uumas/ansible-matrix
1
0
Fork 0
Code Issues 7 Pull Requests Projects Releases Wiki Activity

add playbook and nginx vars

Browse Source
This commit is contained in:
uumas
2023-04-19 01:45:38 +03:00
parent d05e42fe18
commit a874eaeaf0
2 changed files with 267 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
playbooks/matrix.yml Normal file
View File

@@ -0,0 +1,12 @@
---
- name: Synapse
hosts: matrix_synapse
become: true
vars_files:
- vars/nginx.yml
roles:
- synapse
- extras
- nginx

255
playbooks/vars/nginx.yml Normal file
View File

@@ -0,0 +1,255 @@
---
nginx_upstreams:
synapse_main:
servers:
- 8008
locations:
- name: '/_matrix'
- name: '/_synapse/client'
- name: "{{ '/_matrix/media/' if matrix_media_repo_server is not defined and 'media_repository' not in synapse_workers | default('') else '' }}"
additional_options:
- "client_max_body_size {{ matrix_max_upload_size_mb }}M"
matrix_media_repo:
servers:
- "{{ matrix_media_repo_server + ':9000' if matrix_media_repo_server is defined else '' }}"
locations:
- name: '/_matrix/media'
proxy_headers:
Host: "{{ matrix_domain }}"
additional_options:
- "client_max_body_size {{ matrix_max_upload_size_mb }}M"
synchrotron_balancer:
servers: "{{ ['8183'] if synapse_workers.generic_sync is defined else '' }}"
locations:
- name: '~ ^/_matrix/client/(api/v1|r0|v3)/events$'
- name: "{{ '^/_matrix/client/(v2_alpha|r0|v3)/sync$' if 'generic_init_sync' not in synapse_workers | default('') else '' }}"
synchrotron_init:
servers: "{{ ['8184'] if synapse_workers.generic_init_sync is defined else '' }}"
locations:
- name: '~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$'
- name: '~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$'
synapse_generic_client:
servers: "{{ synapse_workers.generic_client | default('') }}"
locations:
- name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$'
- name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$'
- name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$'
- name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$'
- name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$'
- name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$'
- name: '~ ^/_matrix/client/v1/rooms/.*/hierarchy$'
- name: '~ ^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$'
- name: '~ ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$'
- name: '~ ^/_matrix/client/(r0|v3|unstable)/account/3pid$'
- name: '~ ^/_matrix/client/(r0|v3|unstable)/account/whoami$'
- name: '~ ^/_matrix/client/(r0|v3|unstable)/devices$'
- name: '~ ^/_matrix/client/versions$'
- name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$'
- name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/'
- name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$'
- name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/search$'
- name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/query$'
additional_options:
- 'proxy_read_timeout 1h'
- name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/changes$'
- name: '~ ^/_matrix/client/(r0|v3|unstable)/keys/claim$'
- name: '~ ^/_matrix/client/(r0|v3|unstable)/room_keys/'
synapse_generic_login:
servers: "{{ synapse_workers.generic_login | default('') }}"
locations:
- name: '~ ^/_matrix/client/(api/v1|r0|unstable|v3)/login$'
- name: '~ ^/_matrix/client/(r0|unstable|v3)/register$'
- name: '~ ^/_matrix/client/v1/register/m.login.registration_token/validity$'
# SSO
- name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/login/sso/redirect'
- name: '~ ^/_synapse/client/pick_idp$'
- name: '~ ^/_synapse/client/pick_username'
- name: '~ ^/_synapse/client/new_user_consent$'
- name: '~ ^/_synapse/client/sso_register$'
# OIDC
- name: '~ ^/_synapse/client/oidc/callback$'
# SAML
- name: '~ ^/_synapse/client/saml2/authn_response$'
# CAS
- name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/login/cas/ticket$'
synapse_generic_federation:
servers: "{{ synapse_workers.generic_federation | default('') }}"
locations:
- name: '~ ^/_matrix/federation/v1/event/'
- name: '~ ^/_matrix/federation/v1/state/'
- name: '~ ^/_matrix/federation/v1/state_ids/'
additional_options:
- 'proxy_read_timeout 1h'
- name: '~ ^/_matrix/federation/v1/backfill/'
- name: '~ ^/_matrix/federation/v1/get_missing_events/'
- name: '~ ^/_matrix/federation/v1/publicRooms'
- name: '~ ^/_matrix/federation/v1/query/'
- name: '~ ^/_matrix/federation/v1/make_join/'
- name: '~ ^/_matrix/federation/v1/make_leave/'
- name: '~ ^/_matrix/federation/(v1|v2)/send_join/'
- name: '~ ^/_matrix/federation/(v1|v2)/send_leave/'
- name: '~ ^/_matrix/federation/(v1|v2)/invite/'
- name: '~ ^/_matrix/federation/v1/event_auth/'
- name: '~ ^/_matrix/federation/v1/exchange_third_party_invite/'
- name: '~ ^/_matrix/federation/v1/user/devices/'
- name: '~ ^/_matrix/key/v2/query'
- name: '~ ^/_matrix/federation/v1/hierarchy/'
synapse_generic_federation_send:
servers: "{{ synapse_workers.generic_federation_send | default('') }}"
method: 'ip_hash'
locations:
- name: '~ ^/_matrix/federation/v1/send/'
additional_options:
- 'proxy_read_timeout 1h'
synapse_generic_event_send:
servers: "{{ synapse_workers.generic_event_send | default('') }}"
method: 'hash $request_uri'
locations:
- name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact'
- name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send'
- name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/'
- name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$'
- name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/join/'
additional_options:
- 'proxy_read_timeout 1h'
- name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/'
synapse_generic_pagination:
servers: "{{ synapse_workers.generic_pagination | default('') }}"
method: 'hash $request_uri'
locations:
- name: '~/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/messages$'
synapse_user_dir:
servers: "{{ synapse_workers.user_dir | default('') }}"
locations:
- name: '~ ^/_matrix/client/(r0|v3|unstable)/user_directory/search$'
synapse_frontend_proxy:
servers: "{{ synapse_workers.frontend_proxy | default('') }}"
locations:
- name: '~ ^/_matrix/client/(r0|v3|unstable)/keys/upload'
- name: "{{ '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/[^/]+/status' if synapse_presence is defined and not synapse_presence else '' }}"
synapse_media_repository:
servers: "{{ synapse_workers.media_repository | default('') }}"
locations:
- name: '/_matrix/media/'
additional_options:
- "client_max_body_size {{ matrix_max_upload_size_mb }}M"
- name: '~ ^/_synapse/admin/v1/purge_media_cache$'
- name: '~ ^/_synapse/admin/v1/room/.*/media.*$'
- name: '~ ^/_synapse/admin/v1/user/.*/media.*$'
- name: '~ ^/_synapse/admin/v1/media/.*$'
- name: '~ ^/_synapse/admin/v1/quarantine_media/.*$'
- name: '~ ^/_synapse/admin/v1/users/.*/media$'
synapse_typing_persister:
servers: "{{ synapse_workers.typing_persister | default('') }}"
locations:
- name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing'
synapse_device_persister:
servers: "{{ synapse_workers.device_persister | default('') }}"
locations:
- name: '~ ^/_matrix/client/(r0|v3|unstable)/sendToDevice/'
synapse_account_persister:
servers: "{{ synapse_workers.account_persister | default('') }}"
locations:
- name: '~ ^/_matrix/client/(r0|v3|unstable)/.*/tags'
- name: '~ ^/_matrix/client/(r0|v3|unstable)/.*/account_data'
synapse_receipt_persister:
servers: "{{ synapse_workers.receipt_persister | default('') }}"
locations:
- name: '~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt'
- name: '~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers'
synapse_presence_persister:
servers: "{{ synapse_workers.presence_persister | default('') }}"
locations:
- name: '^/_matrix/client/(api/v1|r0|v3|unstable)/presence/'
maubot:
servers: "{{ ['29316'] if 'maubot' in matrix_extras | default('') else '' }}"
locations:
- name: '/_matrix/maubot'
mautrix_telegram:
servers: "{{ ['29317'] if 'mautrix-telegram' in matrix_extras | default('') else '' }}"
locations:
- name: '/telegram'
mautrix_facebook:
servers: "{{ ['29319'] if 'mautrix-facebook' in matrix_extras | default('') else '' }}"
locations:
- name: '/facebook'
mautrix_googlechat:
servers: "{{ ['29320'] if 'mautrix-googlechat' in matrix_extras | default('') else '' }}"
locations:
- name: '/googlechat'
mx_puppet_slack:
servers: "{{ ['8432'] if 'mx-puppet-slack' in matrix_extras | default('') else '' }}"
locations:
- name: '/_matrix/slack'
nginx_maps:
sync:
var: "{{ 'arg_since' if synapse_workers.generic_sync is defined and synapse_workers.generic_init_sync is defined else '' }}"
rules:
default: synchrotron_balancer
"''": synchrotron_init
locations:
- name: '~ ^/_matrix/client/(r0|v3)/sync$'
additional_options:
- 'proxy_read_timeout 1h'
nginx_servers:
- listen:
- ip: 'all'
- ip: "{{ 'localhost' if matrix_extras is defined and synapse_workers is defined else '' }}"
port: 8009
return:
- location: '/'
type: 301
content: "{{ nginx_matrix_website_redirect }}"
- location: '/.well-known/matrix/server'
content_type: json
content:
m.server: "{{ matrix_server_domain }}"
- location: '/.well-known/matrix/client'
content_type: json
content:
m.homeserver:
base_url: "{{ matrix_external_url }}"
headers:
Access-Control-Allow-Origin: "'*'"
reverse_proxy:
- synapse_main
- matrix_media_repo
- synapse_media_repository
- synapse_generic_client
- synapse_generic_login
- synapse_generic_event_send
- synapse_generic_pagination
- synapse_user_dir
- synapse_frontend_proxy
- synchrotron_balancer
- synchrotron_init
- synapse_device_persister
- synapse_typing_persister
- synapse_account_persister
- synapse_receipt_persister
- synapse_presence_persister
- maubot
- mautrix_telegram
- mautrix_facebook
- mautrix_googlechat
- mx_puppet_slack
reverse_proxy_map:
- sync
- listen:
- port: 8448
reverse_proxy:
- synapse_main
- matrix_media_repo
- synapse_media_repository
- synapse_generic_federation
- synapse_generic_federation_send