synapse: add argument specs

README.md

@@ -3,7 +3,4 @@
 Roles for matrix services
 
 # To do
-- Add argument spec validation
-- Move ldap auth provider from password providers to collections
-- Make updates optional (use state: present instead of state: latest unless requested)
-- Only restart extras being changed, not all
+See [issues](https://git.uumas.fi/uumas/ansible-matrix/issues)

galaxy.yml

@@ -3,7 +3,7 @@
 namespace: uumas
 name: matrix
 description: Matrix roles
-version: 0.0.2
+version: 0.0.4
 readme: README.md
 repository: https://git.uumas.fi/uumas/ansible-matrix
 license_file: LICENSE

playbooks/vars/nginx.yml

@@ -1,5 +1,6 @@
 ---
 
+# Worker endpoints last updated on 2023-07-18
 nginx_upstreams:
   synapse_main:
     servers:
@@ -43,7 +44,8 @@ nginx_upstreams:
       - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$'
       - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$'
       - name: '~ ^/_matrix/client/v1/rooms/.*/hierarchy$'
-      - name: '~ ^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$'
+      - name: '~ ^/_matrix/client/(v1|unstable)/rooms/.*/relations/'
+      - name: '~ ^/_matrix/client/v1/rooms/.*/threads$'
       - name: '~ ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$'
       - name: '~ ^/_matrix/client/(r0|v3|unstable)/account/3pid$'
       - name: '~ ^/_matrix/client/(r0|v3|unstable)/account/whoami$'
@@ -52,7 +54,12 @@ nginx_upstreams:
       - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$'
       - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/'
       - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$'
+      - name: '~ ^/_matrix/client/v1/rooms/.*/timestamp_to_event$'
+      - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable/.*)/rooms/.*/aliases'
       - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/search$'
+      - name: '~ ^/_matrix/client/(r0|v3|unstable)/user/.*/filter(/|$)'
+      - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/directory/room/.*$'
+      - name: '~ ^/_matrix/client/(r0|v3|unstable)/capabilities$'
 
       - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/query$'
         additional_options:
@@ -60,12 +67,15 @@ nginx_upstreams:
       - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/changes$'
       - name: '~ ^/_matrix/client/(r0|v3|unstable)/keys/claim$'
       - name: '~ ^/_matrix/client/(r0|v3|unstable)/room_keys/'
+      - name: '~ ^/_matrix/client/(r0|v3|unstable)/keys/upload/'
   synapse_generic_login:
     servers: "{{ synapse_workers.generic_login | default('') }}"
     locations:
       - name: '~ ^/_matrix/client/(api/v1|r0|unstable|v3)/login$'
       - name: '~ ^/_matrix/client/(r0|unstable|v3)/register$'
+      - name: '~ ^/_matrix/client/(r0|v3|unstable)/register/available$'
       - name: '~ ^/_matrix/client/v1/register/m.login.registration_token/validity$'
+      - name: '~ ^/_matrix/client/(r0|v3|unstable)/password_policy$'
       # SSO
       - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/login/sso/redirect'
       - name: '~ ^/_synapse/client/pick_idp$'
@@ -96,6 +106,7 @@ nginx_upstreams:
       - name: '~ ^/_matrix/federation/(v1|v2)/send_leave/'
       - name: '~ ^/_matrix/federation/(v1|v2)/invite/'
       - name: '~ ^/_matrix/federation/v1/event_auth/'
+      - name: '~ ^/_matrix/federation/v1/timestamp_to_event/'
       - name: '~ ^/_matrix/federation/v1/exchange_third_party_invite/'
       - name: '~ ^/_matrix/federation/v1/user/devices/'
       - name: '~ ^/_matrix/key/v2/query'
@@ -118,6 +129,7 @@ nginx_upstreams:
       - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/join/'
         additional_options:
           - 'proxy_read_timeout 1h'
+      - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/knock/'
       - name: '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/'
   synapse_generic_pagination:
     servers: "{{ synapse_workers.generic_pagination | default('') }}"
@@ -128,11 +140,6 @@ nginx_upstreams:
     servers: "{{ synapse_workers.user_dir | default('') }}"
     locations:
       - name: '~ ^/_matrix/client/(r0|v3|unstable)/user_directory/search$'
-  synapse_frontend_proxy:
-    servers: "{{ synapse_workers.frontend_proxy | default('') }}"
-    locations:
-      - name: '~ ^/_matrix/client/(r0|v3|unstable)/keys/upload'
-      - name: "{{ '~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/[^/]+/status' if synapse_presence is defined and not synapse_presence else '' }}"
   synapse_media_repository:
     servers: "{{ synapse_workers.media_repository | default('') }}"
     locations:
@@ -245,7 +252,6 @@ nginx_servers:
       - synapse_generic_event_send
       - synapse_generic_pagination
       - synapse_user_dir
-      - synapse_frontend_proxy
       - synapse_device_persister
       - synapse_typing_persister
       - synapse_account_persister

roles/synapse/defaults/main.yml

@@ -9,10 +9,4 @@ matrix_max_upload_size_mb: 100
 synapse_metrics: false
 synapse_presence: true
 
-persister_workers:
-  - event_persister
-  - typing_persister
-  - account_persister
-  - device_persister
-  - presence_persister
-  - receipt_persister
+matrix_auto_join_rooms: []

roles/synapse/handlers/main.yml

@@ -14,6 +14,13 @@
     enabled: true
     state: restarted
 
+- name: Disable worker services
+  ansible.builtin.systemd:
+    name: "matrix-synapse-worker@{{ item }}.service"
+    state: stopped
+    enabled: false
+  loop: "{{ synapse_disable_worker_services }}"
+
 - name: Config worker services
   ansible.builtin.systemd:
     daemon_reload: true
@@ -27,4 +34,6 @@
     daemon_reload: true
     name: matrix-synchrotron@{{ item }}.service
     enabled: false
-  loop: "{{ synapse_synchrotrons }}"
+  loop:
+    - balancer
+    - init

roles/synapse/meta/argument_specs.yml

@@ -0,0 +1,53 @@
+---
+
+argument_specs:
+  main:
+    short_description: Matrix Synaspe
+    description: "Installs and configures a synapse server. Supports workers and matrix_synapse_shared_secret_auth"
+    options:
+      synapse_psql_user:
+        description: Postgres database username for synapse
+        type: str
+        required: true
+      synapse_psql_pw:
+        description: Postgres database password for synapse
+        type: str
+        required: true
+      synapse_psql_db:
+        description: Postgres database name for synapse
+        type: str
+        required: false
+        default: "{{ synapse_psql_user }}"
+      synapse_psql_host:
+        description: Postgres database server hostname
+        type: str
+        required: false
+        default: localhost
+
+      matrix_max_upload_size_mb:
+        description: Maximum file upload size for synapse in megabytes
+        type: int
+        required: false
+        default: 100
+      matrix_auto_join_rooms:
+        description: A list of room aliases new users will be joined to automatically
+        type: list
+        required: false
+        default: []
+
+      matrix_signing_key:
+        description: Matrix federation signing key. Will use auto-generated one if not defined.
+        type: str
+        required: false
+
+      synapse_metrics:
+        description: Whether to enable prometheus metrics listener on port 9656
+        type: bool
+        required: false
+        default: false
+      
+      synapse_presence:
+        description: Whether to enable presence detection on synapse. If disabled all users will be shown as permanently offline.
+        type: bool
+        required: false
+        default: true

roles/synapse/tasks/config.yml

@@ -29,6 +29,7 @@
     - listeners
     - server_name
     - url_preview
+    - autojoin
   notify: Config matrix target
 
 - name: Ensure synapse configs including secrets is in place
@@ -43,16 +44,6 @@
     - general
   notify: Config matrix target
 
-- name: Ensure autojoin config is in place
-  ansible.builtin.template:
-    src: conf.d/autojoin.yaml.j2
-    dest: /etc/matrix-synapse/conf.d/autojoin.yaml
-    owner: matrix-synapse
-    group: nogroup
-    mode: 0644
-  when: matrix_auto_join_rooms is defined
-  notify: Config matrix target
-
 - name: Ensure password provider config is in place
   ansible.builtin.template:
     src: conf.d/password_providers.yaml.j2

roles/synapse/tasks/worker_instance.yml

@@ -4,6 +4,9 @@
   ansible.builtin.set_fact:
     worker: "{{ worker_type }}-{{ worker_index | default('0') }}"
 
+- name: Enable worker {{ worker }}
+  when: worker_state == 'present'
+  block:
     - name: Ensure config in place for {{ worker }}
       ansible.builtin.template:
         src: worker.yaml.j2
@@ -21,3 +24,24 @@
     - name: Add worker to synapse_worker_services variable
       ansible.builtin.set_fact:
         synapse_worker_services: "{{ synapse_worker_services + [worker] }}"
+
+
+- name: Disable worker {{ worker }}
+  when: worker_state == 'absent'
+  block:
+    - name: Notify the user
+      ansible.builtin.debug:
+        msg: "Disabling worker {{ worker }}! Make sure to remove it from your synapse_workers."
+
+    - name: Ensure worker config files not present
+      ansible.builtin.file:
+        path: /etc/matrix-synapse/{{ item }}.yaml
+        state: absent
+      notify: Disable worker services
+      loop:
+        - workers/{{ worker }}
+        - worker-logs/{{ worker }}-log
+
+    - name: Add worker to synapse_disable_worker_services
+      ansible.builtin.set_fact:
+        synapse_disable_worker_services: "{{ synapse_worker_services + [worker] }}"

roles/synapse/tasks/worker_type.yml

@@ -5,15 +5,20 @@
     worker_type: "{{ synapse_worker.key }}"
 
 - name: Include default variables
-  ansible.builtin.include_vars: defaults.yml
+  ansible.builtin.include_vars: workers/defaults.yml
 
 - name: Include variables for {{ worker_type }}
   ansible.builtin.include_vars: "{{ item }}"
   with_first_found:
     - files:
-        - "{{ worker_type }}.yml"
+        - "workers/{{ worker_type }}.yml"
       skip: true
 
+- name: Warn of legacy workers
+  ansible.builtin.debug:
+    msg: "You have a deprecated worker type {{ worker_type }} defined. You should remove it from synapse_workers."
+  when: worker_state == 'absent'
+
 - name: Reset worker_ports variable
   ansible.builtin.set_fact:
     worker_ports: []
@@ -33,8 +38,3 @@
 - name: Include worker instance tasks for {{ worker_type }}
   ansible.builtin.include_tasks: worker_instance.yml
   when: worker_ports|length == 0
-
-- name: Append synchrotron variable
-  ansible.builtin.set_fact:
-    synapse_synchrotrons: "{{ synapse_synchrotrons + [synchrotron_type] }}"
-  when: synchrotron_type is defined and synchrotron_type not in synapse_synchrotrons

roles/synapse/tasks/workers.yml

@@ -25,7 +25,6 @@
 - name: Initialize synapse worker vars
   ansible.builtin.set_fact:
     synapse_worker_services: []
-    synapse_synchrotrons: []
 
 - name: Configure workers
   ansible.builtin.include_tasks: worker_type.yml
@@ -45,4 +44,3 @@
 
 - name: Ensure synchrotron balancer removed (legacy)
   ansible.builtin.include_tasks: matrix-synchrotrons.yml
-  when: synapse_synchrotrons | length != 0

roles/synapse/templates/conf.d/autojoin.yaml.j2

@@ -1,6 +1,3 @@
 # {{ ansible_managed }}
 
-auto_join_rooms:
-{% for room_id in matrix_auto_join_rooms %}
-  - "{{ room_id }}"
-{% endfor %}
+auto_join_rooms: {{ matrix_auto_join_rooms }}

roles/synapse/templates/conf.d/general.yaml.j2

@@ -12,5 +12,3 @@ use_presence: {{ synapse_presence }}
 enable_media_repo: {{ matrix_media_repo_server is not defined and 'media_repository' not in synapse_workers }}
 retention:
   enabled: true
-experimental_features:
-  msc2716_enabled: true

roles/synapse/templates/conf.d/workers.yaml.j2

@@ -6,7 +6,10 @@ redis:
 notify_appservices_from_worker: appservice-0
 {% endif %}
 {% if 'pusher' in synapse_workers %}
-start_pushers: false
+pusher_instances:
+{% for port in synapse_workers.pusher %}
+  - pusher-{{ loop.index0 }}
+{% endfor %}
 {% endif %}
 {% if 'user_dir' in synapse_workers %}
 update_user_directory_from_worker: user_dir-0
@@ -15,9 +18,11 @@ update_user_directory_from_worker: user_dir-0
 
 {% if 'event_persister' in synapse_workers or 'typing_persister' in synapse_workers or 'account_persister' in synapse_workers or 'device_persister' in synapse_workers or 'presence_persister' in synapse_workers or 'receipt_persister' in synapse_workers %}
 instance_map:
+  main:
+    host: localhost
+    port: 9093
 
 {% for persister_type in persister_workers %}
-
 {% if persister_type in synapse_workers %}
 {% for port in synapse_workers[persister_type] %}
   {{ persister_type }}-{{ loop.index0 }}:
@@ -25,7 +30,6 @@ instance_map:
     port: {{ port }}
 {% endfor %}
 {% endif %}
-
 {% endfor %}
 
 stream_writers:
@@ -78,13 +82,8 @@ run_background_tasks_on: background_tasks-0
 {% endif %}
 
 {% if 'federation_sender' in synapse_workers %}
-send_federation: false
-
-{% if synapse_workers.federation_sender|length > 1 %}
 federation_sender_instances:
 {% for port in synapse_workers.federation_sender %}
   - federation_sender-{{ loop.index0 }}
 {% endfor %}
 {% endif %}
-
-{% endif %}

roles/synapse/templates/worker.yaml.j2

@@ -2,10 +2,6 @@
 worker_app: synapse.app.{{ worker_app }}
 worker_name: {{ worker }}
 
-# The replication listener on the synapse to talk to.
-worker_replication_host: 127.0.0.1
-worker_replication_http_port: 9093
-
 worker_log_config: /etc/matrix-synapse/worker-logs/{{ worker }}-log.yaml
 {% if worker_port is defined and worker_listeners|length !=0 or synapse_metrics %}
 worker_listeners:
@@ -24,6 +20,3 @@ worker_listeners:
     bind_addresses: ['0.0.0.0'] # Don't bind to multiple addresses
 {% endif %}
 {% endif %}
-{% if worker_app == 'frontend_proxy' %}
-worker_main_http_uri: http://localhost:8008
-{% endif %}

roles/synapse/vars/federation_sender.yml

@@ -1,4 +0,0 @@
----
-
-worker_app: federation_sender
-worker_listeners: []

roles/synapse/vars/frontend_proxy.yml

@@ -1,3 +0,0 @@
----
-
-worker_app: frontend_proxy

roles/synapse/vars/generic_init_sync.yml

@@ -1,3 +0,0 @@
----
-
-synchrotron_type: init

roles/synapse/vars/generic_sync.yml

@@ -1,3 +0,0 @@
----
-
-synchrotron_type: balancer

roles/synapse/vars/main.yml

@@ -0,0 +1,9 @@
+---
+
+persister_workers:
+  - event_persister
+  - typing_persister
+  - account_persister
+  - device_persister
+  - presence_persister
+  - receipt_persister

roles/synapse/vars/workers/defaults.yml

@@ -1,5 +1,6 @@
 ---
 
+worker_state: present
 worker_app: generic_worker
 worker_listeners:
   - client

roles/synapse/vars/workers/federation_sender.yml

@@ -0,0 +1,3 @@
+---
+
+worker_listeners: []

roles/synapse/vars/workers/frontend_proxy.yml

@@ -0,0 +1,4 @@
+---
+
+# LEGACY
+worker_state: absent

roles/synapse/vars/workers/pusher.yml

@@ -1,4 +1,3 @@
 ---
 
-worker_app: pusher
 worker_listeners: []