v0.0.2

README.md

@@ -5,6 +5,5 @@ Roles for matrix services
 # To do
 - Add argument spec validation
 - Move ldap auth provider from password providers to collections
-- Implement synchrotron balancing in nginx
 - Make updates optional (use state: present instead of state: latest unless requested)
 - Only restart extras being changed, not all

galaxy.yml

@@ -3,7 +3,7 @@
 namespace: uumas
 name: matrix
 description: Matrix roles
-version: 0.0.1
+version: 0.0.2
 readme: README.md
 repository: https://git.uumas.fi/uumas/ansible-matrix
 license_file: LICENSE

playbooks/matrix.yml

@@ -4,7 +4,7 @@
 - name: Synapse
   hosts: matrix_synapse
   become: true
-  vars_files: 
+  vars_files:
     - vars/nginx.yml
   roles:
     - synapse

playbooks/vars/nginx.yml

@@ -21,13 +21,15 @@ nginx_upstreams:
         additional_options:
           - "client_max_body_size {{ matrix_max_upload_size_mb }}M"
 
-  synchrotron_balancer:
-    servers: "{{ ['8183'] if synapse_workers.generic_sync is defined else '' }}"
+  synapse_generic_sync:
+    servers: "{{ synapse_workers.generic_sync | default('') }}"
+    method: 'hash $mxid_localpart'
     locations:
       - name: '~ ^/_matrix/client/(api/v1|r0|v3)/events$'
       - name: "{{ '^/_matrix/client/(v2_alpha|r0|v3)/sync$' if 'generic_init_sync' not in synapse_workers | default('') else '' }}"
-  synchrotron_init:
-    servers: "{{ ['8184'] if synapse_workers.generic_init_sync is defined else '' }}"
+  synapse_generic_init_sync:
+    servers: "{{ synapse_workers.generic_init_sync | default('') }}"
+    method: 'hash $mxid_localpart'
     locations:
       - name: '~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$'
       - name: '~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$'
@@ -166,7 +168,7 @@ nginx_upstreams:
     servers: "{{ synapse_workers.presence_persister | default('') }}"
     locations:
       - name: '^/_matrix/client/(api/v1|r0|v3|unstable)/presence/'
-    
+
   maubot:
     servers: "{{ ['29316'] if 'maubot' in matrix_extras | default('') else '' }}"
     locations:
@@ -190,14 +192,25 @@ nginx_upstreams:
 
 nginx_maps:
   sync:
-    var: "{{ 'arg_since' if synapse_workers.generic_sync is defined and synapse_workers.generic_init_sync is defined else ''  }}"
+    var: "{{ 'arg_since' if synapse_workers.generic_sync is defined and synapse_workers.generic_init_sync is defined else '' }}"
     rules:
-      default: synchrotron_balancer
-      "''": synchrotron_init
+      default: synapse_generic_sync
+      "''": synapse_generic_init_sync
     locations:
       - name: '~ ^/_matrix/client/(r0|v3)/sync$'
         additional_options:
           - 'proxy_read_timeout 1h'
+  mxid_localpart_urlparam:
+    var: arg_access_token
+    rules:
+      default: $arg_access_token
+      "'~syt_(?<username>.*?)_.*'": $username
+  mxid_localpart:
+    var: http_authorization
+    rules:
+      default: $http_authorization
+      "'~Bearer syt_(?<username>.*?)_.*'": $username
+      "''": $mxid_localpart_urlparam
 
 nginx_servers:
   - listen:
@@ -225,14 +238,14 @@ nginx_servers:
       - synapse_main
       - matrix_media_repo
       - synapse_media_repository
+      - synapse_generic_sync
+      - synapse_generic_init_sync
       - synapse_generic_client
       - synapse_generic_login
       - synapse_generic_event_send
       - synapse_generic_pagination
       - synapse_user_dir
       - synapse_frontend_proxy
-      - synchrotron_balancer
-      - synchrotron_init
       - synapse_device_persister
       - synapse_typing_persister
       - synapse_account_persister

roles/synapse/defaults/main.yml

@@ -9,10 +9,6 @@ matrix_max_upload_size_mb: 100
 synapse_metrics: false
 synapse_presence: true
 
-synchrotron_workers:
-  balancer: generic_sync
-  init: generic_init_sync
-
 persister_workers:
   - event_persister
   - typing_persister

roles/synapse/handlers/main.yml

@@ -21,3 +21,10 @@
     enabled: true
   loop: "{{ synapse_worker_services }}"
   notify: Config matrix target
+
+- name: Disable matrix-synchrotrons
+  ansible.builtin.systemd:
+    daemon_reload: true
+    name: matrix-synchrotron@{{ item }}.service
+    enabled: false
+  loop: "{{ synapse_synchrotrons }}"

roles/synapse/tasks/matrix-synchrotron.yml

@@ -1,23 +0,0 @@
----
-
-- name: Ensure workdir exists for matrix-synchrotron-{{ item }}
-  ansible.builtin.file:
-    path: /opt/matrix-synchrotron/{{ item }}
-    state: directory
-    mode: 0755
-
-- name: Ensure config in place for matrix-synchrotron-{{ item }}
-  ansible.builtin.template:
-    src: matrix-synchrotron-config.yaml.j2
-    dest: /opt/matrix-synchrotron/{{ item }}/config.yaml.ansibled
-    mode: 0644
-  notify: Config synapse service
-  register: config
-
-- name: Copy config to final destination for matrix-synchrotron-{{ item }}
-  ansible.builtin.copy:
-    src: /opt/matrix-synchrotron/{{ item }}/config.yaml.ansibled
-    dest: /opt/matrix-synchrotron/{{ item }}/config.yaml
-    remote_src: true
-    mode: 0644
-  when: config.changed

roles/synapse/tasks/matrix-synchrotrons.yml

@@ -1,53 +1,13 @@
 ---
 
-- name: Install git and golang
-  ansible.builtin.apt:
-    name:
-      - git
-      - golang
-
-- name: Create matrix-synchrotron user
+- name: Ensure matrix-synchrotron user not present
   ansible.builtin.user:
     name: matrix-synchrotron
-    system: true
-    home: /opt/matrix-synchrotron
-    shell: /bin/false
+    state: absent
+    remove: true
 
-- name: Install matrix-synchrotron
-  become_user: matrix-synchrotron
-  block:
-    - name: Clone matrix-synchrotron git repo
-      ansible.builtin.git:
-        repo: https://github.com/Sorunome/matrix-synchrotron-balancer.git
-        dest: /opt/matrix-synchrotron/src
-        force: true
-      register: install
-
-    - name: Build matrix-synchrotron
-      ansible.builtin.command: go build
-      args:
-        chdir: /opt/matrix-synchrotron/src
-      when: install.changed
-      notify: Config synapse service
-
-    - name: Configure matrix-synchrotron(s)
-      ansible.builtin.include_tasks: matrix-synchrotron.yml
-      loop: "{{ synapse_synchrotrons }}"
-      loop_control:
-        extended: true
-
-- name: Put systemd matrix-synchrotron unit in place
-  ansible.builtin.template:
-    src: systemd/matrix-synchrotron@.service.j2
-    dest: /etc/systemd/system/matrix-synchrotron@.service
-    mode: "644"
-  register: systemd_unit
-
-- name: Enable systemd unit matrix-synchrotron-{{ item }}
-  ansible.builtin.systemd:
-    daemon_reload: true
-    name: matrix-synchrotron@{{ item }}.service
-    enabled: true
-    state: restarted
-  when: systemd_unit.changed
-  loop: "{{ synapse_synchrotrons }}"
+- name: Ensure matrix-synchrotron unit not present
+  ansible.builtin.file:
+    path: /etc/systemd/system/matrix-synchrotron@.service
+    state: absent
+  notify: Disable matrix-synchrotrons

roles/synapse/tasks/workers.yml

@@ -27,26 +27,22 @@
     synapse_worker_services: []
     synapse_synchrotrons: []
 
-- name: Ensure worker pidfile dir in /run exists
-  ansible.builtin.file:
-    path: /run/matrix-synapse/
-    state: directory
-    owner: matrix-synapse
-    group: nogroup
-    mode: 0755
-
-- name: Ensure tmpfiles config for pidfile dir in place
-  ansible.builtin.template:
-    src: tmpfiles-matrix-synapse.conf.j2
-    dest: /etc/tmpfiles.d/matrix-synapse.conf
-    mode: 0644
-
 - name: Configure workers
   ansible.builtin.include_tasks: worker_type.yml
   loop: "{{ synapse_workers | dict2items }}"
   loop_control:
     loop_var: synapse_worker
 
-- name: Configure synchrotron balancer
+- name: Ensure worker pidfile dir in /run not present (legacy)
+  ansible.builtin.file:
+    path: /run/matrix-synapse/
+    state: absent
+
+- name: Ensure tmpfiles config for pidfile dir not present (legacy)
+  ansible.builtin.file:
+    path: /etc/tmpfiles.d/matrix-synapse.conf
+    state: absent
+
+- name: Ensure synchrotron balancer removed (legacy)
   ansible.builtin.include_tasks: matrix-synchrotrons.yml
   when: synapse_synchrotrons | length != 0

roles/synapse/templates/matrix-synchrotron-config.yaml.j2

@@ -1,12 +0,0 @@
-# {{ ansible_managed }}
-homeserver_url: http://localhost:8008 # homeserver URL for the whoami request
-listener: localhost:{{ 8183 + ansible_loop.index0 }} # host:port to listen to
-
-synchrotrons:
-{% for port in synapse_workers[synchrotron_workers[item]] %}
-  - address: 127.0.0.1:{{ port }}
-    pid_file: /run/matrix-synapse/{{ synchrotron_workers[item] }}-{{ loop.index0 }}.pid
-{% endfor %}
-
-balancer:
-  interval: 2

roles/synapse/templates/systemd/matrix-synapse-worker@.service.j2

@@ -10,12 +10,10 @@ After=matrix-synapse.service
 [Service]
 Type=notify
 NotifyAccess=main
-PIDFile=/run/matrix-synapse/%i.pid
 User=matrix-synapse
 WorkingDirectory=/var/lib/matrix-synapse
 EnvironmentFile=-/etc/default/matrix-synapse
 ExecStart=/opt/venvs/matrix-synapse/bin/python -m synapse.app.generic_worker --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/ --config-path=/etc/matrix-synapse/workers/%i.yaml
-ExecStartPost=/bin/sh -c "echo $MAINPID > /run/matrix-synapse/%i.pid"
 ExecReload=/bin/kill -HUP $MAINPID
 Restart=always
 RestartSec=3

roles/synapse/templates/systemd/matrix-synchrotron@.service.j2

@@ -1,17 +0,0 @@
-# {{ ansible_managed }}
-
-[Unit]
-Description=Matrix Synchrotron %i
-After=matrix-synapse.service
-PartOf=matrix-synapse.service
-
-[Service]
-Type=simple
-User=matrix-synchrotron
-WorkingDirectory=/opt/matrix-synchrotron/%i
-ExecStart=/opt/matrix-synchrotron/src/matrix-synchrotron-balancer
-Restart=always
-RestartSec=3
-
-[Install]
-WantedBy=matrix-synapse.service

roles/synapse/templates/tmpfiles-matrix-synapse.conf.j2

@@ -1 +0,0 @@
-d /run/matrix-synapse 0755 matrix-synapse nogroup - -