||
It appears the DNS SRV record for {{ dns_srv_record_check.service_and_protocol }} on {{ dns_srv_record_check.domain }} is not set up correctly (the record is missing).
|
||||
See the 'Configuring DNS' documentation for this playbook.
|
||||
when: "lookup_dig_srv is defined and lookup_dig_srv is not mapping"
|
||||
|
||||
- name: Fail if DNS SRV record incorrect (Ansible dig lookup)
|
||||
fail:
|
||||
msg: >-
|
||||
It appears the DNS SRV record for {{ dns_srv_record_check.service_and_protocol }} on {{ dns_srv_record_check.domain }} is not set up correctly.
|
||||
Expected it to point to `{{ dns_srv_record_check.expected_target }}` (port {{ dns_srv_record_check.expected_port }}).
|
||||
Found it pointing to `{{ lookup_dig_srv.target }}` (port {{ lookup_dig_srv.port }}).
|
||||
See the 'Configuring DNS' documentation for this playbook.
|
||||
when: "lookup_dig_srv is defined and (lookup_dig_srv.target != dns_srv_record_check.expected_target or lookup_dig_srv.port != dns_srv_record_check.expected_port)"
|
||||
|
||||
# We expect an answer like this:
|
||||
# ;; ANSWER SECTION:
|
||||
# _matrix._tcp.DOMAIN. 10800 IN SRV 10 0 8448 matrix.DOMAIN.
|
||||
- name: Fail if DNS SRV record missing or incorrect (dig CLI tool)
|
||||
fail:
|
||||
msg: >-
|
||||
It appears the DNS SRV record for {{ dns_srv_record_check.service_and_protocol }} on {{ dns_srv_record_check.domain }} is not set up correctly.
|
||||
Expected it to point to `{{ dns_srv_record_check.expected_target }}` (port {{ dns_srv_record_check.expected_port }}).
|
||||
See the 'Configuring DNS' documentation for this playbook.
|
||||
Full response from the `dig` lookup was: {{ result_cli_dig_srv }}
|
||||
when: "lookup_dig_srv is not defined and (dns_srv_record_check.expected_port|string + ' ' + dns_srv_record_check.expected_target) not in result_cli_dig_srv.stdout"
|
||||
|
||||
- name: Report correct DNS SRV record
|
||||
debug:
|
||||
msg: >-
|
||||
The DNS SRV record for `{{ dns_srv_record_check.service_and_protocol }}` on `{{ dns_srv_record_check.domain }}`
|
||||
points to `{{ dns_srv_record_check.expected_target }}` (port {{ dns_srv_record_check.expected_port }}), as expected.
|
@ -0,0 +1,231 @@
|
||||
# Go-NEB is a Matrix bot written in Go. It is the successor to Matrix-NEB, the original Matrix bot written in Python.
|
||||
# See: https://github.com/matrix-org/go-neb
|
||||
|
||||
matrix_bot_go_neb_enabled: true
|
||||
matrix_bot_go_neb_version: latest
|
||||
matrix_bot_go_neb_docker_image: "matrixdotorg/go-neb:{{ matrix_bot_go_neb_version }}"
|
||||
matrix_bot_go_neb_docker_image_force_pull: "{{ matrix_bot_go_neb_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_bot_go_neb_base_path: "{{ matrix_base_data_path }}/go-neb"
|
||||
matrix_bot_go_neb_config_path: "{{ matrix_bot_go_neb_base_path }}/config"
|
||||
matrix_bot_go_neb_config_path_in_container: "/config/config.yaml"
|
||||
matrix_bot_go_neb_data_path: "{{ matrix_bot_go_neb_base_path }}/data"
|
||||
matrix_bot_go_neb_data_store_path: "{{ matrix_bot_go_neb_data_path }}/store"
|
||||
|
||||
# Controls whether the matrix-bot-go-neb container exposes its HTTP port (tcp/4050 in the container).
|
||||
#
|
||||
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:4050"), or empty string to not expose.
|
||||
matrix_bot_go_neb_container_http_host_bind_port: ''
|
||||
|
||||
# A list of extra arguments to pass to the container
|
||||
matrix_bot_go_neb_container_extra_arguments: []
|
||||
|
||||
# List of systemd services that matrix-bot-go-neb.service depends on
|
||||
matrix_bot_go_neb_systemd_required_services_list: ['docker.service']
|
||||
|
||||
# List of systemd services that matrix-bot-go-neb.service wants
|
||||
matrix_bot_go_neb_systemd_wanted_services_list: []
|
||||
|
||||
# Database-related configuration fields.
|
||||
#
|
||||
# MUST be "sqlite3". No other type is supported.
|
||||
matrix_bot_go_neb_database_engine: 'sqlite3'
|
||||
|
||||
matrix_bot_go_neb_sqlite_database_path_local: "{{ matrix_bot_go_neb_data_path }}/bot.db"
|
||||
matrix_bot_go_neb_sqlite_database_path_in_container: "/data/bot.db"
|
||||
|
||||
matrix_bot_go_neb_storage_database: "{{
|
||||
{
|
||||
'sqlite3': (matrix_bot_go_neb_sqlite_database_path_in_container + '?_busy_timeout=5000'),
|
||||
}[matrix_bot_go_neb_database_engine]
|
||||
}}"
|
||||
|
||||
# The bot's username(s). These users need to be created manually beforehand.
|
||||
# The access tokens that the bot uses to authenticate.
|
||||
# Generate one as described in
|
||||
# https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-dimension.md#access-token
|
||||
# via curl. With the element method, you might run into decryption problems (see https://github.com/matrix-org/go-neb#quick-start)
|
||||
matrix_bot_go_neb_clients: []
|
||||
# - UserID: "@goneb:{{ matrix_domain }}"
|
||||
# AccessToken: "MDASDASJDIASDJASDAFGFRGER"
|
||||
# DeviceID: "DEVICE1"
|
||||
# HomeserverURL: "{{ matrix_homeserver_container_url }}"
|
||||
# Sync: true
|
||||
# AutoJoinRooms: true
|
||||
# DisplayName: "Go-NEB!"
|
||||
# AcceptVerificationFromUsers: [":{{ matrix_domain }}"]
|
||||
#
|
||||
# - UserID: "@another_goneb:{{ matrix_domain }}"
|
||||
# AccessToken: "MDASDASJDIASDJASDAFGFRGER"
|
||||
# DeviceID: "DEVICE2"
|
||||
# HomeserverURL: "{{ matrix_homeserver_container_url }}"
|
||||
# Sync: false
|
||||
# AutoJoinRooms: false
|
||||
# DisplayName: "Go-NEB!"
|
||||
# AcceptVerificationFromUsers: ["^@admin:{{ matrix_domain }}"]
|
||||
|
||||
# The list of realms which Go-NEB is aware of.
|
||||
# Delete or modify this list as appropriate.
|
||||
# See the docs for /configureAuthRealm for the full list of options:
|
||||
# https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ConfigureAuthRealmRequest
|
||||
matrix_bot_go_neb_realms: []
|
||||
# - ID: "github_realm"
|
||||
# Type: "github"
|
||||
# Config: {} # No need for client ID or Secret as Go-NEB isn't generating OAuth URLs
|
||||
|
||||
# The list of *authenticated* sessions which Go-NEB is aware of.
|
||||
# Delete or modify this list as appropriate.
|
||||
# The full list of options are shown below: there is no single HTTP endpoint
|
||||
# which maps to this section.
|
||||
# https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#Session
|
||||
matrix_bot_go_neb_sessions: []
|
||||
# - SessionID: "your_github_session"
|
||||
# RealmID: "github_realm"
|
||||
# UserID: "@YOUR_USER_ID:{{ matrix_domain }}" # This needs to be the username of the person that's allowed to use the !github commands
|
||||
# Config:
|
||||
# # Populate these fields by generating a "Personal Access Token" on github.com
|
||||
# AccessToken: "YOUR_GITHUB_ACCESS_TOKEN"
|
||||
# Scopes: "admin:org_hook,admin:repo_hook,repo,user"
|
||||
|
||||
# The list of services which Go-NEB is aware of.
|
||||
# Delete or modify this list as appropriate.
|
||||
# See the docs for /configureService for the full list of options:
|
||||
# https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ConfigureServiceRequest
|
||||
matrix_bot_go_neb_services: []
|
||||
# - ID: "echo_service"
|
||||
# Type: "echo"
|
||||
# UserID: "@goneb:{{ matrix_domain }}"
|
||||
# Config: {}
|
||||
|
||||
## Can be obtained from https://developers.giphy.com/dashboard/
|
||||
# - ID: "giphy_service"
|
||||
# Type: "giphy"
|
||||
# UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
|
||||
# Config:
|
||||
# api_key: "qwg4672vsuyfsfe"
|
||||
# use_downsized: false
|
||||
#
|
||||
## This service has been dead for over a year :/
|
||||
# - ID: "guggy_service"
|
||||
# Type: "guggy"
|
||||
# UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
|
||||
# Config:
|
||||
# api_key: "2356saaqfhgfe"
|
||||
#
|
||||
## API Key via https://developers.google.com/custom-search/v1/introduction
|
||||
## CX via http://www.google.com/cse/manage/all
|
||||
## https://stackoverflow.com/questions/6562125/getting-a-cx-id-for-custom-search-google-api-python
|
||||
## 'Search the entire web' and 'Image search' enabled for best results
|
||||
# - ID: "google_service"
|
||||
# Type: "google"
|
||||
# UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
|
||||
# Config:
|
||||
# api_key: "AIzaSyA4FD39m9"
|
||||
# cx: "AIASDFWSRRtrtr"
|
||||
#
|
||||
## Get a key via https://api.imgur.com/oauth2/addclient
|
||||
## Select "oauth2 without callback url"
|
||||
# - ID: "imgur_service"
|
||||
# Type: "imgur"
|
||||
# UserID: "@imgur:{{ matrix_domain }}" # requires a Syncing client
|
||||
# Config:
|
||||
# client_id: "AIzaSyA4FD39m9"
|
||||
# client_secret: "somesecret"
|
||||
#
|
||||
# - ID: "wikipedia_service"
|
||||
# Type: "wikipedia"
|
||||
# UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
|
||||
# Config:
|
||||
#
|
||||
# - ID: "rss_service"
|
||||
# Type: "rssbot"
|
||||
# UserID: "@another_goneb:{{ matrix_domain }}"
|
||||
# Config:
|
||||
# feeds:
|
||||
# "http://lorem-rss.herokuapp.com/feed?unit=second&interval=60":
|
||||
# rooms: ["!qmElAGdFYCHoCJuaNt:localhost"]
|
||||
# must_include:
|
||||
# author:
|
||||
# - author1
|
||||
# description:
|
||||
# - lorem
|
||||
# - ipsum
|
||||
# must_not_include:
|
||||
# title:
|
||||
# - Lorem
|
||||
# - Ipsum
|
||||
#
|
||||
# - ID: "github_cmd_service"
|
||||
# Type: "github"
|
||||
# UserID: "@goneb:{{ matrix_domain }}" # requires a Syncing client
|
||||
# Config:
|
||||
# RealmID: "github_realm"
|
||||
#
|
||||
# # Make sure your BASE_URL can be accessed by Github!
|
||||
# - ID: "github_webhook_service"
|
||||
# Type: "github-webhook"
|
||||
# UserID: "@another_goneb:{{ matrix_domain }}"
|
||||
# Config:
|
||||
# RealmID: "github_realm"
|
||||
# ClientUserID: "@YOUR_USER_ID:{{ matrix_domain }}" # needs to be an authenticated user so Go-NEB can create webhooks. Check the UserID field in the github_realm in matrix_bot_go_neb_sessions.
|
||||
# Rooms:
|
||||
# "!someroom:id":
|
||||
# Repos:
|
||||
# "matrix-org/synapse":
|
||||
# Events: ["push", "issues"]
|
||||
# "matrix-org/dendron":
|
||||
# Events: ["pull_request"]
|
||||
# "!anotherroom:id":
|
||||
# Repos:
|
||||
# "matrix-org/synapse":
|
||||
# Events: ["push", "issues"]
|
||||
# "matrix-org/dendron":
|
||||
# Events: ["pull_request"]
|
||||
#
|
||||
# - ID: "slackapi_service"
|
||||
# Type: "slackapi"
|
||||
# UserID: "@slackapi:{{ matrix_domain }}"
|
||||
# Config:
|
||||
# Hooks:
|
||||
# "hook1":
|
||||
# RoomID: "!someroom:id"
|
||||
# MessageType: "m.text" # default is m.text
|
||||
#
|
||||
# - ID: "alertmanager_service"
|
||||
# Type: "alertmanager"
|
||||
# UserID: "@alertmanager:{{ matrix_domain }}"
|
||||
# Config:
|
||||
# # This is for information purposes only. It should point to Go-NEB path as follows:
|
||||
# # `/services/hooks/<base64 encoded service ID>`
|
||||
# # Where in this case "service ID" is "alertmanager_service"
|
||||
# # Make sure your BASE_URL can be accessed by the Alertmanager instance!
|
||||
# webhook_url: "http://localhost/services/hooks/YWxlcnRtYW5hZ2VyX3NlcnZpY2U"
|
||||
# # Each room will get the notification with the alert rendered with the given template
|
||||
# rooms:
|
||||
# "!someroomid:domain.tld":
|
||||
# text_template: "{{range .Alerts -}} [{{ .Status }}] {{index .Labels \"alertname\" }}: {{index .Annotations \"description\"}} {{ end -}}"
|
||||
# html_template: "{{range .Alerts -}} {{ $severity := index .Labels \"severity\" }} {{ if eq .Status \"firing\" }} {{ if eq $severity \"critical\"}} <font color='red'><b>[FIRING - CRITICAL]</b></font> {{ else if eq $severity \"warning\"}} <font color='orange'><b>[FIRING - WARNING]</b></font> {{ else }} <b>[FIRING - {{ $severity }}]</b> {{ end }} {{ else }} <font color='green'><b>[RESOLVED]</b></font> {{ end }} {{ index .Labels \"alertname\"}} : {{ index .Annotations \"description\"}} <a href=\"{{ .GeneratorURL }}\">source</a><br/>{{end -}}"
|
||||
# msg_type: "m.text" # Must be either `m.text` or `m.notice`
|
||||
|
||||
# Default configuration template which covers the generic use case.
|
||||
# You can customize it by controlling the various variables inside it.
|
||||
#
|
||||
# For a more advanced customization, you can extend the default (see `matrix_bot_go_neb_configuration_extension_yaml`)
|
||||
# or completely replace this variable with your own template.
|
||||
matrix_bot_go_neb_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||
|
||||
matrix_bot_go_neb_configuration_extension_yaml: |
|
||||
# Your custom YAML configuration goes here.
|
||||
# This configuration extends the default starting configuration (`matrix_bot_go_neb_configuration_yaml`).
|
||||
#
|
||||
# You can override individual variables from the default configuration, or introduce new ones.
|
||||
#
|
||||
# If you need something more special, you can take full control by
|
||||
# completely redefining `matrix_bot_go_neb_configuration_yaml`.
|
||||
|
||||
matrix_bot_go_neb_configuration_extension: "{{ matrix_bot_go_neb_configuration_extension_yaml|from_yaml if matrix_bot_go_neb_configuration_extension_yaml|from_yaml is mapping else {} }}"
|
||||
|
||||
# Holds the final configuration (a combination of the default and its extension).
|
||||
# You most likely don't need to touch this variable. Instead, see `matrix_bot_go_neb_configuration_yaml`.
|
||||
matrix_bot_go_neb_configuration: "{{ matrix_bot_go_neb_configuration_yaml|from_yaml|combine(matrix_bot_go_neb_configuration_extension, recursive=True) }}"
|
||||
|
@ -0,0 +1,3 @@
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-go-neb.service'] }}"
|
||||
when: matrix_bot_go_neb_enabled|bool
|
@ -0,0 +1,21 @@
|
||||
- import_tasks: "{{ role_path }}/tasks/init.yml"
|
||||
tags:
|
||||
- always
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||
when: "run_setup|bool and matrix_bot_go_neb_enabled|bool"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-bot-go-neb
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
|
||||
when: "run_setup|bool and matrix_bot_go_neb_enabled|bool"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-bot-go-neb
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
|
||||
when: "run_setup|bool and not matrix_bot_go_neb_enabled|bool"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-bot-go-neb
|
@ -0,0 +1,50 @@
|
||||
---
|
||||
|
||||
- set_fact:
|
||||
matrix_bot_go_neb_requires_restart: false
|
||||
|
||||
- name: Ensure go-neb paths exist
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
with_items:
|
||||
- { path: "{{ matrix_bot_go_neb_config_path }}", when: true }
|
||||
- { path: "{{ matrix_bot_go_neb_data_path }}", when: true }
|
||||
- { path: "{{ matrix_bot_go_neb_data_store_path }}", when: true }
|
||||
when: "item.when|bool"
|
||||
|
||||
- name: Ensure go-neb image is pulled
|
||||
docker_image:
|
||||
name: "{{ matrix_bot_go_neb_docker_image }}"
|
||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||
force_source: "{{ matrix_bot_go_neb_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_go_neb_docker_image_force_pull }}"
|
||||
|
||||
- name: Ensure go-neb config installed
|
||||
copy:
|
||||
content: "{{ matrix_bot_go_neb_configuration|to_nice_yaml }}"
|
||||
dest: "{{ matrix_bot_go_neb_config_path }}/config.yaml"
|
||||
mode: 0644
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
|
||||
- name: Ensure matrix-bot-go-neb.service installed
|
||||
template:
|
||||
src: "{{ role_path }}/templates/systemd/matrix-bot-go-neb.service.j2"
|
||||
dest: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service"
|
||||
mode: 0644
|
||||
register: matrix_bot_go_neb_systemd_service_result
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-bot-go-neb.service installation
|
||||
service:
|
||||
daemon_reload: yes
|
||||
when: "matrix_bot_go_neb_systemd_service_result.changed|bool"
|
||||
|
||||
- name: Ensure matrix-bot-go-neb.service restarted, if necessary
|
||||
service:
|
||||
name: "matrix-bot-go-neb.service"
|
||||
state: restarted
|
||||
when: "matrix_bot_go_neb_requires_restart|bool"
|
@ -0,0 +1,35 @@
|
||||
---
|
||||
|
||||
- name: Check existence of matrix-go-neb service
|
||||
stat:
|
||||
path: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service"
|
||||
register: matrix_bot_go_neb_service_stat
|
||||
|
||||
- name: Ensure matrix-go-neb is stopped
|
||||
service:
|
||||
name: matrix-bot-go-neb
|
||||
state: stopped
|
||||
daemon_reload: yes
|
||||
register: stopping_result
|
||||
when: "matrix_bot_go_neb_service_stat.stat.exists|bool"
|
||||
|
||||
- name: Ensure matrix-bot-go-neb.service doesn't exist
|
||||
file:
|
||||
path: "{{ matrix_systemd_path }}/matrix-bot-go-neb.service"
|
||||
state: absent
|
||||
when: "matrix_bot_go_neb_service_stat.stat.exists|bool"
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-bot-go-neb.service removal
|
||||
service:
|
||||
daemon_reload: yes
|
||||
when: "matrix_bot_go_neb_service_stat.stat.exists|bool"
|
||||
|
||||
- name: Ensure Matrix go-neb paths don't exist
|
||||
file:
|
||||
path: "{{ matrix_bot_go_neb_base_path }}"
|
||||
state: absent
|
||||
|
||||
- name: Ensure go-neb Docker image doesn't exist
|
||||
docker_image:
|
||||
name: "{{ matrix_bot_go_neb_docker_image }}"
|
||||
state: absent
|
@ -0,0 +1,13 @@
|
||||
---
|
||||
|
||||
- name: Fail if there's not at least 1 client
|
||||
fail:
|
||||
msg: >-
|
||||
You need at least 1 client in the matrix_bot_go_neb_clients block.
|
||||
when: matrix_bot_go_neb_clients is not defined or matrix_bot_go_neb_clients[0] is not defined
|
||||
|
||||
- name: Fail if there's not at least 1 service
|
||||
fail:
|
||||
msg: >-
|
||||
You need at least 1 service in the matrix_bot_go_neb_services block.
|
||||
when: matrix_bot_go_neb_services is not defined or matrix_bot_go_neb_services[0] is not defined
|
@ -0,0 +1,44 @@
|
||||
# Go-NEB Configuration File
|
||||
#
|
||||
# This file provides an alternative way to configure Go-NEB which does not involve HTTP APIs.
|
||||
#
|
||||
# This file can be supplied to go-neb by the environment variable `CONFIG_FILE=config.yaml`.
|
||||
# It will force Go-NEB to operate in "config" mode. This means:
|
||||
# - Go-NEB will ONLY use the data contained inside this file.
|
||||
# - All of Go-NEB's /admin HTTP listeners will be disabled. You will be unable to add new services at runtime.
|
||||
# - The environment variable `DATABASE_URL` will be ignored and an in-memory database will be used instead.
|
||||
#
|
||||
# This file is broken down into 4 sections which matches the following HTTP APIs:
|
||||
# - /configureClient
|
||||
# - /configureAuthRealm
|
||||
# - /configureService
|
||||
# - /requestAuthSession (redirects not supported)
|
||||
|
||||
# The list of clients which Go-NEB is aware of.
|
||||
# Delete or modify this list as appropriate.
|
||||
# See the docs for /configureClient for the full list of options:
|
||||
# https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ClientConfig
|
||||
clients:
|
||||
{{ matrix_bot_go_neb_clients|to_json }}
|
||||
|
||||
# The list of realms which Go-NEB is aware of.
|
||||
# Delete or modify this list as appropriate.
|
||||
# See the docs for /configureAuthRealm for the full list of options:
|
||||
# https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ConfigureAuthRealmRequest
|
||||
realms:
|
||||
{{ matrix_bot_go_neb_realms|to_json }}
|
||||
|
||||
# The list of *authenticated* sessions which Go-NEB is aware of.
|
||||
# Delete or modify this list as appropriate.
|
||||
# The full list of options are shown below: there is no single HTTP endpoint
|
||||
# which maps to this section.
|
||||
# https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#Session
|
||||
sessions:
|
||||
{{ matrix_bot_go_neb_sessions|to_json }}
|
||||
|
||||
# The list of services which Go-NEB is aware of.
|
||||
# Delete or modify this list as appropriate.
|
||||
# See the docs for /configureService for the full list of options:
|
||||
# https://matrix-org.github.io/go-neb/pkg/github.com/matrix-org/go-neb/api/index.html#ConfigureServiceRequest
|
||||
services:
|
||||
{{ matrix_bot_go_neb_services|to_json }}
|
@ -0,0 +1,49 @@
|
||||
#jinja2: lstrip_blocks: "True"
|
||||
[Unit]
|
||||
Description=Matrix Go-NEB bot
|
||||
{% for service in matrix_bot_go_neb_systemd_required_services_list %}
|
||||
Requires={{ service }}
|
||||
After={{ service }}
|
||||
{% endfor %}
|
||||
{% for service in matrix_bot_go_neb_systemd_wanted_services_list %}
|
||||
Wants={{ service }}
|
||||
{% endfor %}
|
||||
DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null'
|
||||
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null'
|
||||
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-go-neb \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
--read-only \
|
||||
--network={{ matrix_docker_network }} \
|
||||
{% if matrix_bot_go_neb_container_http_host_bind_port %}
|
||||
-p {{ matrix_bot_go_neb_container_http_host_bind_port }}:4050 \
|
||||
{% endif %}
|
||||
-e 'BIND_ADDRESS=:4050' \
|
||||
-e 'DATABASE_TYPE={{ matrix_bot_go_neb_database_engine }}' \
|
||||
-e 'BASE_URL=https://{{ matrix_server_fqn_bot_go_neb }}' \
|
||||
-e 'CONFIG_FILE={{ matrix_bot_go_neb_config_path_in_container }}' \
|
||||
-e 'DATABASE_URL={{ matrix_bot_go_neb_storage_database }}' \
|
||||
--mount type=bind,src={{ matrix_bot_go_neb_config_path }},dst=/config,ro \
|
||||
--mount type=bind,src={{ matrix_bot_go_neb_data_path }},dst=/data \
|
||||
--entrypoint=/bin/sh \
|
||||
{% for arg in matrix_bot_go_neb_container_extra_arguments %}
|
||||
{{ arg }} \
|
||||
{% endfor %}
|
||||
{{ matrix_bot_go_neb_docker_image }} \
|
||||
-c "go-neb /config/config.yaml"
|
||||
|
||||
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-go-neb 2>/dev/null'
|
||||
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-go-neb 2>/dev/null'
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-bot-go-neb
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -0,0 +1,52 @@
|
||||
# A moderation tool for Matrix
|
||||
# See: https://github.com/matrix-org/mjolnir
|
||||
|
||||
matrix_bot_mjolnir_enabled: true
|
||||
matrix_bot_mjolnir_version: "v0.1.17"
|
||||
matrix_bot_mjolnir_docker_image: "{{ matrix_container_global_registry_prefix }}matrixdotorg/mjolnir:{{ matrix_bot_mjolnir_version }}"
|
||||
matrix_bot_mjolnir_docker_image_force_pull: "{{ matrix_bot_mjolnir_docker_image.endswith(':latest') }}"
|
||||
|
||||
matrix_bot_mjolnir_base_path: "{{ matrix_base_data_path }}/mjolnir"
|
||||
matrix_bot_mjolnir_config_path: "{{ matrix_bot_mjolnir_base_path }}/config"
|
||||
matrix_bot_mjolnir_data_path: "{{ matrix_bot_mjolnir_base_path }}/data"
|
||||
|
||||
# A list of extra arguments to pass to the container
|
||||
matrix_bot_mjolnir_container_extra_arguments: []
|
||||
|
||||
# List of systemd services that matrix-bot-mjolnir.service depends on
|
||||
matrix_bot_mjolnir_systemd_required_services_list: ['docker.service']
|
||||
|
||||
# List of systemd services that matrix-bot-mjolnir.service wants
|
||||
matrix_bot_mjolnir_systemd_wanted_services_list: []
|
||||
|
||||
# The access token for the bot user
|
||||
matrix_bot_mjolnir_access_token: ""
|
||||
|
||||
# The room ID where people can use the bot. The bot has no access controls, so
|
||||
# anyone in this room can use the bot - secure your room!
|
||||
# This should be a room alias or room ID - not a matrix.to URL.
|
||||
# Note: Mjolnir is fairly verbose - expect a lot of messages from it.
|
||||
matrix_bot_mjolnir_management_room: ""
|
||||
|
||||
# Default configuration template which covers the generic use case.
|
||||
# You can customize it by controlling the various variables inside it.
|
||||
#
|
||||
# For a more advanced customization, you can extend the default (see `matrix_bot_mjolnir_configuration_extension_yaml`)
|
||||
# or completely replace this variable with your own template.
|
||||
matrix_bot_mjolnir_configuration_yaml: "{{ lookup('template', 'templates/production.yaml.j2') }}"
|
||||
|
||||
matrix_bot_mjolnir_configuration_extension_yaml: |
|
||||
# Your custom YAML configuration goes here.
|
||||
# This configuration extends the default starting configuration (`matrix_bot_mjolnir_configuration_yaml`).
|
||||
#
|
||||
# You can override individual variables from the default configuration, or introduce new ones.
|
||||
#
|
||||
# If you need something more special, you can take full control by
|
||||
# completely redefining `matrix_bot_mjolnir_configuration_yaml`.
|
||||
|
||||
matrix_bot_mjolnir_configuration_extension: "{{ matrix_bot_mjolnir_configuration_extension_yaml|from_yaml if matrix_bot_mjolnir_configuration_extension_yaml|from_yaml is mapping else {} }}"
|
||||
|
||||
# Holds the final configuration (a combination of the default and its extension).
|
||||
# You most likely don't need to touch this variable. Instead, see `matrix_bot_mjolnir_configuration_yaml`.
|
||||
matrix_bot_mjolnir_configuration: "{{ matrix_bot_mjolnir_configuration_yaml|from_yaml|combine(matrix_bot_mjolnir_configuration_extension, recursive=True) }}"
|
||||
|
@ -0,0 +1,3 @@
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-bot-mjolnir.service'] }}"
|
||||
when: matrix_bot_mjolnir_enabled|bool
|
@ -0,0 +1,21 @@
|
||||
- import_tasks: "{{ role_path }}/tasks/init.yml"
|
||||
tags:
|
||||
- always
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||
when: "run_setup|bool and matrix_bot_mjolnir_enabled|bool"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-bot-mjolnir
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/setup_install.yml"
|
||||
when: "run_setup|bool and matrix_bot_mjolnir_enabled|bool"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-bot-mjolnir
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/setup_uninstall.yml"
|
||||
when: "run_setup|bool and not matrix_bot_mjolnir_enabled|bool"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-bot-mjolnir
|
@ -0,0 +1,50 @@
|
||||
---
|
||||
|
||||
- set_fact:
|
||||
matrix_bot_mjolnir_requires_restart: false
|
||||
|
||||
- name: Ensure matrix-bot-mjolnir paths exist
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
with_items:
|
||||
- { path: "{{ matrix_bot_mjolnir_base_path }}", when: true }
|
||||
- { path: "{{ matrix_bot_mjolnir_config_path }}", when: true }
|
||||
- { path: "{{ matrix_bot_mjolnir_data_path }}", when: true }
|
||||
when: "item.when|bool"
|
||||
|
||||
- name: Ensure mjolnir image is pulled
|
||||
docker_image:
|
||||
name: "{{ matrix_bot_mjolnir_docker_image }}"
|
||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||
force_source: "{{ matrix_bot_mjolnir_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_bot_mjolnir_docker_image_force_pull }}"
|
||||
|
||||
- name: Ensure matrix-bot-mjolnir config installed
|
||||
copy:
|
||||
content: "{{ matrix_bot_mjolnir_configuration|to_nice_yaml }}"
|
||||
dest: "{{ matrix_bot_mjolnir_config_path }}/production.yaml"
|
||||
mode: 0644
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
|
||||
- name: Ensure matrix-bot-mjolnir.service installed
|
||||
template:
|
||||
src: "{{ role_path }}/templates/systemd/matrix-bot-mjolnir.service.j2"
|
||||
dest: "{{ matrix_systemd_path }}/matrix-bot-mjolnir.service"
|
||||
mode: 0644
|
||||
register: matrix_bot_mjolnir_systemd_service_result
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-bot-mjolnir.service installation
|
||||
service:
|
||||
daemon_reload: yes
|
||||
when: "matrix_bot_mjolnir_systemd_service_result.changed|bool"
|
||||
|
||||
- name: Ensure matrix-bot-mjolnir.service restarted, if necessary
|
||||
service:
|
||||
name: "matrix-bot-mjolnir.service"
|
||||
state: restarted
|
||||
when: "matrix_bot_mjolnir_requires_restart|bool"
|
@ -0,0 +1,35 @@
|
||||
---
|
||||
|
||||
- name: Check existence of matrix-bot-mjolnir service
|
||||
stat:
|
||||
path: "{{ matrix_systemd_path }}/matrix-bot-mjolnir.service"
|
||||
register: matrix_bot_mjolnir_service_stat
|
||||
|
||||
- name: Ensure matrix-bot-mjolnir is stopped
|
||||
service:
|
||||
name: matrix-bot-mjolnir
|
||||
state: stopped
|
||||
daemon_reload: yes
|
||||
register: stopping_result
|
||||
when: "matrix_bot_mjolnir_service_stat.stat.exists|bool"
|
||||
|
||||
- name: Ensure matrix-bot-mjolnir.service doesn't exist
|
||||
file:
|
||||
path: "{{ matrix_systemd_path }}/matrix-bot-mjolnir.service"
|
||||
state: absent
|
||||
when: "matrix_bot_mjolnir_service_stat.stat.exists|bool"
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-bot-mjolnir.service removal
|
||||
service:
|
||||
daemon_reload: yes
|
||||
when: "matrix_bot_mjolnir_service_stat.stat.exists|bool"
|
||||
|
||||
- name: Ensure matrix-bot-mjolnir paths don't exist
|
||||
file:
|
||||
path: "{{ matrix_bot_mjolnir_base_path }}"
|
||||
state: absent
|
||||
|
||||
- name: Ensure mjolnir Docker image doesn't exist
|
||||
docker_image:
|
||||
name: "{{ matrix_bot_mjolnir_docker_image }}"
|
||||
state: absent
|
@ -0,0 +1,9 @@
|
||||
---
|
||||
|
||||
- name: Fail if required variables are undefined
|
||||
fail:
|
||||
msg: "The `{{ item }}` variable must be defined and have a non-null value."
|
||||
with_items:
|
||||
- "matrix_bot_mjolnir_access_token"
|
||||
- "matrix_bot_mjolnir_management_room"
|
||||
when: "vars[item] == '' or vars[item] is none"
|
@ -0,0 +1,162 @@
|
||||
# Where the homeserver is located (client-server URL). This should point at
|
||||
# pantalaimon if you're using that.
|
||||
homeserverUrl: "{{ matrix_homeserver_url }}"
|
||||
|
||||
# The access token for the bot to use. Do not populate if using Pantalaimon.
|
||||
accessToken: "{{ matrix_bot_mjolnir_access_token }}"
|
||||
|
||||
# Pantalaimon options (https://github.com/matrix-org/pantalaimon)
|
||||
#pantalaimon:
|
||||
# # If true, accessToken above is ignored and the username/password below will be
|
||||
# # used instead. The access token of the bot will be stored in the dataPath.
|
||||
# use: false
|
||||
#
|
||||
# # The username to login with.
|
||||
# username: mjolnir
|
||||
#
|
||||
# # The password to login with. Can be removed after the bot has logged in once and
|
||||
# # stored the access token.
|
||||
# password: your_password
|
||||
|
||||
# The directory the bot should store various bits of information in
|
||||
dataPath: "/data"
|
||||
|
||||
# If true (the default), only users in the `managementRoom` can invite the bot
|
||||
# to new rooms.
|
||||
autojoinOnlyIfManager: true
|
||||
|
||||
# If `autojoinOnlyIfManager` is false, only the members in this group can invite
|
||||
# the bot to new rooms.
|
||||
#acceptInvitesFromGroup: '+example:example.org'
|
||||
|
||||
# If the bot is invited to a room and it won't accept the invite (due to the
|
||||
# conditions above), report it to the management room. Defaults to disabled (no
|
||||
# reporting).
|
||||
recordIgnoredInvites: false
|
||||
|
||||
# The room ID where people can use the bot. The bot has no access controls, so
|
||||
# anyone in this room can use the bot - secure your room!
|
||||
# This should be a room alias or room ID - not a matrix.to URL.
|
||||
# Note: Mjolnir is fairly verbose - expect a lot of messages from it.
|
||||
managementRoom: "{{ matrix_bot_mjolnir_management_room }}"
|
||||
|
||||
# Set to false to make the management room a bit quieter.
|
||||
verboseLogging: false
|
||||
|
||||
# The log level for the logs themselves. One of DEBUG, INFO, WARN, and ERROR.
|
||||
# This should be at INFO or DEBUG in order to get support for Mjolnir problems.
|
||||
logLevel: "INFO"
|
||||
|
||||
# Set to false to disable synchronizing the ban lists on startup. If true, this
|
||||
# is the same as running !mjolnir sync immediately after startup.
|
||||
syncOnStartup: true
|
||||
|
||||
# Set to false to prevent Mjolnir from checking its permissions on startup. This
|
||||
# is recommended to be left as "true" to catch room permission problems (state
|
||||
# resets, etc) before Mjolnir is needed.
|
||||
verifyPermissionsOnStartup: true
|
||||
|
||||
# If true, Mjolnir won't actually ban users or apply server ACLs, but will
|
||||
# think it has. This is useful to see what it does in a scenario where the
|
||||
# bot might not be trusted fully, yet. Default false (do bans/ACLs).
|
||||
noop: false
|
||||
|
||||
# Set to true to use /joined_members instead of /state to figure out who is
|
||||
# in the room. Using /state is preferred because it means that users are
|
||||
# banned when they are invited instead of just when they join, though if your
|
||||
# server struggles with /state requests then set this to true.
|
||||
fasterMembershipChecks: false
|
||||
|
||||
# A case-insensitive list of ban reasons to automatically redact a user's
|
||||
# messages for. Typically this is useful to avoid having to type two commands
|
||||
# to the bot. Use asterisks to represent globs (ie: "spam*testing" would match
|
||||
# "spam for testing" as well as "spamtesting").
|
||||
automaticallyRedactForReasons:
|
||||
- "spam"
|
||||
- "advertising"
|
||||
|
||||
# A list of rooms to protect (matrix.to URLs)
|
||||
#protectedRooms:
|
||||
# - "https://matrix.to/#/#yourroom:example.org"
|
||||
|
||||
# Set this option to true to protect every room the bot is joined to. Note that
|
||||
# this effectively makes the protectedRooms and associated commands useless because
|
||||
# the bot by nature must be joined to the room to protect it.
|
||||
#
|
||||
# Note: the management room is *excluded* from this condition. Add it to the
|
||||
# protected rooms to protect it.
|
||||
#
|
||||
# Note: ban list rooms the bot is watching but didn't create will not be protected.
|
||||
# Manually add these rooms to the protected rooms list if you want them protected.
|
||||
protectAllJoinedRooms: false
|
||||
|
||||
# Misc options for command handling and commands
|
||||
commands:
|
||||
# If true, Mjolnir will respond to commands like !help and !ban instead of
|
||||
# requiring a prefix. This is useful if Mjolnir is the only bot running in
|
||||
# your management room.
|
||||
#
|
||||
# Note that Mjolnir can be pinged by display name instead of having to use
|
||||
# the !mjolnir prefix. For example, "my_moderator_bot: ban @spammer:example.org"
|
||||
# will ban a user.
|
||||
allowNoPrefix: false
|
||||
|
||||
# In addition to the bot's display name, !mjolnir, and optionally no prefix
|
||||
# above, the bot will respond to these names. The items here can be used either
|
||||
# as display names or prefixed with exclamation points.
|
||||
additionalPrefixes:
|
||||
- "mjolnir_bot"
|
||||
|
||||
# If true, ban commands that use wildcard characters require confirmation with
|
||||
# an extra `--force` argument
|
||||
confirmWildcardBan: true
|
||||
|
||||
# Configuration specific to certain toggleable protections
|
||||
#protections:
|
||||
# # Configuration for the wordlist plugin, which can ban users based if they say certain
|
||||
# # blocked words shortly after joining.
|
||||
# wordlist:
|
||||
# # A list of words which should be monitored by the bot. These will match if any part
|
||||
# # of the word is present in the message in any case. e.g. "hello" also matches
|
||||
# # "HEllO". Additionally, regular expressions can be used.
|
||||
# words:
|
||||
# - "CaSe"
|
||||
# - "InSeNsAtIve"
|
||||
# - "WoRd"
|
||||
# - "LiSt"
|
||||
#
|
||||
# # How long after a user joins the server should the bot monitor their messages. After
|
||||
# # this time, users can say words from the wordlist without being banned automatically.
|
||||
# # Set to zero to disable (users will always be banned if they say a bad word)
|
||||
# minutesBeforeTrusting: 20
|
||||
|
||||
# Options for monitoring the health of the bot
|
||||
health:
|
||||
# healthz options. These options are best for use in container environments
|
||||
# like Kubernetes to detect how healthy the service is. The bot will report
|
||||
# that it is unhealthy until it is able to process user requests. Typically
|
||||
# this means that it'll flag itself as unhealthy for a number of minutes
|
||||
# before saying "Now monitoring rooms" and flagging itself healthy.
|
||||
#
|
||||
# Health is flagged through HTTP status codes, defined below.
|
||||
healthz:
|
||||
# Whether the healthz integration should be enabled (default false)
|
||||
enabled: false
|
||||
|
||||
# The port to expose the webserver on. Defaults to 8080.
|
||||
port: 8080
|
||||
|
||||
# The address to listen for requests on. Defaults to all addresses.
|
||||
address: "0.0.0.0"
|
||||
|
||||
# The path to expose the monitoring endpoint at. Defaults to `/healthz`
|
||||
endpoint: "/healthz"
|
||||
|
||||
# The HTTP status code which reports that the bot is healthy/ready to
|
||||
# process requests. Typically this should not be changed. Defaults to
|
||||
# 200.
|
||||
healthyStatus: 200
|
||||
|
||||
# The HTTP status code which reports that the bot is not healthy/ready.
|
||||
# Defaults to 418.
|
||||
unhealthyStatus: 418
|
@ -0,0 +1,42 @@
|
||||
#jinja2: lstrip_blocks: "True"
|
||||
[Unit]
|
||||
Description=Matrix Mjolnir bot
|
||||
{% for service in matrix_bot_mjolnir_systemd_required_services_list %}
|
||||
Requires={{ service }}
|
||||
After={{ service }}
|
||||
{% endfor %}
|
||||
{% for service in matrix_bot_mjolnir_systemd_required_services_list %}
|
||||
Wants={{ service }}
|
||||
{% endfor %}
|
||||
DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment="HOME={{ matrix_systemd_unit_home_path }}"
|
||||
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null'
|
||||
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null'
|
||||
|
||||
# Intentional delay, so that the homeserver (we likely depend on) can manage to start.
|
||||
ExecStartPre={{ matrix_host_command_sleep }} 5
|
||||
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-bot-mjolnir \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
--read-only \
|
||||
--network={{ matrix_docker_network }} \
|
||||
--mount type=bind,src={{ matrix_bot_mjolnir_config_path }},dst=/data/config,ro \
|
||||
--mount type=bind,src={{ matrix_bot_mjolnir_data_path }},dst=/data \
|
||||
{% for arg in matrix_bot_mjolnir_container_extra_arguments %}
|
||||
{{ arg }} \
|
||||
{% endfor %}
|
||||
{{ matrix_bot_mjolnir_docker_image }}
|
||||
|
||||
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} kill matrix-bot-mjolnir 2>/dev/null'
|
||||
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-bot-mjolnir 2>/dev/null'
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-bot-mjolnir
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -0,0 +1,47 @@
|
||||
# heisenbridge is a bouncer-style Matrix IRC bridge
|
||||
# See: https://github.com/hifi/heisenbridge
|
||||
|
||||
matrix_heisenbridge_enabled: true
|
||||
|
||||
matrix_heisenbridge_version: latest
|
||||
matrix_heisenbridge_docker_image: "{{ matrix_container_global_registry_prefix }}hif1/heisenbridge:{{ matrix_heisenbridge_version }}"
|
||||
matrix_heisenbridge_docker_image_force_pull: "{{ matrix_heisenbridge_docker_image.endswith(':latest') }}"
|
||||
|
||||
# Set this to your Matrix ID if you want to enforce the owner, otherwise first _local_ user becomes one
|
||||
matrix_heisenbridge_owner: ""
|
||||
|
||||
# Enabling identd will bind to host port 113/TCP
|
||||
matrix_heisenbridge_identd_enabled: false
|
||||
|
||||
matrix_heisenbridge_base_path: "{{ matrix_base_data_path }}/heisenbridge"
|
||||
|
||||
# A list of extra arguments to pass to the container
|
||||
matrix_heisenbridge_container_extra_arguments: []
|
||||
|
||||
# List of systemd services that service depends on.
|
||||
matrix_heisenbridge_systemd_required_services_list: ['docker.service']
|
||||
|
||||
# List of systemd services that service wants
|
||||
matrix_heisenbridge_systemd_wanted_services_list: []
|
||||
|
||||
matrix_heisenbridge_homeserver_url: "{{ matrix_homeserver_container_url }}"
|
||||
|
||||
matrix_heisenbridge_appservice_token: ''
|
||||
matrix_heisenbridge_homeserver_token: ''
|
||||
|
||||
# Default registration file
|
||||
matrix_heisenbridge_registration_yaml:
|
||||
id: heisenbridge
|
||||
url: http://matrix-heisenbridge:9898
|
||||
as_token: "{{ matrix_heisenbridge_appservice_token }}"
|
||||
hs_token: "{{ matrix_heisenbridge_homeserver_token }}"
|
||||
rate_limited: false
|
||||
sender_localpart: heisenbridge
|
||||
namespaces:
|
||||
users:
|
||||
- regex: '@hbirc_.*'
|
||||
exclusive: true
|
||||
aliases: []
|
||||
rooms: []
|
||||
|
||||
matrix_heisenbridge_registration: "{{ matrix_heisenbridge_registration_yaml|from_yaml }}"
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in new issue