Compare commits
95 Commits
c292c56ab2
...
d848a87b0a
Author | SHA1 | Date |
---|---|---|
josiah | d848a87b0a | 4 years ago |
josiah | 55cc82ec57 | 4 years ago |
josiah | c0bb6c260b | 4 years ago |
Slavi Pantaleev | 65e22a6888 | 4 years ago |
Slavi Pantaleev | 6db3a46f88 | 4 years ago |
Daniel Wiegreffe | b3926e7cca | 4 years ago |
Slavi Pantaleev | 93cefa3dfe | 4 years ago |
tctovsli | 152c163603 | 4 years ago |
Slavi Pantaleev | 29cefae38d | 4 years ago |
Slavi Pantaleev | e10e3e354d | 4 years ago |
jens quade | 8029ca59c9 | 4 years ago |
Slavi Pantaleev | 1ffa871eaf | 4 years ago |
0hlov3 | bd69e4fdef | 4 years ago |
0hlov3 | 59e1abb072 | 4 years ago |
Slavi Pantaleev | e1a30edf11 | 4 years ago |
Dan Arnfield | faa96ca0c3 | 4 years ago |
Daniel Wiegreffe | 8f41041f6d | 4 years ago |
Slavi Pantaleev | 029e27b62a | 4 years ago |
Scott Crossen | b24333dd0f | 4 years ago |
Slavi Pantaleev | 6e8a39119b | 4 years ago |
Slavi Pantaleev | e8ef07a445 | 4 years ago |
Slavi Pantaleev | 6fefbc248a | 4 years ago |
Slavi Pantaleev | 6300c87396 | 4 years ago |
0hlov3 | 21f20773c5 | 4 years ago |
0hlov3 | c19abe4a76 | 4 years ago |
0hlov3 | e8ef50fbdc | 4 years ago |
0hlov3 | c366e26360 | 4 years ago |
Olaf Schoenwald | 7e78639aad | 4 years ago |
Olaf Schoenwald | 48a6525aca | 4 years ago |
0hlov3 | a49718632a | 4 years ago |
Slavi Pantaleev | f7ead046d1 | 4 years ago |
Dominik Zajac | b0511603fd | 4 years ago |
Aaron Raimist | 77635c4529 | 4 years ago |
Olaf Schoenwald | e7921e305b | 4 years ago |
Olaf Schoenwald | abf70f7772 | 4 years ago |
Slavi Pantaleev | 5bb2c43502 | 4 years ago |
Slavi Pantaleev | 4334abe69a | 4 years ago |
Aki Salminen | 5733f4d157 | 4 years ago |
Slavi Pantaleev | 2a1ec38e3a | 4 years ago |
Slavi Pantaleev | 4ef873ceb0 | 4 years ago |
Slavi Pantaleev | bed16fd065 | 4 years ago |
Slavi Pantaleev | 6def66940f | 4 years ago |
Slavi Pantaleev | 1fd81835b6 | 4 years ago |
Slavi Pantaleev | 7901293438 | 4 years ago |
Slavi Pantaleev | da38a7869f | 4 years ago |
Slavi Pantaleev | a456e3a9e7 | 4 years ago |
Slavi Pantaleev | b117dc0cb7 | 4 years ago |
Slavi Pantaleev | e3dca2f66f | 4 years ago |
Slavi Pantaleev | 3c285bc6f5 | 4 years ago |
Slavi Pantaleev | 6e9600ffec | 4 years ago |
Slavi Pantaleev | daf13107a0 | 4 years ago |
Slavi Pantaleev | 073c96a3fd | 4 years ago |
Slavi Pantaleev | 264fb60e99 | 4 years ago |
Slavi Pantaleev | b4a549b772 | 4 years ago |
Slavi Pantaleev | 9952ec6c16 | 4 years ago |
Slavi Pantaleev | fc1655cd4b | 4 years ago |
Slavi Pantaleev | 5abbeb75c9 | 4 years ago |
Slavi Pantaleev | f79ca1e249 | 4 years ago |
Dan Arnfield | c8754f422a | 4 years ago |
Dan Arnfield | 8d373409b8 | 4 years ago |
Dan Arnfield | 20eea648a5 | 4 years ago |
Slavi Pantaleev | 0ff7c25700 | 4 years ago |
Justin Croonenberghs | 31e2a1f06b | 4 years ago |
Slavi Pantaleev | 7c26d1b90e | 4 years ago |
Justin Croonenberghs | c5d18733d2 | 4 years ago |
Slavi Pantaleev | ca83f20ec5 | 4 years ago |
MatthewCroughan | 19cc5fe573 | 4 years ago |
Slavi Pantaleev | e6dd0fbaee | 4 years ago |
Slavi Pantaleev | 238d5e2c78 | 4 years ago |
merklaw | fa6d85636f | 4 years ago |
merklaw | 87df15441c | 4 years ago |
merklaw | 48b93091f9 | 4 years ago |
merklaw | a460420b34 | 4 years ago |
merklaw | 0cd243095d | 4 years ago |
merklaw | 205c15a80b | 4 years ago |
merklaw | e167b80f94 | 4 years ago |
merklaw | f57b2f6e92 | 4 years ago |
Slavi Pantaleev | fffe9da5a9 | 4 years ago |
Slavi Pantaleev | 4b0a462aef | 4 years ago |
Dennis Ciba | b22b593d83 | 4 years ago |
Slavi Pantaleev | 54195b22c7 | 4 years ago |
benkuly | 7755e5efd4 | 4 years ago |
Slavi Pantaleev | f78a5d4ee8 | 4 years ago |
Slavi Pantaleev | 675fbfbc52 | 4 years ago |
vaivars | e73b863329 | 4 years ago |
Slavi Pantaleev | a7382924fc | 4 years ago |
Slavi Pantaleev | 68b2f2c33c | 4 years ago |
vaivars | fad1f72df8 | 4 years ago |
vractal | 627c225101 | 4 years ago |
Slavi Pantaleev | 050442af11 | 4 years ago |
Benjamin Fichtner | 6539f2a156 | 4 years ago |
vractal | 9b61fef271 | 4 years ago |
Slavi Pantaleev | 3dcef4faa9 | 4 years ago |
Slavi Pantaleev | be5ca5258b | 4 years ago |
Johanna Dorothea Reichmann | 2004143f14 | 4 years ago |
@ -0,0 +1,53 @@
|
||||
# Setting up matrix-registration (optional)
|
||||
|
||||
The playbook can install and configure [matrix-registration](https://github.com/ZerataX/matrix-registration) for you.
|
||||
|
||||
> matrix-registration is a simple python application to have a token based matrix registration.
|
||||
|
||||
Use matrix-registration to **create unique registration links**, which people can use to register on your Matrix server. It allows you to **keep your server's registration closed (private)**, but still allow certain people (these having a special link) to register a user account.
|
||||
|
||||
**matrix-registration** provides 2 things:
|
||||
|
||||
- **an API for creating registration tokens** (unique registration links). This API can be used via `curl` or via the playbook (see [Usage](#usage) below)
|
||||
|
||||
- **a user registration page**, where people can use these registration tokens. By default, exposed at `https:///matrix.DOMAIN/matrix-registration`
|
||||
|
||||
|
||||
## Installing
|
||||
|
||||
Adjust your playbook configuration (your `inventory/host_vars/matrix.DOMAIN/vars.yml` file):
|
||||
|
||||
```yaml
|
||||
matrix_registration_enabled: true
|
||||
|
||||
# Generate a strong secret using: `pwgen -s 64 1`.
|
||||
matrix_registration_admin_secret: "ENTER_SOME_SECRET_HERE"
|
||||
```
|
||||
|
||||
Then, run the [installation](installing.md) command again:
|
||||
|
||||
```
|
||||
ansible-playbook -i inventory/hosts setup.yml --tags=setup-all,start
|
||||
```
|
||||
|
||||
|
||||
## Usage
|
||||
|
||||
**matrix-registration** gets exposed at `https:///matrix.DOMAIN/matrix-registration`
|
||||
|
||||
It provides various [APIs](https://github.com/ZerataX/matrix-registration/wiki/api) - for creating registration tokens, listing tokens, disabling tokens, etc. To make use of all of its capabilities, consider using `curl`.
|
||||
|
||||
We make the most common API (the one for creating unique registration tokens) easy to use via the playbook.
|
||||
|
||||
**To create a new user registration token (link)**, use this command:
|
||||
|
||||
```
|
||||
ansible-playbook -i inventory/hosts setup.yml \
|
||||
--tags=generate-matrix-registration-token \
|
||||
--extra-vars="one_time=yes ex_date=2021-12-31"
|
||||
```
|
||||
|
||||
The above command creates and returns a **one-time use** token, which **expires** on the 31st of December 2021.
|
||||
Adjust the `one_time` and `ex_date` variables as you see fit.
|
||||
|
||||
Share the unique registration link (generated by the command above) with users to let them register on your Matrix server.
|
@ -0,0 +1,156 @@
|
||||
matrix.DOMAIN.tld {
|
||||
|
||||
tls {$CADDY_TLS}
|
||||
|
||||
@identity {
|
||||
path /_matrix/identity/*
|
||||
}
|
||||
|
||||
@noidentity {
|
||||
not path /_matrix/identity/*
|
||||
}
|
||||
|
||||
@search {
|
||||
path /_matrix/client/r0/user_directory/search/*
|
||||
}
|
||||
|
||||
@nosearch {
|
||||
not path /_matrix/client/r0/user_directory/search/*
|
||||
}
|
||||
|
||||
@static {
|
||||
path /matrix/static-files/*
|
||||
}
|
||||
|
||||
@nostatic {
|
||||
not path /matrix/static-files/*
|
||||
}
|
||||
|
||||
header {
|
||||
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
|
||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
# Enable cross-site filter (XSS) and tell browser to block detected attacks
|
||||
X-XSS-Protection "1; mode=block"
|
||||
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
|
||||
X-Content-Type-Options "nosniff"
|
||||
# Disallow the site to be rendered within a frame (clickjacking protection)
|
||||
X-Frame-Options "DENY"
|
||||
# X-Robots-Tag
|
||||
X-Robots-Tag "noindex, noarchive, nofollow"
|
||||
167,9 79%
|
||||
}
|
||||
|
||||
# Cache
|
||||
header @static {
|
||||
# Cache
|
||||
Cache-Control "public, max-age=31536000"
|
||||
defer
|
||||
}
|
||||
|
||||
# identity
|
||||
handle @identity {
|
||||
reverse_proxy localhost:8090 {
|
||||
header_up X-Forwarded-Port {http.request.port}
|
||||
header_up X-Forwarded-Proto {http.request.scheme}
|
||||
header_up X-Forwarded-TlsProto {tls_protocol}
|
||||
header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||
header_up X-Forwarded-HttpsProto {proto}
|
||||
}
|
||||
}
|
||||
|
||||
# search
|
||||
handle @search {
|
||||
reverse_proxy localhost:8090 {
|
||||
header_up X-Forwarded-Port {http.request.port}
|
||||
header_up X-Forwarded-Proto {http.request.scheme}
|
||||
header_up X-Forwarded-TlsProto {tls_protocol}
|
||||
header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||
header_up X-Forwarded-HttpsProto {proto}
|
||||
}
|
||||
}
|
||||
|
||||
handle {
|
||||
encode zstd gzip
|
||||
|
||||
reverse_proxy localhost:8008 {
|
||||
header_up X-Forwarded-Port {http.request.port}
|
||||
header_up X-Forwarded-Proto {http.request.scheme}
|
||||
header_up X-Forwarded-TlsProto {tls_protocol}
|
||||
header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||
header_up X-Forwarded-HttpsProto {proto}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
matrix.DOMAIN.tld:8448 {
|
||||
handle {
|
||||
encode zstd gzip
|
||||
|
||||
reverse_proxy 127.0.0.1:8048 {
|
||||
header_up X-Forwarded-Port {http.request.port}
|
||||
header_up X-Forwarded-Proto {http.request.scheme}
|
||||
header_up X-Forwarded-TlsProto {tls_protocol}
|
||||
header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||
header_up X-Forwarded-HttpsProto {proto}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
dimension.DOMAIN.tld {
|
||||
|
||||
tls {$CADDY_TLS}
|
||||
|
||||
header {
|
||||
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
|
||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
# Enable cross-site filter (XSS) and tell browser to block detected attacks
|
||||
X-XSS-Protection "1; mode=block"
|
||||
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
|
||||
X-Content-Type-Options "nosniff"
|
||||
# Disallow the site to be rendered within a frame (clickjacking protection)
|
||||
X-Frame-Options "DENY"
|
||||
# X-Robots-Tag
|
||||
X-Robots-Tag "noindex, noarchive, nofollow"
|
||||
}
|
||||
|
||||
handle {
|
||||
encode zstd gzip
|
||||
|
||||
reverse_proxy localhost:8184 {
|
||||
header_up X-Forwarded-Port {http.request.port}
|
||||
header_up X-Forwarded-Proto {http.request.scheme}
|
||||
header_up X-Forwarded-TlsProto {tls_protocol}
|
||||
header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||
header_up X-Forwarded-HttpsProto {proto}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
element.DOMAIN.tld {
|
||||
|
||||
tls {$CADDY_TLS}
|
||||
|
||||
header {
|
||||
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
|
||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
# Enable cross-site filter (XSS) and tell browser to block detected attacks
|
||||
X-XSS-Protection "1; mode=block"
|
||||
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
|
||||
X-Content-Type-Options "nosniff"
|
||||
# Disallow the site to be rendered within a frame (clickjacking protection)
|
||||
X-Frame-Options "DENY"
|
||||
# X-Robots-Tag
|
||||
X-Robots-Tag "noindex, noarchive, nofollow"
|
||||
}
|
||||
|
||||
handle {
|
||||
encode zstd gzip
|
||||
|
||||
reverse_proxy localhost:8765 {
|
||||
header_up X-Forwarded-Port {http.request.port}
|
||||
header_up X-Forwarded-Proto {http.request.scheme}
|
||||
header_up X-Forwarded-TlsProto {tls_protocol}
|
||||
header_up X-Forwarded-TlsCipher {tls_cipher}
|
||||
header_up X-Forwarded-HttpsProto {proto}
|
||||
}
|
||||
}
|
@ -1,90 +1,111 @@
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
36316432363035626131363938623166613466366464653166333035343562356337643064343434
|
||||
6165656131633264353130356530636166663231303737330a623231653338353730316232666361
|
||||
35613534633338626239396664356562623632646235383666663366396265643937386163383663
|
||||
6637316239303030630a343533616539386436393539333164623034333532336531376665623964
|
||||
34346266393636373438343735383561363432323364623339393766373162643231323333386535
|
||||
30333433323631316361396339303936396466346639623034666331373832616163666263353336
|
||||
63633131663066383362336330323039356566663237646132333937323238363239633565346230
|
||||
39326339363831636536633635373164643536346237656538636265616332303338643666626362
|
||||
31326631373337316639633561396430626366386439616331346662643730363135646561313936
|
||||
65333835633039313665323763316662353633353431333434653232363330363532303235613634
|
||||
62636163633535363630366238663162346438363163623635323230333365313431623831306637
|
||||
63663235383466663938656361636161353465616362343632346636346230383335373931613065
|
||||
36666230343138363962663566663030636239663536376562346138313966376331363336663364
|
||||
61626238326336306637653865353532636233653464366438626563316231313438353634376235
|
||||
35656631333438656335666137666634343935343639336631313232306362356366623036333033
|
||||
38373666393265626463613534343331613066386561383130356634636431623962656164366661
|
||||
66316530633737323963316664353363336537643466333734326466386465663636613438373036
|
||||
39613633343336356364333135316661646639613536386465616563373834623130366561653038
|
||||
30653330313435326366363361626163646564333137363965646366326431363337343766666338
|
||||
62313661363137306561633266356165383537633565353563386630623239373834303937613764
|
||||
37653138663236366166643433663639643639336431366434643233343235633361626265383338
|
||||
65613338383533353034623964366462646164353763653234653864643136323065333031373132
|
||||
32613462313832313131613230383435306539666666613036636139323632353230336634346566
|
||||
64383639663962346563333835383361633066363937613531653830373835353730633330316566
|
||||
65646339653964353738356263393062653632343134313438343932306537643561653562333266
|
||||
62363535363033626538343163373064613431386665383036306239386235616362396565386239
|
||||
34643631393335656461306163326465383532386661383634316236303139653331373161346565
|
||||
61613233653838366366323162353030323934316664363164333863666563313031393136383466
|
||||
35313966393631616230313965376561653439613636646438626536646565343836613038663337
|
||||
31313761326232346431633233373862323336613862613032373235303761653563363330356430
|
||||
33306133386634343862333439666236303539363666643434353362303037343236333862366532
|
||||
39323632663230613338636335396262326431366635323837626639356564333434396432623764
|
||||
63373936323431623464386135633039646338396365633461343264643932353339656138623563
|
||||
32616266383335353433373166663436383537316562623434653734313137343536333033356535
|
||||
34366135336335363063643731623331646635653539656631396266666534633535626361623236
|
||||
37656436366430333766336464303438366634626663336261313064353861643130663366306536
|
||||
33626262356339623935333731623038386363653937663961363361333039326664383930346436
|
||||
65313435393966633139356461353365636437376130316633613839303166633762626564633765
|
||||
36323036626161306562366533373634666631313731656138313239333937303662613263306461
|
||||
61306630643261316333363636353162336435333137386234313264633364613232353537633030
|
||||
30333537636664623664386364626434323235623130363531663765343463366537656635363034
|
||||
66313136343436663363613338376562623834653535626239643837386439383230656539373338
|
||||
63386234363637393166363336363565666364636462646262666165346533313064376465323162
|
||||
66356133346665653731643964343262396330303539383462353965333261653135313039613064
|
||||
38393136636266383531623534336636646365313833643464313337363836656239656132373431
|
||||
39393435643365353833383233383062623265656464373435663634396531313539616638396463
|
||||
39623133343237663237643561303965636234383765643166303234396430333866653661393761
|
||||
33663564346366653139623234666464313261643332616439356565656539346163643964663465
|
||||
33333734376533663639303930613161353738346134326561336662663563373266316338633632
|
||||
62303336343062366361383331653736306231616265626132646463343065333533636165383139
|
||||
38643564373065343933333836643537386531633732373461373036363539653162303636623439
|
||||
34343263306430616462363061323464663433313433383436346434313333636362323437306432
|
||||
33363035336439303666373639383037363339613561313731393533663836343464346630303639
|
||||
37386134343663393938633766393430313864616536653639663038303566313966343262636466
|
||||
34613432616662393337383565393263313630626361396563313233623665343934336138363131
|
||||
64663235386536386266333065303233366136643762393830366339373232383265663430356666
|
||||
66616461383662643039306435353538633166333766336162313734373661363737636465333237
|
||||
34663930343535373434386664333164306236393734393062666561326536323233353032306562
|
||||
66333638643938656334653761613239376533306564393930616566353936653034316634623538
|
||||
31636564386433396339343433333232376232356334326135353137353835396464373631366534
|
||||
39366462343665626236313263313635396361613236626634386232613366303236373431666537
|
||||
35366530343964373433346664383131623163663332343034326365633662306430303564353835
|
||||
32386136666434663832343662656466383563336537376636383063373836353762326335393233
|
||||
65623465333734303039333063323133386633366336613836356337396333323937636231653936
|
||||
65316338363737366533366461643438353134303035323365313736386237343136336336383136
|
||||
36396261376138643932623638636261633066663231616563373137346432303066353433313036
|
||||
63666535393261343963363761396437613835393130663064396338633138393838346366613262
|
||||
38653263396531643734303730306330326533303265343932653535376331633334363534353036
|
||||
39636430636136383134636463376261343034623461386534373138646262366436333833643736
|
||||
65666136633335363034356431343062613030616239383962393133663465353832333763396432
|
||||
32643464666639653130333239663430336134373766306534363534376634633933633965343732
|
||||
62316561643261633833623338313732636530383861383831386135396137623439663733323830
|
||||
35313839663832326362326566336637336462616533643532366333326462343734636232616463
|
||||
39646138386632333163613964393935313331323434333838643438653666303335396237613339
|
||||
66623832383133373565323730623230393665666231313230376332363536653530373936383330
|
||||
33356132363538306331383335633265373865646432303036636461373037353135653739346537
|
||||
35396139313565633737383333316134333061333536613830393431623431616232343862633865
|
||||
36613864303039656464363532383936303334653134633962303738363264663034373532303330
|
||||
62376664653231663934643065636233333732363935613866306362656130393435386130656632
|
||||
36393038646232303461343833636261373633383331383336383433323465666630646532373164
|
||||
63636637393666616433316636303635623635386262343266313931343863373335333163633365
|
||||
38656134643735623239373866653961396265343965396630373262623362623936613532633963
|
||||
36623139663062376365633761616163613739353564363065623538383532633464323835656566
|
||||
61376665353363306364636239356131326631333864316366333035383032663266623439636336
|
||||
62653538326431353462303861626439356539383464306163326632373136353832393432643865
|
||||
64626432623533303633313530646435356638633731643838323563363363353135623537623332
|
||||
63356662643834386631346661656137303562376534346234663761363539363865626133326365
|
||||
38623161376661373661373234396230333630653733626365303539646563306532313836316639
|
||||
66613839326432623662383939633234383532396564616262323566316166613161
|
||||
66636239643662303936376365386636313861626365643933343135343931333363393132643032
|
||||
3733653633356164636234393931366639633038336334340a386466383762356165343530353533
|
||||
36643833643532356633353966633062626464323061663361386666616238663331383263333466
|
||||
3866303962366262640a343332373538646562356264623133663837663938633465323333366435
|
||||
63663564393234383235633735613563633266643338343832303039356262656130376239396131
|
||||
62653035376135363664613739613337343532353564376130336533636139623762626130323862
|
||||
38623062633735363632613062363330363632613463623062386432383033633238316236666338
|
||||
34623732373336303735323062373666666337373863336330356336653966633563656638633733
|
||||
35663663616537616161393635663935333362623432336231373065353931333265313234643263
|
||||
61303731356236383336653665316364373435343838653366393264653031643766336134636331
|
||||
61656639303265323738356265323933356537363437363836633834376263363036663164386236
|
||||
31653636363438616261306366366537353339363762323534656465346366653932336633613233
|
||||
65353537633464346430643733386132396338313266333738653036313430383936626439343933
|
||||
33383266343535633131663836336663323664393130326137656336353862303636346161613535
|
||||
39653233383432623239366437303763313162346365336234343430313933613838396462663837
|
||||
62626330333665303537326465616632343564613162626431666266383234666330303636366538
|
||||
34376266653662303362383932343564306163646638366465346336313734646261326638326136
|
||||
62343233393666326630353533646336356638393765366336303734363963373066383734376637
|
||||
66393839323863663931653138323836396563616230306133363966666230386236663162383063
|
||||
35323235646338646135623762396331353063646364653337383232343239623230346638386537
|
||||
33613963373866396634343039393034316633333431313930343835626465356331333161313835
|
||||
31306365316639383635653331666566333564383734346534663962343565353838666230383263
|
||||
62363832373631613066376566333238643065636663313133366433653461653864326363646330
|
||||
31616139623731343038306263323733636334313363643931616336333036383938373666376230
|
||||
32323436383536663465373737383736333362366132613361313264386432613937383262666634
|
||||
37653037613134633433633338646366646266366465356132666638363865333139376233383436
|
||||
64343062386362373735343135633836323266353565633863643539383461666537366439336565
|
||||
32306138313432653139323435326637373462663630346364316531663361613631356266353163
|
||||
30346662396563623136623539353263356163643237663436323736646232653639316663363136
|
||||
32316565383434333764373131656534363430393631383262643836356136316437306366633132
|
||||
31313532643334336538353563373039373261333862306336656630383435353230616566313966
|
||||
32333330623361373335336636316635636134646564353338333065333737313532653837323634
|
||||
37353130636433373263373537316662356165396331653230316562386637376533636635393137
|
||||
65626363333331366336306233656236623137623334356465613363663239633364616633383066
|
||||
39646366663532386366343433396665356631333431303131663563313735616630323137613634
|
||||
63646334636630313233663033346630666136653439633637666363656561633962363935313762
|
||||
62333435313431666666343830643833373136643039653862346561346335663765616665366562
|
||||
31393865663639663063616336333132356439326134633031646432316565316361353362653366
|
||||
65316263363462626230643836626138636662353964333565313036326130323665663865616238
|
||||
37333637323466613832386138363036306266646533323934366466316662336138316333363263
|
||||
64316130643536303432386465343839313636326139373636386137316363323465393464353463
|
||||
61633830626530366339623665343139633839383362653434373738643131636666333664656239
|
||||
64653934666635336435396164643336386536653937613263303262656332343638366265393135
|
||||
30363438373631313437313936653035346633616265323639656438343161383639643930396537
|
||||
35333532376264353037663161306633323435396362366265353666363761356664306233303064
|
||||
61393664346464363331376133383465326464356363623530386463343439393533396532366639
|
||||
39383431626339386135643866613732646661353638353132663535643163646566353937633065
|
||||
39396131333935393764323731353736353864376436633532616362313931653336333139666538
|
||||
63396636343934366161646131623462333333363038393534346364303866366138376362656539
|
||||
37333730316431636264323138346161396662333634323836343635656461386630353862653334
|
||||
33383065366331643965393339653635633464316661623662336637626133663163626238356532
|
||||
61336636343637656531303031633066666161316236373461303463353762616265383734366362
|
||||
38346131396265373939633865333234666561346135646331326666343630383736313331366437
|
||||
36626665303938393737373263613033353038323762396165373566366265616165633862316430
|
||||
30363365656665313264616134643337346466303466656663396633643261333565653262666439
|
||||
63333730333962646561333362326266393063333136663731383365393032616132653634333639
|
||||
65663132623039616537666338653964396232376438323039323764333131633038643030383437
|
||||
63383639353439356564613962386466313062646165386261313730643832323932346232666466
|
||||
36303931646134653231383164663332323761666137346539333032336363316236346430356637
|
||||
33373064653263373935383666623965373232346238306462613462323463393462663161343830
|
||||
37313937623064373065356435343038613061353063643162393637373238643464346133666436
|
||||
62663262613639326261346430323363353863376436376238313361366239663165383864313830
|
||||
61636438353335383965626239363335626634303865313431323030643166633339366332383536
|
||||
33623964306363653866333365333038636537663533633332313336366534343264653130326436
|
||||
31396638373639383336376361306635316163343238653461323436333636383662646461636564
|
||||
33616130313633336165366666376535323630366636393733303661386132386331616538623166
|
||||
32326132366334323232383330336635303132386235326162653763303965616639393265373730
|
||||
66306164383133383863353736663761383263326636643730363031626634373836366439643639
|
||||
32666533336461653263363131383739363134663134336538386435306461356163633131373763
|
||||
65323736366634653234303566376235383264653839363166613335623165633031646365313833
|
||||
65626336373861656662306432646163393639393937343832623034376638643533323334626635
|
||||
39323861666137643062633132643739383031626330623832653734386334383365666261616161
|
||||
37643962333637313538363766323237306438653937653638656230376232303538363961316138
|
||||
32663530666366363661343237306430636232643639346562626537373961646535313832623237
|
||||
65396538363235643464346463373630396162373936353264373164323439663734623461366336
|
||||
66663862656464363866643862346461623130313638663864343237666232656631653461623732
|
||||
33323030666361626164616431623635323231333062373935666566303761643537616164366338
|
||||
38323532373234326234343466333936336262626562613438646465326536643537623238333534
|
||||
37383637653439656239303363633431313138393937356136326666613963303165643762393962
|
||||
30636165613130353635393465646433633137376337333530396332376133616639313538666265
|
||||
61623562323936376335663436313930336662373330383233303662663137656634366132363338
|
||||
66386337306333323863663639643232643634393634633461383264613333343935333662323038
|
||||
37353166313539636533613963666234356630393264636137376539376237336138626564616566
|
||||
64366261316564336332353862663165616566643730643366303562363936643033646636393662
|
||||
33376563633432343334366461653333396635613866373664353337616633306338303362346565
|
||||
35643865373362333461306464316330303062616234386462323031343062393933313730656263
|
||||
62643330333235396135376436356530316333636238373237613764336531666631336662623334
|
||||
31653531616532353031356238353339666662373939306165393335313561303361616236346336
|
||||
65393930366164353136626562386165616637333036656334633937343266366264353964653031
|
||||
38353437393762316237666265633165656530343334316265356139663964326538383063323332
|
||||
30656133613764633036636265643965333931336230633031363436383536376565623466333432
|
||||
31616663376138363463333066646635613538366464323033653937373630353233313939623362
|
||||
30323062336261373930316631383163663833643162623735666136633734343131316439623561
|
||||
65653265623835333835393637336566306563633364346536366339356561646132356232333563
|
||||
35636538323930303839653664393732363561383835656335616237626264323764306131313238
|
||||
37643735613736376362353534633865656230633438616534633062313938363561626162643033
|
||||
31316231373661626161343532333033663832656337623830343362663061663534646532646562
|
||||
65646565313162366131656431666664313966383765313238353231663561353863663465336631
|
||||
65396631626130663838356163386632653466306466303866633730623062666430643630653239
|
||||
32313863653637386239306461646463653434366362613938626633316231333830396564333366
|
||||
31666566653664306330313965326437656338356233383365386163656237316663393764316164
|
||||
33323930636364346530623862316238333966666632383562336431386366353662353334646338
|
||||
31376666633164386164363062636137353939363363306664613636323531643461366636346538
|
||||
37616662613166663165366566613231643836636533386637303532636432616236336636346362
|
||||
32613630666432396230636539353931626264316639343336653339366331626632366533383637
|
||||
64663838386436646464643537613966336234316563666632396564366263353233363434623433
|
||||
38356166633935663161646430356363336332666236323734343736653032363732393735353537
|
||||
38373936616165646530636337656237326666346164323063333136336137363633613731663564
|
||||
61646338663338663862303266393463663861643262633934633439386333353336383839656436
|
||||
3362323430303033363362376438336531643266613865643063
|
||||
|
@ -0,0 +1,6 @@
|
||||
# Ansible outputs the message in the `item=` field.
|
||||
# It's unnecessary to output it again in the actual message, so we don't.
|
||||
- debug:
|
||||
msg: ""
|
||||
with_items: "{{ matrix_playbook_runtime_results }}"
|
||||
when: "matrix_playbook_runtime_results is defined and matrix_playbook_runtime_results|length > 0"
|
@ -0,0 +1 @@
|
||||
20 4 */5 * * root {{ matrix_host_command_systemctl }} reload matrix-coturn.service
|
@ -0,0 +1,5 @@
|
||||
MAILTO="{{ matrix_ssl_lets_encrypt_support_email }}"
|
||||
15 4 * * * root {{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew
|
||||
{% if matrix_nginx_proxy_enabled %}
|
||||
20 5 * * * root {{ matrix_host_command_systemctl }} reload matrix-nginx-proxy.service
|
||||
{% endif %}
|
@ -0,0 +1,83 @@
|
||||
# matrix-registration is a simple python application to have a token based matrix registration
|
||||
# See: https://zeratax.github.io/matrix-registration/
|
||||
|
||||
matrix_registration_enabled: true
|
||||
|
||||
matrix_registration_container_image_self_build: false
|
||||
|
||||
matrix_registration_base_path: "{{ matrix_base_data_path }}/matrix-registration"
|
||||
matrix_registration_config_path: "{{ matrix_registration_base_path }}/config"
|
||||
matrix_registration_data_path: "{{ matrix_registration_base_path }}/data"
|
||||
matrix_registration_docker_src_files_path: "{{ matrix_registration_base_path }}/docker-src"
|
||||
|
||||
matrix_registration_version: "v0.7.0"
|
||||
|
||||
matrix_registration_docker_image: "devture/zeratax-matrix-registration:{{ matrix_registration_version }}"
|
||||
matrix_registration_docker_image_force_pull: "{{ matrix_registration_docker_image.endswith(':latest') }}"
|
||||
matrix_registration_docker_repo: "https://github.com/ZerataX/matrix-registration"
|
||||
|
||||
# A list of extra arguments to pass to the container
|
||||
matrix_registration_container_extra_arguments: []
|
||||
|
||||
# List of systemd services that matrix-registration.service depends on
|
||||
matrix_registration_systemd_required_services_list: ['docker.service']
|
||||
|
||||
# List of systemd services that matrix-registration.service wants
|
||||
matrix_registration_systemd_wanted_services_list: []
|
||||
|
||||
# Controls whether the matrix-registration container exposes its HTTP port (tcp/5000 in the container).
|
||||
#
|
||||
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:8767"), or empty string to not expose.
|
||||
matrix_registration_container_http_host_bind_port: ''
|
||||
|
||||
# The path at which Matrix Registration will be exposed on `matrix.DOMAIN`
|
||||
# (only applies when matrix-nginx-proxy is used).
|
||||
matrix_registration_public_endpoint: /matrix-registration
|
||||
|
||||
matrix_registration_api_register_endpoint: "{{ matrix_homeserver_url }}{{ matrix_registration_public_endpoint }}/register"
|
||||
matrix_registration_api_token_endpoint: "{{ matrix_homeserver_url }}{{ matrix_registration_public_endpoint }}/token"
|
||||
|
||||
matrix_registration_api_validate_certs: true
|
||||
|
||||
# The URL to your homeserver (e.g.: `https://matrix.DOMAIN`).
|
||||
# A local (in-container address) is preferable.
|
||||
matrix_registration_server_location: ""
|
||||
|
||||
matrix_registration_server_name: "{{ matrix_domain }}"
|
||||
|
||||
# matrix_registration_shared_secret needs to match the homeserver's registration secret.
|
||||
# For Synapse, that's the `registration_shared_secret` setting.
|
||||
matrix_registration_shared_secret: ""
|
||||
|
||||
# matrix_registration_admin_secret is your own admin secret for using matrix-registration (creating new tokens, etc.)
|
||||
matrix_registration_admin_secret: ""
|
||||
|
||||
matrix_registration_riot_instance: "https://riot.im/app/"
|
||||
|
||||
|
||||
# Default matrix-registration configuration template which covers the generic use case.
|
||||
# You can customize it by controlling the various variables inside it.
|
||||
#
|
||||
# For a more advanced customization, you can extend the default (see `matrix_registration_configuration_extension_yaml`)
|
||||
# or completely replace this variable with your own template.
|
||||
matrix_registration_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
|
||||
|
||||
matrix_registration_configuration_extension_yaml: |
|
||||
# Your custom YAML configuration for registration goes here.
|
||||
# This configuration extends the default starting configuration (`matrix_registration_configuration_yaml`).
|
||||
#
|
||||
# You can override individual variables from the default configuration, or introduce new ones.
|
||||
#
|
||||
# If you need something more special, you can take full control by
|
||||
# completely redefining `matrix_registration_configuration_yaml`.
|
||||
#
|
||||
# Example configuration extension follows:
|
||||
#
|
||||
# password:
|
||||
# min_length: 12
|
||||
|
||||
matrix_registration_configuration_extension: "{{ matrix_registration_configuration_extension_yaml|from_yaml if matrix_registration_configuration_extension_yaml|from_yaml is mapping else {} }}"
|
||||
|
||||
# Holds the final matrix-registration configuration (a combination of the default and its extension).
|
||||
# You most likely don't need to touch this variable. Instead, see `matrix_registration_configuration_yaml`.
|
||||
matrix_registration_configuration: "{{ matrix_registration_configuration_yaml|from_yaml|combine(matrix_registration_configuration_extension, recursive=True) }}"
|
@ -0,0 +1,50 @@
|
||||
- name: Fail if playbook called incorrectly
|
||||
fail:
|
||||
msg: "The `one_time` variable needs to be provided to this playbook, via --extra-vars"
|
||||
when: "one_time is not defined or one_time not in ['yes', 'no']"
|
||||
|
||||
- name: Fail if playbook called incorrectly
|
||||
fail:
|
||||
msg: "The `ex_date` variable (expiration date) needs to be provided to this playbook, via --extra-vars"
|
||||
when: "ex_date is not defined or ex_date == '<date>'"
|
||||
|
||||
- name: Call matrix-registration token creation API
|
||||
uri:
|
||||
url: "{{ matrix_registration_api_token_endpoint }}"
|
||||
follow_redirects: none
|
||||
validate_certs: "{{ matrix_registration_api_validate_certs }}"
|
||||
headers:
|
||||
Content-Type: application/json
|
||||
Authorization: "SharedSecret {{ matrix_registration_admin_secret }}"
|
||||
method: POST
|
||||
body_format: json
|
||||
body: |
|
||||
{
|
||||
"one_time": {{ 'true' if one_time == 'yes' else 'false' }},
|
||||
"ex_date": {{ ex_date|to_json }}
|
||||
}
|
||||
check_mode: no
|
||||
register: matrix_registration_api_result
|
||||
|
||||
- set_fact:
|
||||
matrix_registration_api_result_message: >-
|
||||
matrix-registration result:
|
||||
|
||||
Direct registration link (with the token prefilled):
|
||||
|
||||
{{ matrix_registration_api_register_endpoint }}?token={{ matrix_registration_api_result.json.name }}
|
||||
|
||||
Full token details are:
|
||||
|
||||
{{ matrix_registration_api_result.json }}
|
||||
check_mode: no
|
||||
|
||||
- name: Inject result message into matrix_playbook_runtime_results
|
||||
set_fact:
|
||||
matrix_playbook_runtime_results: |
|
||||
{{
|
||||
matrix_playbook_runtime_results|default([])
|
||||
+
|
||||
[matrix_registration_api_result_message]
|
||||
}}
|
||||
check_mode: no
|
@ -0,0 +1,64 @@
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-registration'] }}"
|
||||
when: matrix_registration_enabled|bool
|
||||
|
||||
- block:
|
||||
- name: Fail if matrix-nginx-proxy role already executed
|
||||
fail:
|
||||
msg: >-
|
||||
Trying to append matrix-registration's reverse-proxying configuration to matrix-nginx-proxy,
|
||||
but it's pointless since the matrix-nginx-proxy role had already executed.
|
||||
To fix this, please change the order of roles in your plabook,
|
||||
so that the matrix-nginx-proxy role would run after the matrix-registration role.
|
||||
when: matrix_nginx_proxy_role_executed|default(False)|bool
|
||||
|
||||
- name: Generate matrix-registration proxying configuration for matrix-nginx-proxy
|
||||
set_fact:
|
||||
matrix_registration_matrix_nginx_proxy_configuration: |
|
||||
rewrite ^{{ matrix_registration_public_endpoint }}$ $scheme://$server_name{{ matrix_registration_public_endpoint }}/ permanent;
|
||||
rewrite ^{{ matrix_registration_public_endpoint }}/$ $scheme://$server_name{{ matrix_registration_public_endpoint }}/register redirect;
|
||||
|
||||
location ~ ^{{ matrix_registration_public_endpoint }}/(.*) {
|
||||
{% if matrix_nginx_proxy_enabled|default(False) %}
|
||||
{# Use the embedded DNS resolver in Docker containers to discover the service #}
|
||||
resolver 127.0.0.11 valid=5s;
|
||||
set $backend "matrix-registration:5000";
|
||||
proxy_pass http://$backend/$1;
|
||||
{% else %}
|
||||
{# Generic configuration for use outside of our container setup #}
|
||||
proxy_pass http://127.0.0.1:8767/$1;
|
||||
{% endif %}
|
||||
|
||||
{#
|
||||
Workaround matrix-registration serving static files at /static
|
||||
(see https://github.com/ZerataX/matrix-registration/issues/29)
|
||||
|
||||
Also fixing the form, which goes to /register.
|
||||
#}
|
||||
sub_filter_once off;
|
||||
sub_filter_types text/html text/css;
|
||||
sub_filter "/static/" "{{ matrix_registration_public_endpoint }}/static/";
|
||||
sub_filter "/register" "{{ matrix_registration_public_endpoint }}/register";
|
||||
}
|
||||
|
||||
- name: Register matrix-registration proxying configuration with matrix-nginx-proxy
|
||||
set_fact:
|
||||
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: |
|
||||
{{
|
||||
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks|default([])
|
||||
+
|
||||
[matrix_registration_matrix_nginx_proxy_configuration]
|
||||
}}
|
||||
tags:
|
||||
- always
|
||||
when: matrix_registration_enabled|bool
|
||||
|
||||
- name: Warn about reverse-proxying if matrix-nginx-proxy not used
|
||||
debug:
|
||||
msg: >-
|
||||
NOTE: You've enabled the matrix-registration tool but are not using the matrix-nginx-proxy
|
||||
reverse proxy.
|
||||
Please make sure that you're proxying the `{{ matrix_registration_public_endpoint }}`
|
||||
URL endpoint to the matrix-registration container.
|
||||
You can expose the container's port using the `matrix_registration_container_http_host_bind_port` variable.
|
||||
when: "matrix_registration_enabled|bool and matrix_nginx_proxy_enabled is not defined"
|
@ -0,0 +1,19 @@
|
||||
- import_tasks: "{{ role_path }}/tasks/init.yml"
|
||||
tags:
|
||||
- always
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||
when: "run_setup|bool and matrix_registration_enabled|bool"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-matrix-registration
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/setup.yml"
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-matrix-registration
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/generate_token.yml"
|
||||
when: "run_setup|bool and matrix_registration_enabled|bool"
|
||||
tags:
|
||||
- generate-matrix-registration-token
|
@ -0,0 +1,103 @@
|
||||
---
|
||||
|
||||
#
|
||||
# Tasks related to setting up matrix-registration
|
||||
#
|
||||
|
||||
- name: Ensure matrix-registration paths exist
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
with_items:
|
||||
- { path: "{{ matrix_registration_base_path }}", when: true }
|
||||
- { path: "{{ matrix_registration_config_path }}", when: true }
|
||||
- { path: "{{ matrix_registration_data_path }}", when: true }
|
||||
- { path: "{{ matrix_registration_docker_src_files_path }}", when: "{{ matrix_registration_container_image_self_build }}"}
|
||||
when: matrix_registration_enabled|bool and item.when
|
||||
|
||||
- name: Ensure matrix-registration image is pulled
|
||||
docker_image:
|
||||
name: "{{ matrix_registration_docker_image }}"
|
||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||
force_source: "{{ matrix_registration_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_registration_docker_image_force_pull }}"
|
||||
when: "matrix_registration_enabled|bool and not matrix_registration_container_image_self_build|bool"
|
||||
|
||||
- name: Ensure matrix-registration repository is present when self-building
|
||||
git:
|
||||
repo: "{{ matrix_registration_docker_repo }}"
|
||||
dest: "{{ matrix_registration_docker_src_files_path }}"
|
||||
version: "{{ matrix_registration_version }}"
|
||||
force: "yes"
|
||||
register: matrix_registration_git_pull_results
|
||||
when: "matrix_registration_enabled|bool and matrix_registration_container_image_self_build|bool"
|
||||
|
||||
- name: Ensure matrix-registration Docker image is built
|
||||
docker_image:
|
||||
name: "{{ matrix_registration_docker_image }}"
|
||||
source: build
|
||||
force_source: yes
|
||||
build:
|
||||
dockerfile: Dockerfile
|
||||
path: "{{ matrix_registration_docker_src_files_path }}"
|
||||
pull: yes
|
||||
when: "matrix_registration_enabled|bool and matrix_registration_container_image_self_build|bool and matrix_registration_git_pull_results.changed"
|
||||
|
||||
- name: Ensure matrix-registration config installed
|
||||
copy:
|
||||
content: "{{ matrix_registration_configuration|to_nice_yaml }}"
|
||||
dest: "{{ matrix_registration_config_path }}/config.yaml"
|
||||
mode: 0644
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
when: matrix_registration_enabled|bool
|
||||
|
||||
- name: Ensure matrix-registration.service installed
|
||||
template:
|
||||
src: "{{ role_path }}/templates/systemd/matrix-registration.service.j2"
|
||||
dest: "{{ matrix_systemd_path }}/matrix-registration.service"
|
||||
mode: 0644
|
||||
register: matrix_registration_systemd_service_result
|
||||
when: matrix_registration_enabled|bool
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-registration.service installation
|
||||
service:
|
||||
daemon_reload: yes
|
||||
when: "matrix_registration_enabled|bool and matrix_registration_systemd_service_result.changed"
|
||||
|
||||
#
|
||||
# Tasks related to getting rid of matrix-registration (if it was previously enabled)
|
||||
#
|
||||
|
||||
- name: Check existence of matrix-registration service
|
||||
stat:
|
||||
path: "{{ matrix_systemd_path }}/matrix-registration.service"
|
||||
register: matrix_registration_service_stat
|
||||
|
||||
- name: Ensure matrix-registration is stopped
|
||||
service:
|
||||
name: matrix-registration
|
||||
state: stopped
|
||||
daemon_reload: yes
|
||||
register: stopping_result
|
||||
when: "not matrix_registration_enabled|bool and matrix_registration_service_stat.stat.exists"
|
||||
|
||||
- name: Ensure matrix-registration.service doesn't exist
|
||||
file:
|
||||
path: "{{ matrix_systemd_path }}/matrix-registration.service"
|
||||
state: absent
|
||||
when: "not matrix_registration_enabled|bool and matrix_registration_service_stat.stat.exists"
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-registration.service removal
|
||||
service:
|
||||
daemon_reload: yes
|
||||
when: "not matrix_registration_enabled|bool and matrix_registration_service_stat.stat.exists"
|
||||
|
||||
- name: Ensure matrix-registration Docker image doesn't exist
|
||||
docker_image:
|
||||
name: "{{ matrix_registration_docker_image }}"
|
||||
state: absent
|
||||
when: "not matrix_registration_enabled|bool"
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
|
||||
- name: Fail if required matrix-registration settings not defined
|
||||
fail:
|
||||
msg: >
|
||||
You need to define a required configuration setting (`{{ item }}`) for using matrix-registration.
|
||||
when: "vars[item] == ''"
|
||||
with_items:
|
||||
- "matrix_registration_shared_secret"
|
||||
- "matrix_registration_admin_secret"
|
||||
- "matrix_registration_server_location"
|
@ -0,0 +1,30 @@
|
||||
server_location: {{ matrix_registration_server_location|to_json }}
|
||||
server_name: {{ matrix_registration_server_name|to_json }}
|
||||
shared_secret: {{ matrix_registration_shared_secret|to_json }}
|
||||
admin_secret: {{ matrix_registration_admin_secret|to_json }}
|
||||
riot_instance: {{ matrix_registration_riot_instance|to_json }}
|
||||
db: 'sqlite:////data/db.sqlite3'
|
||||
host: '0.0.0.0'
|
||||
port: 5000
|
||||
rate_limit: ["100 per day", "10 per minute"]
|
||||
allow_cors: false
|
||||
logging:
|
||||
disable_existing_loggers: False
|
||||
version: 1
|
||||
root:
|
||||
level: DEBUG
|
||||
handlers: [console]
|
||||
formatters:
|
||||
brief:
|
||||
format: '%(name)s - %(levelname)s - %(message)s'
|
||||
precise:
|
||||
format: '%(asctime)s - %(name)s - %(levelname)s - %(message)s'
|
||||
handlers:
|
||||
console:
|
||||
class: logging.StreamHandler
|
||||
level: INFO
|
||||
formatter: brief
|
||||
stream: ext://sys.stdout
|
||||
# password requirements
|
||||
password:
|
||||
min_length: 8
|
@ -0,0 +1,40 @@
|
||||
#jinja2: lstrip_blocks: "True"
|
||||
[Unit]
|
||||
Description=matrix-registration
|
||||
{% for service in matrix_registration_systemd_required_services_list %}
|
||||
Requires={{ service }}
|
||||
After={{ service }}
|
||||
{% endfor %}
|
||||
{% for service in matrix_registration_systemd_wanted_services_list %}
|
||||
Wants={{ service }}
|
||||
{% endfor %}
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-registration
|
||||
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-registration
|
||||
|
||||
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-registration \
|
||||
--log-driver=none \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--cap-drop=ALL \
|
||||
--network={{ matrix_docker_network }} \
|
||||
{% if matrix_registration_container_http_host_bind_port %}
|
||||
-p {{ matrix_registration_container_http_host_bind_port }}:5000 \
|
||||
{% endif %}
|
||||
-v {{ matrix_registration_config_path }}:/config:ro \
|
||||
-v {{ matrix_registration_data_path }}:/data \
|
||||
{% for arg in matrix_registration_container_extra_arguments %}
|
||||
{{ arg }} \
|
||||
{% endfor %}
|
||||
{{ matrix_registration_docker_image }} \
|
||||
serve
|
||||
|
||||
ExecStop=-{{ matrix_host_command_docker }} kill matrix-registration
|
||||
ExecStop=-{{ matrix_host_command_docker }} rm matrix-registration
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-registration
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -0,0 +1,48 @@
|
||||
- debug:
|
||||
msg: "Compressing room `{{ room_details.room_id }}` having {{ room_details.count }} state group rows"
|
||||
|
||||
- name: Generate rust-synapse-compress-state room compression command
|
||||
set_fact:
|
||||
matrix_synapse_rust_synapse_compress_state_compress_room_command: >-
|
||||
{{ matrix_host_command_docker }} run --rm --name matrix-rust-synapse-compress-state-compress-room
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||
--cap-drop=ALL
|
||||
--network={{ matrix_docker_network }}
|
||||
-v {{ matrix_synapse_rust_synapse_compress_state_base_path }}:/work
|
||||
{{ matrix_synapse_rust_synapse_compress_state_docker_image }}
|
||||
/synapse-compress-state -t -o /work/state-compressor.sql
|
||||
-p "host={{ matrix_synapse_database_host }} user={{ matrix_synapse_database_user }} password={{ matrix_synapse_database_password }} dbname={{ matrix_synapse_database_database }}"
|
||||
-r '{{ room_details.room_id }}'
|
||||
|
||||
- name: Run rust-synapse-compress-state room compression command (SQL generation)
|
||||
command: "{{ matrix_synapse_rust_synapse_compress_state_compress_room_command }}"
|
||||
async: "{{ matrix_synapse_rust_synapse_compress_state_compress_room_time }}"
|
||||
poll: 10
|
||||
register: matrix_synapse_rust_synapse_compress_state_compress_room_command_result
|
||||
|
||||
- debug: var="matrix_synapse_rust_synapse_compress_state_compress_room_command_result"
|
||||
|
||||
- name: Generate Postgres compression SQL import command
|
||||
set_fact:
|
||||
matrix_synapse_rust_synapse_compress_state_psql_import_command: >-
|
||||
{{ matrix_host_command_docker }} run --rm --name matrix-rust-synapse-compress-state-psql-import
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||
--cap-drop=ALL
|
||||
--network={{ matrix_docker_network }}
|
||||
--env-file={{ matrix_postgres_base_path }}/env-postgres-psql
|
||||
-v {{ matrix_synapse_rust_synapse_compress_state_base_path }}:/work:ro
|
||||
--entrypoint=/bin/sh
|
||||
{{ matrix_postgres_docker_image_latest }}
|
||||
-c "cat /work/state-compressor.sql |
|
||||
psql -v ON_ERROR_STOP=1 -h matrix-postgres"
|
||||
|
||||
- name: Import compression SQL into Postgres
|
||||
command: "{{ matrix_synapse_rust_synapse_compress_state_psql_import_command }}"
|
||||
async: "{{ matrix_synapse_rust_synapse_compress_state_psql_import_time }}"
|
||||
poll: 10
|
||||
register: matrix_synapse_rust_synapse_compress_state_psql_import_command_result
|
||||
|
||||
- name: Clean up
|
||||
file:
|
||||
path: "{{ matrix_synapse_rust_synapse_compress_state_base_path }}/state-compressor.sql"
|
||||
state: absent
|
@ -0,0 +1,118 @@
|
||||
# Pre-checks
|
||||
|
||||
- name: Fail if Postgres not enabled
|
||||
fail:
|
||||
msg: "Postgres via the matrix-postgres role is not enabled (`matrix_postgres_enabled`). Cannot use rust-synapse-compress-state."
|
||||
when: "not matrix_postgres_enabled|bool"
|
||||
|
||||
|
||||
# Defaults
|
||||
|
||||
- name: Set matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time, if not provided
|
||||
set_fact:
|
||||
matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time: 15
|
||||
when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time|default('') == ''"
|
||||
|
||||
- name: Set matrix_synapse_rust_synapse_compress_state_compress_room_time, if not provided
|
||||
set_fact:
|
||||
matrix_synapse_rust_synapse_compress_state_compress_room_time: 1800
|
||||
when: "matrix_synapse_rust_synapse_compress_state_compress_room_time|default('') == ''"
|
||||
|
||||
- name: Set matrix_synapse_rust_synapse_compress_state_psql_import_time, if not provided
|
||||
set_fact:
|
||||
matrix_synapse_rust_synapse_compress_state_psql_import_time: 1800
|
||||
when: "matrix_synapse_rust_synapse_compress_state_psql_import_time|default('') == ''"
|
||||
|
||||
- name: Set matrix_synapse_rust_synapse_compress_state_min_state_groups_required, if not provided
|
||||
set_fact:
|
||||
# The minimum number of state groups we're looking for before we consider a room eligible for compression.
|
||||
# Rooms with a smaller state groups count will not be compressed.
|
||||
matrix_synapse_rust_synapse_compress_state_min_state_groups_required: 100000
|
||||
when: "matrix_synapse_rust_synapse_compress_state_min_state_groups_required|default('') == ''"
|
||||
|
||||
|
||||
# Actual compression work
|
||||
|
||||
- name: Ensure rust-synapse-compress-state paths exist
|
||||
file:
|
||||
path: "{{ matrix_synapse_rust_synapse_compress_state_base_path }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
|
||||
- name: Ensure rust-synapse-compress-state image is pulled
|
||||
docker_image:
|
||||
name: "{{ matrix_synapse_rust_synapse_compress_state_docker_image }}"
|
||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||
force_source: "{{ matrix_synapse_rust_synapse_compress_state_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_synapse_rust_synapse_compress_state_docker_image_force_pull }}"
|
||||
|
||||
- name: Generate rust-synapse-compress-state room find command
|
||||
set_fact:
|
||||
matrix_synapse_rust_synapse_compress_state_find_rooms_command: >-
|
||||
{{ matrix_host_command_docker }} run --rm --name matrix-rust-synapse-compress-state-find-rooms
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }}
|
||||
--cap-drop=ALL
|
||||
--network={{ matrix_docker_network }}
|
||||
--env-file={{ matrix_postgres_base_path }}/env-postgres-psql
|
||||
{{ matrix_postgres_docker_image_latest }}
|
||||
psql -v ON_ERROR_STOP=1 -h matrix-postgres {{ matrix_synapse_database_database }} -c
|
||||
'SELECT array_to_json(array_agg(row_to_json (r))) FROM (SELECT room_id, count(*) AS count FROM state_groups_state GROUP BY room_id HAVING count(*) > {{ matrix_synapse_rust_synapse_compress_state_min_state_groups_required }} ORDER BY count DESC) r;'
|
||||
|
||||
- name: Find rooms eligible for compression with rust-synapse-compress-state
|
||||
command: "{{ matrix_synapse_rust_synapse_compress_state_find_rooms_command }}"
|
||||
async: "{{ matrix_synapse_rust_synapse_compress_state_find_rooms_command_wait_time }}"
|
||||
poll: 10
|
||||
register: matrix_synapse_rust_synapse_compress_state_find_rooms_command_result
|
||||
|
||||
# We expect the output to be like this:
|
||||
#
|
||||
# "stdout_lines": [
|
||||
# " array_to_json ",
|
||||
# "----------------------------------------------------------------------------------------------------------------------------",
|
||||
# " [{\"room_id\":\"!some-id\",\"count\":2461329},{\"room_id\":\"!another-id\",\"count\":512017}]",
|
||||
# "(1 row)"
|
||||
# ]
|
||||
#
|
||||
# Row 3 (out of 4) contains the actual result.
|
||||
#
|
||||
# Row 3 contains a space when there's no result.
|
||||
|
||||
- block:
|
||||
- debug: var="matrix_synapse_rust_synapse_compress_state_find_rooms_command_result"
|
||||
|
||||
- name: Fail if room find result is not what we expect
|
||||
fail:
|
||||
msg: >-
|
||||
Expecting 4 lines in the "find rooms" result.
|
||||
when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.failed or matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.stdout_lines|length != 4"
|
||||
|
||||
- block:
|
||||
# matrix_synapse_rust_synapse_compress_state_eligible_rooms is a list
|
||||
# of dictionaries like this: {'room_id': '!some-id', 'count': 2461329}
|
||||
- set_fact:
|
||||
matrix_synapse_rust_synapse_compress_state_eligible_rooms: "{{ matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.stdout_lines[2] | from_json }}"
|
||||
|
||||
- name: Display rooms that will be compressed
|
||||
debug:
|
||||
msg: >-
|
||||
The following rooms contain more than {{ matrix_synapse_rust_synapse_compress_state_min_state_groups_required }} state group rows
|
||||
(configurable via `matrix_synapse_rust_synapse_compress_state_min_state_groups_required`)
|
||||
and will be compressed:
|
||||
{{ matrix_synapse_rust_synapse_compress_state_eligible_rooms }}
|
||||
|
||||
- name: Compress room state
|
||||
include_tasks: "{{ role_path }}/tasks/rust-synapse-compress-state/compress_room.yml"
|
||||
with_items: "{{ matrix_synapse_rust_synapse_compress_state_eligible_rooms }}"
|
||||
loop_control:
|
||||
loop_var: room_details
|
||||
when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.stdout_lines[2] != ' '"
|
||||
|
||||
- name: Show notice about lack of rooms to compress
|
||||
debug:
|
||||
msg: >-
|
||||
No rooms were found to contain more than {{ matrix_synapse_rust_synapse_compress_state_min_state_groups_required }} state group rows
|
||||
(configurable via `matrix_synapse_rust_synapse_compress_state_min_state_groups_required`),
|
||||
so there's nothing to compress.
|
||||
when: "matrix_synapse_rust_synapse_compress_state_find_rooms_command_result.stdout_lines[2] == ' '"
|
Loading…
Reference in new issue