uumas/ansible-podman
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a29908b507c2cb4f2d613bef84bac6151f9d8e5b
ansible-podman/roles/synapse/tasks/main.yaml
uumas d260e28625 synapse: Use regex for mas-proxied paths
2025-07-19 20:03:12 +03:00

75 lines
3.4 KiB
YAML
Raw Blame History

---
- name: Assert complexity error is set if complexity limit is
ansible.builtin.assert:
that: synapse_room_complexity_limit == 0 or synapse_room_complexity_error | length > 0
fail_msg: "synapse_room_complexity_error must be set when synapse_room_complexity_limit is"
quiet: true
- name: Assert turn shared secret is set if turn uris is
ansible.builtin.assert:
that: synapse_turn_uris | length == 0 or synapse_turn_shared_secret | length > 0
fail_msg: "synapse_turn_shared_secret must be set when synapse_turn_uris is"
quiet: true
- name: Synapse container
ansible.builtin.import_role:
name: service
vars:
service_name: synapse
service_container_image: "{{ _synapse_image_name }}"
service_database_type: postgres
service_postgres_tag: "{{ synapse_postgres_tag }}"
service_container_mounts:
- type: template
source: homeserver.yaml.j2
destination: /data/homeserver.yaml
- type: template
source: log.yaml.j2
destination: /data/log.yaml
- type: volume
source: media
destination: /data/media
user: "991"
group: "991"
service_container_secrets:
- name: signing-key
value: "{{ synapse_signing_key }}"
- name: mas-client-secret
- name: mas-homeserver-secret
service_container_env:
SYNAPSE_SERVER_NAME: "{{ synapse_server_name }}"
SYNAPSE_REPORT_STATS: "no"
UID: 991
GID: 991
service_container_http_port: 8008
service_domains: "{{ [synapse_external_domain] }}"
service_vhost_locations:
- path: ^/_matrix/client/.*/(login|logout|refresh).*$
proxy_target_socket: /run/matrix-authentication-service-socat.sock
service_wants:
- matrix-authentication-service.service
- name: Matrix authentication service for synapse
ansible.builtin.import_role:
name: matrix_authentication_service
vars:
matrix_authentication_service_additional_networks:
- synapse
matrix_authentication_service_secrets: "{{ synapse_mas_secrets }}"
matrix_authentication_service_domain: "{{ synapse_mas_domain }}"
matrix_authentication_service_homeserver_name: "{{ synapse_server_name }}"
matrix_authentication_service_homeserver_address: http://synapse:8009
matrix_authentication_service_client_secret: "{{ service_podman_secrets['synapse-mas-client-secret'] }}"
matrix_authentication_service_homeserver_secret: "{{ service_podman_secrets['synapse-mas-homeserver-secret'] }}"
matrix_authentication_service_email_smtp_server: "{{ synapse_email_smtp_server }}"
matrix_authentication_service_email_smtp_user: "{{ synapse_email_smtp_user }}"
matrix_authentication_service_email_smtp_password: "{{ synapse_email_smtp_password }}"
matrix_authentication_service_email_from: "{{ synapse_email_from | replace('%(app)s', synapse_email_app_name) }}"
matrix_authentication_service_upstream_oauth2_client_id: "{{ synapse_oidc_provider_client_id }}"
matrix_authentication_service_upstream_oauth2_client_secret: "{{ synapse_oidc_provider_client_secret }}"
matrix_authentication_service_upstream_oauth2_issuer: "{{ synapse_oidc_provider_issuer }}"
matrix_authentication_service_upstream_oauth2_scope: "{{ synapse_oidc_provider_scopes | join(' ') }}"
matrix_authentication_service_upstream_oauth2_claims_imports: "{{ synapse_oidc_provider_mas_claims_imports }}"
matrix_authentication_service_upstream_oauth2_human_name: "{{ synapse_oidc_provider_name }}"
Reference in New Issue View Git Blame Copy Permalink