ansol/matrix-docker-ansible-deploy
7
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2025-05-12 08:55:36 +00:00
Code Issues Projects Releases Wiki Activity

Merge branch 'master' into feature/dendrite

Browse Source
This commit is contained in:
Slavi Pantaleev 2021-12-17 17:31:51 +02:00
commit 5863786391
11 changed files with 52 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
.github/workflows/ansible-lint.yml vendored Normal file
View File

@ -0,0 +1,19 @@
name: Ansible Lint
on: [push, pull_request]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Lint Ansible Playbook
uses: ansible/ansible-lint-action@master
with:
# Paths to ansible files (i.e., playbooks, tasks, handlers etc..)
targets: "./"
args: "-x metadata, formatting"

5
roles/matrix-awx/defaults/main.yml
View File

@ -1 +1,6 @@
matrix_awx_enabled: true matrix_awx_enabled: true
# Defaults for 'Customise Website + Access Export' template
awx_sftp_auth_method: 'Disabled'
awx_sftp_password: ''
awx_sftp_public_key: ''

4
roles/matrix-awx/tasks/purge_database_main.yml
View File

@ -29,9 +29,9 @@
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
register: awx_synapse_container_ip register: awx_synapse_container_ip
- name: Collect access token for @_janitor user - name: Collect access token for @admin-janitor user
shell: | shell: |
curl -X POST -d '{"type":"m.login.password", "user":"_janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token' curl -X POST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
register: awx_janitors_token register: awx_janitors_token
no_log: True no_log: True

4
roles/matrix-awx/tasks/purge_media_main.yml
View File

@ -21,9 +21,9 @@
shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse" shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse"
register: awx_synapse_container_ip register: awx_synapse_container_ip
- name: Collect access token for @_janitor user - name: Collect access token for @admin-janitor user
shell: | shell: |
curl -XPOST -d '{"type":"m.login.password", "user":"_janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token' curl -XPOST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
register: awx_janitors_token register: awx_janitors_token
no_log: True no_log: True

2
roles/matrix-awx/tasks/self_check.yml
View File

@ -50,12 +50,14 @@
- name: Calculate size of local media repository - name: Calculate size of local media repository
shell: du -sh /matrix/synapse/storage/media-store/local* shell: du -sh /matrix/synapse/storage/media-store/local*
register: awx_local_media_size_stat register: awx_local_media_size_stat
async: 600
ignore_errors: yes ignore_errors: yes
no_log: True no_log: True
- name: Calculate size of remote media repository - name: Calculate size of remote media repository
shell: du -sh /matrix/synapse/storage/media-store/remote* shell: du -sh /matrix/synapse/storage/media-store/remote*
register: awx_remote_media_size_stat register: awx_remote_media_size_stat
async: 600
ignore_errors: yes ignore_errors: yes
no_log: True no_log: True

4
roles/matrix-awx/tasks/set_variables_dimension.yml
View File

@ -12,9 +12,9 @@
- curl - curl
state: present state: present
- name: Collect access token of @_dimension user - name: Collect access token of @admin-dimension user
shell: | shell: |
curl -X POST --header 'Content-Type: application/json' -d '{ "identifier": { "type": "m.id.user","user": "_dimension" }, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//' curl -X POST --header 'Content-Type: application/json' -d '{ "identifier": { "type": "m.id.user","user": "admin-dimension" }, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//'
register: awx_dimension_user_access_token register: awx_dimension_user_access_token
- name: Record Synapse variables locally on AWX - name: Record Synapse variables locally on AWX

18
roles/matrix-common-after/tasks/awx_post.yml
View File

@ -1,11 +1,11 @@
--- ---
- name: Create user account @_janitor - name: Create user account @admin-janitor
command: | command: |
/usr/local/bin/matrix-synapse-register-user _janitor {{ awx_janitor_user_password | quote }} 1 /usr/local/bin/matrix-synapse-register-user admin-janitor {{ awx_janitor_user_password | quote }} 1
register: cmd register: cmd
when: not awx_janitor_user_created|bool when: not awx_janitor_user_created|bool
no_log: True no_log: false
- name: Update AWX janitor user created variable - name: Update AWX janitor user created variable
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1
@ -18,12 +18,12 @@
'awx_janitor_user_created': 'true' 'awx_janitor_user_created': 'true'
when: not awx_janitor_user_created|bool when: not awx_janitor_user_created|bool
- name: Create user account @_dimension - name: Create user account @admin-dimension
command: | command: |
/usr/local/bin/matrix-synapse-register-user _dimension {{ awx_dimension_user_password | quote }} 0 /usr/local/bin/matrix-synapse-register-user admin-dimension {{ awx_dimension_user_password | quote }} 0
register: cmd register: cmd
when: not awx_dimension_user_created|bool when: not awx_dimension_user_created|bool
no_log: True no_log: false
- name: Update AWX dimension user created variable - name: Update AWX dimension user created variable
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1
@ -36,12 +36,12 @@
'awx_dimension_user_created': 'true' 'awx_dimension_user_created': 'true'
when: not awx_dimension_user_created|bool when: not awx_dimension_user_created|bool
- name: Create user account @_mjolnir - name: Create user account @admin-mjolnir
command: | command: |
/usr/local/bin/matrix-synapse-register-user _mjolnir {{ awx_mjolnir_user_password | quote }} 0 /usr/local/bin/matrix-synapse-register-user admin-mjolnir {{ awx_mjolnir_user_password | quote }} 0
register: cmd register: cmd
when: not awx_mjolnir_user_created|bool when: not awx_mjolnir_user_created|bool
no_log: True no_log: false
- name: Update AWX dimension user created variable - name: Update AWX dimension user created variable
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1

2
roles/matrix-jitsi/templates/jvb/env.j2
View File

@ -25,7 +25,7 @@ COLIBRI_REST_ENABLED
SHUTDOWN_REST_ENABLED SHUTDOWN_REST_ENABLED
TZ={{ matrix_jitsi_timezone }} TZ={{ matrix_jitsi_timezone }}
XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }} XMPP_AUTH_DOMAIN={{ matrix_jitsi_xmpp_auth_domain }}
XMPP_INTERNAL_MUC_DOMAIN= {{ matrix_jitsi_xmpp_internal_muc_domain }} XMPP_INTERNAL_MUC_DOMAIN={{ matrix_jitsi_xmpp_internal_muc_domain }}
XMPP_SERVER={{ matrix_jitsi_xmpp_server }} XMPP_SERVER={{ matrix_jitsi_xmpp_server }}
{{ matrix_jitsi_jvb_environment_variables_extension }} {{ matrix_jitsi_jvb_environment_variables_extension }}

7
roles/matrix-nginx-proxy/defaults/main.yml
View File

@ -442,7 +442,14 @@ matrix_ssl_domains_to_obtain_certificates_for: "{{ matrix_ssl_additional_domains
matrix_ssl_additional_domains_to_obtain_certificates_for: [] matrix_ssl_additional_domains_to_obtain_certificates_for: []
# Controls whether to obtain production or staging certificates from Let's Encrypt. # Controls whether to obtain production or staging certificates from Let's Encrypt.
# If you'd like to use another ACME Certificate Authority server (not Let's Encrypt), use `matrix_ssl_lets_encrypt_server`
matrix_ssl_lets_encrypt_staging: false matrix_ssl_lets_encrypt_staging: false
# Controls from which Certificate Authority server to retrieve the SSL certificates (passed as a `--server` flag to Certbot).
# By default, we use the Let's Encrypt production environment (use `matrix_ssl_lets_encrypt_staging` for using the staging environment).
# Learn more here: https://eff-certbot.readthedocs.io/en/stable/using.html#changing-the-acme-server
matrix_ssl_lets_encrypt_server: ''
matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.21.0" matrix_ssl_lets_encrypt_certbot_docker_image: "{{ matrix_container_global_registry_prefix }}certbot/certbot:{{ matrix_ssl_architecture }}-v1.21.0"
matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}" matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_encrypt_certbot_docker_image.endswith(':latest') }}"
matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402 matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402

2
roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml
View File

@ -42,6 +42,7 @@
--non-interactive --non-interactive
--work-dir=/tmp --work-dir=/tmp
--http-01-port 8080 --http-01-port 8080
{% if matrix_ssl_lets_encrypt_server %}--server={{ matrix_ssl_lets_encrypt_server|quote }}{% endif %}
{% if matrix_ssl_lets_encrypt_staging %}--staging{% endif %} {% if matrix_ssl_lets_encrypt_staging %}--staging{% endif %}
--standalone --standalone
--preferred-challenges http --preferred-challenges http
@ -70,6 +71,7 @@
--non-interactive --non-interactive
--work-dir=/tmp --work-dir=/tmp
--http-01-port 8080 --http-01-port 8080
{% if matrix_ssl_lets_encrypt_server %}--server={{ matrix_ssl_lets_encrypt_server|quote }}{% endif %}
{% if matrix_ssl_lets_encrypt_staging %}--staging{% endif %} {% if matrix_ssl_lets_encrypt_staging %}--staging{% endif %}
--standalone --standalone
--preferred-challenges http --preferred-challenges http

1
roles/matrix-synapse/tasks/synapse/workers/setup_uninstall.yml
View File

@ -8,6 +8,7 @@
name: "{{ item.key }}" name: "{{ item.key }}"
state: stopped state: stopped
with_dict: "{{ ansible_facts.services|default({})|dict2items|selectattr('key', 'match', 'matrix-synapse-worker-.+\\.service')|list|items2dict }}" with_dict: "{{ ansible_facts.services|default({})|dict2items|selectattr('key', 'match', 'matrix-synapse-worker-.+\\.service')|list|items2dict }}"
when: "item.value['status'] != 'not-found'" # see https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1461
- name: Find worker configs to be cleaned - name: Find worker configs to be cleaned
find: find: