uumas/ansible-podman
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9bb2b2494887737ec6506c72c177a670967cce90
ansible-podman/roles/synapse/tasks/main.yaml
uumas 335656a166 Use import_role where possible
2025-04-04 21:20:21 +03:00

85 lines
4.0 KiB
YAML
Raw Blame History

---
- name: Assert complexity error is set if complexity limit is
ansible.builtin.assert:
that: synapse_room_complexity_limit == 0 or synapse_room_complexity_error | length > 0
fail_msg: "synapse_room_complexity_error must be set when synapse_room_complexity_limit is"
quiet: true
- name: Assert turn shared secret is set if turn uris is
ansible.builtin.assert:
that: synapse_turn_uris | length == 0 or synapse_turn_shared_secret | length > 0
fail_msg: "synapse_turn_shared_secret must be set when synapse_turn_uris is"
quiet: true
- name: Synapse container
ansible.builtin.import_role:
name: service
vars:
service_name: synapse
service_container_image: "{{ _synapse_image_name }}"
service_database_type: postgres
service_postgres_tag: "{{ synapse_postgres_tag }}"
service_container_mounts:
- type: template
source: homeserver.yaml.j2
destination: /data/homeserver.yaml
- type: template
source: log.yaml.j2
destination: /data/log.yaml
- type: volume
source: media
destination: /data/media
user: "991"
group: "991"
service_container_secrets:
- name: signing-key
value: "{{ synapse_signing_key }}"
- name: mas-client-secret
- name: mas-homeserver-secret
service_container_env:
SYNAPSE_SERVER_NAME: "{{ synapse_server_name }}"
SYNAPSE_REPORT_STATS: "no"
UID: 991
GID: 991
service_container_http_port: 8008
service_domains: "{{ [synapse_external_domain] }}"
service_vhost_locations:
- path: /_matrix/client/*/login
proxy_target_socket: /run/matrix-authentication-service-socat.sock
- path: /_matrix/client/*/logout
proxy_target_socket: /run/matrix-authentication-service-socat.sock
- path: /_matrix/client/*/refresh
proxy_target_socket: /run/matrix-authentication-service-socat.sock
- path: /_matrix/client/*/login/*
proxy_target_socket: /run/matrix-authentication-service-socat.sock
- path: /_matrix/client/*/logout/*
proxy_target_socket: /run/matrix-authentication-service-socat.sock
- path: /_matrix/client/*/refresh/*
proxy_target_socket: /run/matrix-authentication-service-socat.sock
service_wants:
- matrix-authentication-service.service
- name: Matrix authentication service for synapse
ansible.builtin.import_role:
name: matrix_authentication_service
vars:
matrix_authentication_service_additional_networks:
- synapse
matrix_authentication_service_secrets: "{{ synapse_mas_secrets }}"
matrix_authentication_service_domain: "{{ synapse_mas_domain }}"
matrix_authentication_service_homeserver_name: "{{ synapse_server_name }}"
matrix_authentication_service_homeserver_address: http://synapse:8009
matrix_authentication_service_client_secret: "{{ _service_podman_secrets['synapse-mas-client-secret'] }}"
matrix_authentication_service_homeserver_secret: "{{ _service_podman_secrets['synapse-mas-homeserver-secret'] }}"
matrix_authentication_service_email_smtp_server: "{{ synapse_email_smtp_server }}"
matrix_authentication_service_email_smtp_user: "{{ synapse_email_smtp_user }}"
matrix_authentication_service_email_smtp_password: "{{ synapse_email_smtp_password }}"
matrix_authentication_service_email_from: "{{ synapse_email_from | replace('%(app)s', synapse_email_app_name) }}"
matrix_authentication_service_upstream_oauth2_client_id: "{{ synapse_oidc_provider_client_id }}"
matrix_authentication_service_upstream_oauth2_client_secret: "{{ synapse_oidc_provider_client_secret }}"
matrix_authentication_service_upstream_oauth2_issuer: "{{ synapse_oidc_provider_issuer }}"
matrix_authentication_service_upstream_oauth2_scope: "{{ synapse_oidc_provider_scopes | join(' ') }}"
matrix_authentication_service_upstream_oauth2_claims_imports: "{{ synapse_oidc_provider_mas_claims_imports }}"
matrix_authentication_service_upstream_oauth2_human_name: "{{ synapse_oidc_provider_name }}"
Reference in New Issue View Git Blame Copy Permalink