diff --git a/roles/synapse/defaults/main.yml b/roles/synapse/defaults/main.yml index e9362bf..678914a 100644 --- a/roles/synapse/defaults/main.yml +++ b/roles/synapse/defaults/main.yml @@ -1,15 +1,13 @@ --- -depends: - synapse_psql_host: localhost synapse_psql_user: "{{ psql_dbs['matrix-synapse']['user'] }}" synapse_psql_pw: "{{ psql_dbs['matrix-synapse']['password'] }}" synapse_psql_db: "{{ synapse_psql_user }}" matrix_max_upload_size_mb: 100 -synapse_metrics: no -synapse_presence: yes +synapse_metrics: false +synapse_presence: true synchrotron_workers: balancer: generic_sync diff --git a/roles/synapse/handlers/main.yml b/roles/synapse/handlers/main.yml index 4f2c5bf..d11587f 100644 --- a/roles/synapse/handlers/main.yml +++ b/roles/synapse/handlers/main.yml @@ -1,23 +1,23 @@ --- -- name: config synapse service - systemd: - daemon_reload: yes +- name: Config synapse service + ansible.builtin.systemd: + daemon_reload: true name: matrix-synapse.service - enabled: yes - notify: config matrix target + enabled: true + notify: Config matrix target -- name: config matrix target - systemd: - daemon_reload: yes +- name: Config matrix target + ansible.builtin.systemd: + daemon_reload: true name: matrix.target - enabled: yes + enabled: true state: restarted -- name: config worker services - systemd: - daemon_reload: yes +- name: Config worker services + ansible.builtin.systemd: + daemon_reload: true name: "matrix-synapse-worker@{{ item }}.service" - enabled: yes + enabled: true loop: "{{ synapse_worker_services }}" - notify: config matrix target + notify: Config matrix target diff --git a/roles/synapse/tasks/config.yml b/roles/synapse/tasks/config.yml index 00e6c2e..e357115 100644 --- a/roles/synapse/tasks/config.yml +++ b/roles/synapse/tasks/config.yml @@ -1,55 +1,53 @@ --- - - -- name: Put synapse configs in place - template: - src: "conf.d/{{ item }}.yaml.j2" - dest: "/etc/matrix-synapse/conf.d/{{ item }}.yaml" - mode: '644' +- name: Ensure synapse configs are in place + ansible.builtin.template: + src: conf.d/{{ item }}.yaml.j2 + dest: /etc/matrix-synapse/conf.d/{{ item }}.yaml + mode: "644" loop: - database - general - listeners - server_name - url_preview - notify: config matrix target + notify: Config matrix target -- name: autojoin config - template: - src: 'conf.d/autojoin.yaml.j2' - dest: '/etc/matrix-synapse/conf.d/autojoin.yaml' - mode: '644' +- name: Ensure autojoin config is in place + ansible.builtin.template: + src: conf.d/autojoin.yaml.j2 + dest: /etc/matrix-synapse/conf.d/autojoin.yaml + mode: "644" when: matrix_auto_join_rooms is defined - notify: config matrix target + notify: Config matrix target -- name: password provider config - template: - src: 'conf.d/password_providers.yaml.j2' - dest: '/etc/matrix-synapse/conf.d/password_providers.yaml' - mode: '644' - when: synapse_ldap_servers is defined - notify: config matrix target +- name: Ensure password provider config is in place + ansible.builtin.template: + src: conf.d/password_providers.yaml.j2 + dest: /etc/matrix-synapse/conf.d/password_providers.yaml + mode: "644" + when: synapse_ldap_servers is defined + notify: Config matrix target -- name: modules config - template: - src: 'conf.d/modules.yaml.j2' - dest: '/etc/matrix-synapse/conf.d/modules.yaml' - mode: '644' +- name: Ensure modules config is in place + ansible.builtin.template: + src: conf.d/modules.yaml.j2 + dest: /etc/matrix-synapse/conf.d/modules.yaml + mode: "644" when: synapse_shared_secret_auth is defined - notify: config matrix target + notify: Config matrix target -- name: sso config - template: - src: 'conf.d/sso.yaml.j2' - dest: '/etc/matrix-synapse/conf.d/sso.yaml' - mode: '644' +- name: Ensure sso config is in place + ansible.builtin.template: + src: conf.d/sso.yaml.j2 + dest: /etc/matrix-synapse/conf.d/sso.yaml + mode: "644" when: matrix_openidc_providers is defined - notify: config matrix target + notify: Config matrix target -- name: turn config - template: - src: 'conf.d/turn.yaml.j2' - dest: '/etc/matrix-synapse/conf.d/turn.yaml' - mode: '644' +- name: Ensure turn config is in place + ansible.builtin.template: + src: conf.d/turn.yaml.j2 + dest: /etc/matrix-synapse/conf.d/turn.yaml + mode: "644" when: turn_domain is defined - notify: config matrix target + notify: Config matrix target diff --git a/roles/synapse/tasks/install_debian.yml b/roles/synapse/tasks/install_debian.yml index 6f92354..bc0601e 100644 --- a/roles/synapse/tasks/install_debian.yml +++ b/roles/synapse/tasks/install_debian.yml @@ -1,7 +1,6 @@ --- - -- name: Install dependencies - apt: +- name: Ensure synapse dependencies are installed + ansible.builtin.apt: name: - lsb-release - wget @@ -9,22 +8,26 @@ - python3-pysaml2 - python3-psycopg2 - acl + state: present -- name: Add matrix.org repo signing key - apt_key: - url: 'https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg' - id: 'AAF9AE843A7584B5A3E4CD2BCF45A512DE2DA058' +- name: Ensure matrix.org repo signing key is trusted + ansible.builtin.apt_key: + url: https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg + id: AAF9AE843A7584B5A3E4CD2BCF45A512DE2DA058 + state: present -- name: Add matrix.org repo - apt_repository: - repo: "deb https://packages.matrix.org/debian/ {{ ansible_distribution_release }} main" +- name: Ensure matrix.org repo is enabled + ansible.builtin.apt_repository: + repo: deb https://packages.matrix.org/debian/ {{ ansible_distribution_release }} main + state: present -- name: Install synapse - apt: +- name: Ensure synapse is installed + ansible.builtin.apt: name: matrix-synapse-py3 state: latest -- name: Install redis - apt: +- name: Ensure redis in installed for workers + ansible.builtin.apt: name: redis-server + state: present when: synapse_workers is defined diff --git a/roles/synapse/tasks/main.yml b/roles/synapse/tasks/main.yml index f3e62fb..7301c02 100644 --- a/roles/synapse/tasks/main.yml +++ b/roles/synapse/tasks/main.yml @@ -1,38 +1,39 @@ --- - name: Fail if not debian - fail: + ansible.builtin.fail: when: ansible_os_family != "Debian" -- name: Install synapse on debian - include_tasks: install_debian.yml - when: ansible_os_family=="Debian" +- name: Include debian synapse installation tasks + ansible.builtin.include_tasks: install_debian.yml + when: ansible_os_family == "Debian" -- name: Synapse configuration - import_tasks: config.yml +- name: Include synapse configuration tasks + ansible.builtin.import_tasks: config.yml -- name: Install matrix-synapse-shared-secret-auth - pip: - name: 'git+https://github.com/devture/matrix-synapse-shared-secret-auth' +- name: Ensure matrix-synapse-shared-secret-auth is the latest version + ansible.builtin.pip: + name: git+https://github.com/devture/matrix-synapse-shared-secret-auth state: latest virtualenv: /opt/venvs/matrix-synapse - notify: config synapse service + notify: Config synapse service when: synapse_shared_secret_auth is defined -- name: Put systemd units in place - template: - src: "systemd/{{ item }}.j2" - dest: "/etc/systemd/system/{{ item }}" - mode: '644' +- name: Ensure synapse systemd units in place + ansible.builtin.template: + src: systemd/{{ item }}.j2 + dest: /etc/systemd/system/{{ item }} + mode: 0644 loop: - matrix-synapse.service - matrix.target - notify: - - config synapse service - - config matrix target + notify: + - Config synapse service + - Config matrix target -- name: Synapse workers - include_tasks: workers.yml +- name: Include synapse worker tasks + ansible.builtin.include_tasks: workers.yml when: synapse_workers is defined -- meta: flush_handlers +- name: Run handlers for synapse now + ansible.builtin.meta: flush_handlers diff --git a/roles/synapse/tasks/matrix-synchrotron.yml b/roles/synapse/tasks/matrix-synchrotron.yml index c668dbd..f388daf 100644 --- a/roles/synapse/tasks/matrix-synchrotron.yml +++ b/roles/synapse/tasks/matrix-synchrotron.yml @@ -1,19 +1,23 @@ --- -- name: Create matrix-synchrotron-{{ item }} workdir - file: +- name: Ensure workdir exists for matrix-synchrotron-{{ item }} + ansible.builtin.file: path: /opt/matrix-synchrotron/{{ item }} state: directory mode: 0755 -- name: Put matrix-synchrotron-{{ item }} config in place - template: - src: "matrix-synchrotron-config.yaml.j2" - dest: "/opt/matrix-synchrotron/{{ item }}/config.yaml.ansibled" - notify: config synapse service + +- name: Ensure config in place for matrix-synchrotron-{{ item }} + ansible.builtin.template: + src: matrix-synchrotron-config.yaml.j2 + dest: /opt/matrix-synchrotron/{{ item }}/config.yaml.ansibled + mode: 0644 + notify: Config synapse service register: config -- name: Put matrix-synchrotron-{{ item }} config in final destination - copy: - src: "/opt/matrix-synchrotron/{{ item }}/config.yaml.ansibled" - dest: "/opt/matrix-synchrotron/{{ item }}/config.yaml" - remote_src: yes + +- name: Copy config to final destination for matrix-synchrotron-{{ item }} + ansible.builtin.copy: + src: /opt/matrix-synchrotron/{{ item }}/config.yaml.ansibled + dest: /opt/matrix-synchrotron/{{ item }}/config.yaml + remote_src: true + mode: 0644 when: config.changed diff --git a/roles/synapse/tasks/matrix-synchrotrons.yml b/roles/synapse/tasks/matrix-synchrotrons.yml index d2c13ac..2a69bd3 100644 --- a/roles/synapse/tasks/matrix-synchrotrons.yml +++ b/roles/synapse/tasks/matrix-synchrotrons.yml @@ -1,65 +1,53 @@ --- -- block: - - name: Add backports - apt_repository: - repo: "deb http://deb.debian.org/debian/ buster-backports main" - filename: backports - mode: '644' - - name: Install go from backports - apt: - name: golang - default_release: buster-backports - when: ansible_distribution_release == 'buster' - - name: Install git and golang - apt: + ansible.builtin.apt: name: - git - golang - name: Create matrix-synchrotron user - user: + ansible.builtin.user: name: matrix-synchrotron - system: yes + system: true home: /opt/matrix-synchrotron shell: /bin/false -- block: - - name: Clone matrix-synchrotron git repo - git: - repo: 'https://github.com/Sorunome/matrix-synchrotron-balancer.git' - dest: /opt/matrix-synchrotron/src - force: yes - register: install - - - name: Build matrix-synchrotron - command: go build - args: - chdir: /opt/matrix-synchrotron/src - when: install.changed - notify: config synapse service - - - name: Configure matrix-synchrotron(s) - include_tasks: matrix-synchrotron.yml - loop: "{{ synapse_synchrotrons }}" - loop_control: - extended: yes - +- name: Install matrix-synchrotron become_user: matrix-synchrotron + block: + - name: Clone matrix-synchrotron git repo + ansible.builtin.git: + repo: https://github.com/Sorunome/matrix-synchrotron-balancer.git + dest: /opt/matrix-synchrotron/src + force: true + register: install + + - name: Build matrix-synchrotron + ansible.builtin.command: go build + args: + chdir: /opt/matrix-synchrotron/src + when: install.changed + notify: Config synapse service + + - name: Configure matrix-synchrotron(s) + ansible.builtin.include_tasks: matrix-synchrotron.yml + loop: "{{ synapse_synchrotrons }}" + loop_control: + extended: true - name: Put systemd matrix-synchrotron unit in place - template: - src: 'systemd/matrix-synchrotron@.service.j2' - dest: "/etc/systemd/system/matrix-synchrotron@.service" - mode: '644' + ansible.builtin.template: + src: systemd/matrix-synchrotron@.service.j2 + dest: /etc/systemd/system/matrix-synchrotron@.service + mode: "644" register: systemd_unit -- name: Enable systemd matrix-synchrotron-{{ item }} unit - systemd: - daemon_reload: yes - name: "matrix-synchrotron@{{ item }}.service" - enabled: yes +- name: Enable systemd unit matrix-synchrotron-{{ item }} + ansible.builtin.systemd: + daemon_reload: true + name: matrix-synchrotron@{{ item }}.service + enabled: true state: restarted when: systemd_unit.changed loop: "{{ synapse_synchrotrons }}" diff --git a/roles/synapse/tasks/worker_instance.yml b/roles/synapse/tasks/worker_instance.yml index c5e7b40..5ac3ad5 100644 --- a/roles/synapse/tasks/worker_instance.yml +++ b/roles/synapse/tasks/worker_instance.yml @@ -1,23 +1,23 @@ --- -- name: Set worker var - set_fact: - worker: "{{ worker_type }}-{{ worker_index|default('0') }}" +- name: Set worker variable + ansible.builtin.set_fact: + worker: "{{ worker_type }}-{{ worker_index | default('0') }}" -- name: Put {{ worker }} config in place - template: - src: "worker.yaml.j2" - dest: "/etc/matrix-synapse/workers/{{ worker }}.yaml" - mode: '644' - notify: config worker services +- name: Ensure config in place for {{ worker }} + ansible.builtin.template: + src: worker.yaml.j2 + dest: /etc/matrix-synapse/workers/{{ worker }}.yaml + mode: 0644 + notify: Config worker services -- name: Put {{ worker }} logging config in place - template: - src: "log.yaml.j2" - dest: "/etc/matrix-synapse/worker-logs/{{ worker }}-log.yaml" - mode: '644' - notify: config worker services +- name: Ensure logging config in place for {{ worker }} + ansible.builtin.template: + src: log.yaml.j2 + dest: /etc/matrix-synapse/worker-logs/{{ worker }}-log.yaml + mode: 0644 + notify: Config worker services -- name: Add {{ worker }} to synapse_worker_services - set_fact: - synapse_worker_services: "{{ synapse_worker_services + [ worker ] }}" +- name: Add worker to synapse_worker_services variable + ansible.builtin.set_fact: + synapse_worker_services: "{{ synapse_worker_services + [worker] }}" diff --git a/roles/synapse/tasks/worker_type.yml b/roles/synapse/tasks/worker_type.yml index 8329599..1e62214 100644 --- a/roles/synapse/tasks/worker_type.yml +++ b/roles/synapse/tasks/worker_type.yml @@ -1,41 +1,40 @@ --- -- name: Set worker type to {{ synapse_worker.key }} - set_fact: +- name: Set worker type variable + ansible.builtin.set_fact: worker_type: "{{ synapse_worker.key }}" - name: Include default variables - include_vars: defaults.yml + ansible.builtin.include_vars: defaults.yml -- name: Include {{ worker_type }} variables - include_vars: "{{ item }}" +- name: Include variables for {{ worker_type }} + ansible.builtin.include_vars: "{{ item }}" with_first_found: - - files: + - files: - "{{ worker_type }}.yml" - skip: yes + skip: true -- name: Reset worker_ports - set_fact: +- name: Reset worker_ports variable + ansible.builtin.set_fact: worker_ports: [] - -- name: Set worker_ports - set_fact: +- name: Set worker_ports variable + ansible.builtin.set_fact: worker_ports: "{{ synapse_worker.value }}" when: synapse_worker.value is iterable -- name: "Setup {{ worker_type }}(s) if they have listeners" - include_tasks: worker_instance.yml +- name: Include worker instance tasks for {{ worker_type }} + ansible.builtin.include_tasks: worker_instance.yml loop: "{{ worker_ports }}" loop_control: loop_var: worker_port index_var: worker_index when: worker_ports|length != 0 -- name: "Setup {{ worker_type }}(s) if they don't have listeners" - include_tasks: worker_instance.yml +- name: Include worker instance tasks for {{ worker_type }} + ansible.builtin.include_tasks: worker_instance.yml when: worker_ports|length == 0 -- name: Append synchrotron var - set_fact: - synapse_synchrotrons: "{{ synapse_synchrotrons + [ synchrotron_type ] }}" +- name: Append synchrotron variable + ansible.builtin.set_fact: + synapse_synchrotrons: "{{ synapse_synchrotrons + [synchrotron_type] }}" when: synchrotron_type is defined and synchrotron_type not in synapse_synchrotrons diff --git a/roles/synapse/tasks/workers.yml b/roles/synapse/tasks/workers.yml index fcf4bf0..278032d 100644 --- a/roles/synapse/tasks/workers.yml +++ b/roles/synapse/tasks/workers.yml @@ -1,49 +1,52 @@ --- -- name: synapse-wide worker config - template: - src: 'conf.d/workers.yaml.j2' - dest: '/etc/matrix-synapse/conf.d/workers.yaml' +- name: Ensure synapse-wide worker config in place + ansible.builtin.template: + src: conf.d/workers.yaml.j2 + dest: /etc/matrix-synapse/conf.d/workers.yaml + mode: 0644 -- name: Put worker systemd unit in place - template: - src: "systemd/matrix-synapse-worker@.service.j2" - dest: '/etc/systemd/system/matrix-synapse-worker@.service' - mode: '644' - notify: config worker services +- name: Ensure worker systemd unit in place + ansible.builtin.template: + src: systemd/matrix-synapse-worker@.service.j2 + dest: /etc/systemd/system/matrix-synapse-worker@.service + mode: 0644 + notify: Config worker services -- name: Create workers config directories - file: +- name: Ensure worker config directories exist + ansible.builtin.file: path: /etc/matrix-synapse/{{ item }} state: directory + mode: 0755 loop: - workers - worker-logs - name: Initialize synapse worker vars - set_fact: + ansible.builtin.set_fact: synapse_worker_services: [] synapse_synchrotrons: [] -- name: 'Create worker pidfile dir in /run' - file: +- name: Ensure worker pidfile dir in /run exists + ansible.builtin.file: path: /run/matrix-synapse/ state: directory owner: matrix-synapse group: nogroup + mode: 0755 -- name: Create tmpfiles config for pidfile dir in run - template: - src: 'tmpfiles-matrix-synapse.conf.j2' - dest: '/etc/tmpfiles.d/matrix-synapse.conf' - mode: '644' +- name: Ensure tmpfiles config for pidfile dir in place + ansible.builtin.template: + src: tmpfiles-matrix-synapse.conf.j2 + dest: /etc/tmpfiles.d/matrix-synapse.conf + mode: 0644 - name: Configure workers - include_tasks: worker_type.yml + ansible.builtin.include_tasks: worker_type.yml loop: "{{ synapse_workers | dict2items }}" loop_control: loop_var: synapse_worker - name: Configure synchrotron balancer - include_tasks: matrix-synchrotrons.yml + ansible.builtin.include_tasks: matrix-synchrotrons.yml when: synapse_synchrotrons | length != 0