Synapse role

2023-04-11 21:46:36 +03:00
commit ced8c2314c
50 changed files with 948 additions and 0 deletions
--- a/roles/synapse/tasks/config.yml
+++ b/roles/synapse/tasks/config.yml
@@ -0,0 +1,55 @@
+---
+
+
+- name: Put synapse configs in place
+  template:
+    src: "conf.d/{{ item }}.yaml.j2"
+    dest: "/etc/matrix-synapse/conf.d/{{ item }}.yaml"
+    mode: '644'
+  loop:
+    - database
+    - general
+    - listeners
+    - server_name
+    - url_preview
+  notify: config matrix target
+
+- name: autojoin config
+  template:
+    src: 'conf.d/autojoin.yaml.j2'
+    dest: '/etc/matrix-synapse/conf.d/autojoin.yaml'
+    mode: '644'
+  when: matrix_auto_join_rooms is defined
+  notify: config matrix target
+
+- name: password provider config
+  template:
+    src: 'conf.d/password_providers.yaml.j2'
+    dest: '/etc/matrix-synapse/conf.d/password_providers.yaml'
+    mode: '644'
+  when: synapse_ldap_servers is defined 
+  notify: config matrix target
+
+- name: modules config
+  template:
+    src: 'conf.d/modules.yaml.j2'
+    dest: '/etc/matrix-synapse/conf.d/modules.yaml'
+    mode: '644'
+  when: synapse_shared_secret_auth is defined
+  notify: config matrix target
+
+- name: sso config
+  template:
+    src: 'conf.d/sso.yaml.j2'
+    dest: '/etc/matrix-synapse/conf.d/sso.yaml'
+    mode: '644'
+  when: matrix_openidc_providers is defined
+  notify: config matrix target
+
+- name: turn config
+  template:
+    src: 'conf.d/turn.yaml.j2'
+    dest: '/etc/matrix-synapse/conf.d/turn.yaml'
+    mode: '644'
+  when: turn_domain is defined
+  notify: config matrix target
--- a/roles/synapse/tasks/install_debian.yml
+++ b/roles/synapse/tasks/install_debian.yml
@@ -0,0 +1,30 @@
+---
+
+- name: Install dependencies
+  apt:
+    name:
+      - lsb-release
+      - wget
+      - apt-transport-https
+      - python3-pysaml2
+      - python3-psycopg2
+      - acl
+
+- name: Add matrix.org repo signing key
+  apt_key:
+    url: 'https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg'
+    id: 'AAF9AE843A7584B5A3E4CD2BCF45A512DE2DA058'
+
+- name: Add matrix.org repo
+  apt_repository:
+    repo: "deb https://packages.matrix.org/debian/ {{ ansible_distribution_release }} main"
+
+- name: Install synapse
+  apt:
+    name: matrix-synapse-py3
+    state: latest
+
+- name: Install redis
+  apt:
+    name: redis-server
+  when: synapse_workers is defined
--- a/roles/synapse/tasks/main.yml
+++ b/roles/synapse/tasks/main.yml
@@ -0,0 +1,38 @@
+---
+
+- name: Fail if not debian
+  fail:
+  when: ansible_os_family != "Debian"
+
+- name: Install synapse on debian
+  include_tasks: install_debian.yml
+  when: ansible_os_family=="Debian"
+
+- name: Synapse configuration
+  import_tasks: config.yml
+
+- name: Install matrix-synapse-shared-secret-auth
+  pip:
+    name: 'git+https://github.com/devture/matrix-synapse-shared-secret-auth'
+    state: latest
+    virtualenv: /opt/venvs/matrix-synapse
+  notify: config synapse service
+  when: synapse_shared_secret_auth is defined
+
+- name: Put systemd units in place
+  template:
+    src: "systemd/{{ item }}.j2"
+    dest: "/etc/systemd/system/{{ item }}"
+    mode: '644'
+  loop:
+    - matrix-synapse.service
+    - matrix.target
+  notify: 
+    - config synapse service
+    - config matrix target
+
+- name: Synapse workers
+  include_tasks: workers.yml
+  when: synapse_workers is defined
+
+- meta: flush_handlers
--- a/roles/synapse/tasks/matrix-synchrotron.yml
+++ b/roles/synapse/tasks/matrix-synchrotron.yml
@@ -0,0 +1,19 @@
+---
+
+- name: Create matrix-synchrotron-{{ item }} workdir
+  file: 
+    path: /opt/matrix-synchrotron/{{ item }}
+    state: directory
+    mode: 0755
+- name: Put matrix-synchrotron-{{ item }} config in place
+  template:
+    src: "matrix-synchrotron-config.yaml.j2"
+    dest: "/opt/matrix-synchrotron/{{ item }}/config.yaml.ansibled"
+  notify: config synapse service
+  register: config
+- name: Put matrix-synchrotron-{{ item }} config in final destination
+  copy:
+    src: "/opt/matrix-synchrotron/{{ item }}/config.yaml.ansibled"
+    dest: "/opt/matrix-synchrotron/{{ item }}/config.yaml"
+    remote_src: yes
+  when: config.changed
--- a/roles/synapse/tasks/matrix-synchrotrons.yml
+++ b/roles/synapse/tasks/matrix-synchrotrons.yml
@@ -0,0 +1,65 @@
+---
+
+- block:
+  - name: Add backports
+    apt_repository:
+      repo: "deb http://deb.debian.org/debian/ buster-backports main"
+      filename: backports
+      mode: '644'
+  - name: Install go from backports
+    apt:
+      name: golang
+      default_release: buster-backports
+  when: ansible_distribution_release == 'buster'
+
+- name: Install git and golang
+  apt:
+    name:
+      - git
+      - golang
+
+- name: Create matrix-synchrotron user
+  user:
+    name: matrix-synchrotron
+    system: yes
+    home: /opt/matrix-synchrotron
+    shell: /bin/false
+
+- block:
+  - name: Clone matrix-synchrotron git repo
+    git:
+      repo: 'https://github.com/Sorunome/matrix-synchrotron-balancer.git'
+      dest: /opt/matrix-synchrotron/src
+      force: yes
+    register: install
+
+  - name: Build matrix-synchrotron
+    command: go build
+    args:
+      chdir: /opt/matrix-synchrotron/src
+    when: install.changed
+    notify: config synapse service
+
+  - name: Configure matrix-synchrotron(s)
+    include_tasks: matrix-synchrotron.yml
+    loop: "{{ synapse_synchrotrons }}"
+    loop_control:
+      extended: yes
+
+  become_user: matrix-synchrotron
+
+- name: Put systemd matrix-synchrotron unit in place
+  template:
+    src: 'systemd/matrix-synchrotron@.service.j2'
+    dest: "/etc/systemd/system/matrix-synchrotron@.service"
+    mode: '644'
+  register: systemd_unit
+
+- name: Enable systemd matrix-synchrotron-{{ item }} unit
+  systemd:
+    daemon_reload: yes
+    name: "matrix-synchrotron@{{ item }}.service"
+    enabled: yes
+    state: restarted
+  when: systemd_unit.changed
+  loop: "{{ synapse_synchrotrons }}"
--- a/roles/synapse/tasks/worker_instance.yml
+++ b/roles/synapse/tasks/worker_instance.yml
@@ -0,0 +1,23 @@
+---
+
+- name: Set worker var
+  set_fact:
+    worker: "{{ worker_type }}-{{ worker_index|default('0') }}"
+
+- name: Put {{ worker }} config in place
+  template:
+    src: "worker.yaml.j2"
+    dest: "/etc/matrix-synapse/workers/{{ worker }}.yaml"
+    mode: '644'
+  notify: config worker services
+
+- name: Put {{ worker }} logging config in place
+  template:
+    src: "log.yaml.j2"
+    dest: "/etc/matrix-synapse/worker-logs/{{ worker }}-log.yaml"
+    mode: '644'
+  notify: config worker services
+
+- name: Add {{ worker }} to synapse_worker_services
+  set_fact:
+    synapse_worker_services: "{{ synapse_worker_services + [ worker ] }}"
--- a/roles/synapse/tasks/worker_type.yml
+++ b/roles/synapse/tasks/worker_type.yml
@@ -0,0 +1,41 @@
+---
+
+- name: Set worker type to {{ synapse_worker.key }}
+  set_fact:
+    worker_type: "{{ synapse_worker.key }}"
+
+- name: Include default variables
+  include_vars: defaults.yml
+
+- name: Include {{ worker_type }} variables
+  include_vars: "{{ item }}"
+  with_first_found:
+    - files: 
+        - "{{ worker_type }}.yml"
+      skip: yes
+
+- name: Reset worker_ports
+  set_fact:
+    worker_ports: []
+
+- name: Set worker_ports
+  set_fact:
+    worker_ports: "{{ synapse_worker.value }}"
+  when: synapse_worker.value is iterable
+
+- name: "Setup {{ worker_type }}(s) if they have listeners"
+  include_tasks: worker_instance.yml
+  loop: "{{ worker_ports }}"
+  loop_control:
+    loop_var: worker_port
+    index_var: worker_index
+  when: worker_ports|length != 0
+
+- name: "Setup {{ worker_type }}(s) if they don't have listeners"
+  include_tasks: worker_instance.yml
+  when: worker_ports|length == 0
+
+- name: Append synchrotron var
+  set_fact:
+    synapse_synchrotrons: "{{ synapse_synchrotrons + [ synchrotron_type ] }}"
+  when: synchrotron_type is defined and synchrotron_type not in synapse_synchrotrons
--- a/roles/synapse/tasks/workers.yml
+++ b/roles/synapse/tasks/workers.yml
@@ -0,0 +1,49 @@
+---
+
+- name: synapse-wide worker config
+  template:
+    src: 'conf.d/workers.yaml.j2'
+    dest: '/etc/matrix-synapse/conf.d/workers.yaml'
+
+- name: Put worker systemd unit in place
+  template:
+    src: "systemd/matrix-synapse-worker@.service.j2"
+    dest: '/etc/systemd/system/matrix-synapse-worker@.service'
+    mode: '644'
+  notify: config worker services
+
+- name: Create workers config directories
+  file:
+    path: /etc/matrix-synapse/{{ item }}
+    state: directory
+  loop:
+    - workers
+    - worker-logs
+
+- name: Initialize synapse worker vars
+  set_fact:
+    synapse_worker_services: []
+    synapse_synchrotrons: []
+
+- name: 'Create worker pidfile dir in /run'
+  file:
+    path: /run/matrix-synapse/
+    state: directory
+    owner: matrix-synapse
+    group: nogroup
+
+- name: Create tmpfiles config for pidfile dir in run
+  template:
+    src: 'tmpfiles-matrix-synapse.conf.j2'
+    dest: '/etc/tmpfiles.d/matrix-synapse.conf'
+    mode: '644'
+
+- name: Configure workers
+  include_tasks: worker_type.yml
+  loop: "{{ synapse_workers | dict2items }}"
+  loop_control:
+    loop_var: synapse_worker
+
+- name: Configure synchrotron balancer
+  include_tasks: matrix-synchrotrons.yml
+  when: synapse_synchrotrons | length != 0