Working on more Matrix stuffs, adding creds for SES
This commit is contained in:
parent
73d1ebd9a2
commit
aed52c16a0
@ -1,6 +1,21 @@
|
|||||||
#!/usr/bin/ansible-playbook
|
#!/usr/bin/ansible-playbook
|
||||||
# vim:ft=ansible:
|
# vim:ft=ansible:
|
||||||
user_username: salt
|
user_username: salt
|
||||||
|
aws_ses_user: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
33643766376336316266373239386466373639633765333332353031373132383061346564633036
|
||||||
|
3337396261333264363562363364336235633831353133380a613164666161313265396261616634
|
||||||
|
38353531306238613735623433663138643231663139363735373537393337636362636534656166
|
||||||
|
3063373930343039320a663063663535633932323739653461336164643035633036663362666161
|
||||||
|
38316564326537303236333266303432326164393435663665363963326363306237
|
||||||
|
aws_ses_pass: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
39306665653635383832623438656364616633643032663365643033316236333939363732363034
|
||||||
|
3566663361653862646636396339343963626561613839620a663731313337613734356261326437
|
||||||
|
31653763346663656165343632336366343562333836396232636431323635333965336137316237
|
||||||
|
3662393364636631310a643935313539353338333233356362623835363631383035666536343634
|
||||||
|
65663937643165613337373837633737653765303764303536386530616363343361326536633935
|
||||||
|
3565626161343562396663353538653136376138373334336435
|
||||||
zerotier_network_id: !vault |
|
zerotier_network_id: !vault |
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
35646131343239623265663562343333383362366633386462646465643163353866643633636135
|
35646131343239623265663562343333383362366633386462646465643163353866643633636135
|
||||||
|
@ -19,4 +19,40 @@
|
|||||||
apt:
|
apt:
|
||||||
name:
|
name:
|
||||||
- "matrix-synapse-py3"
|
- "matrix-synapse-py3"
|
||||||
|
- name: Set up Apache
|
||||||
|
block:
|
||||||
|
- name: Enable modules
|
||||||
|
command:
|
||||||
|
cmd: a2enmod "{{ item }}"
|
||||||
|
creates: "/etc/apache2/mods-enabled/{{ item }}.load"
|
||||||
|
loop:
|
||||||
|
- proxy
|
||||||
|
- proxy_http
|
||||||
|
notify: restart apache
|
||||||
|
- name: Template out vhost
|
||||||
|
template:
|
||||||
|
src: "apache2-vhost-ssl.conf"
|
||||||
|
dest: "/etc/apache2-sites-available/{{ matrix_url }}.conf"
|
||||||
|
- name: Create webroot
|
||||||
|
file:
|
||||||
|
state: directory
|
||||||
|
path: "{{ matrix_webroot }}"
|
||||||
|
- name: Enable site
|
||||||
|
command:
|
||||||
|
cmd: "a2ensite {{ matrix_url }}.conf"
|
||||||
|
creates: "/etc/apache2/sites-enabled/{{ matrix_url }}.conf"
|
||||||
|
notify: restart apache
|
||||||
|
- name: Generate certificate
|
||||||
|
include_role:
|
||||||
|
name: https
|
||||||
|
vars:
|
||||||
|
website_url: "{{ matrix_url }}"
|
||||||
|
- name: Configure Synapse
|
||||||
|
template:
|
||||||
|
src: "{{ item.src }}"
|
||||||
|
dest: "{{ item.dest }}"
|
||||||
|
mode: "{{ item.mode }}"
|
||||||
|
loop:
|
||||||
|
- { src: "homeserver.yml", dest: "/etc/matrix-synapse/homeserver.yml", "mode: 0644" }
|
||||||
|
- { src: "server_name.yml", dest: "/etc/matrix-synapse/conf.d/server_name.yml", "mode: 0644" }
|
||||||
become: yes
|
become: yes
|
||||||
|
35
roles/matrix/templates/apache2-vhost-ssl.conf
Normal file
35
roles/matrix/templates/apache2-vhost-ssl.conf
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
# Configuration for {{ matrix_url }}
|
||||||
|
# vim:ft=apache:
|
||||||
|
|
||||||
|
# Accept connections from non-SNI clients
|
||||||
|
SSLStrictSNIVHostCheck off
|
||||||
|
# Need this for SSL proxying, apparently
|
||||||
|
SSLProxyEngine on
|
||||||
|
|
||||||
|
# Website configuration
|
||||||
|
<VirtualHost *:80>
|
||||||
|
ServerName {{ matrix_url }}
|
||||||
|
Redirect permanent / https://{{ matrix_url }}
|
||||||
|
</VirtualHost>
|
||||||
|
<VirtualHost *:443>
|
||||||
|
SSLEngine on
|
||||||
|
SSLCertificateFile /etc/pki/cert/crt/{{ matrix_url }}.crt
|
||||||
|
SSLCertificateKeyFile /etc/pki/cert/private/{{ matrix_url }}.key
|
||||||
|
SSLCertificateChainFile /etc/pki/cert/crt/{{ matrix_url }}-fullchain.crt
|
||||||
|
SSLProtocol {{ ssl_protocol }}
|
||||||
|
SSLCipherSuite {{ ssl_cipher_suite }}
|
||||||
|
ServerName {{ matrix_url }}
|
||||||
|
DocumentRoot {{ matrix_webroot }}
|
||||||
|
<Directory "{{ matrix_webroot }}">
|
||||||
|
Require all granted
|
||||||
|
AllowOverride All
|
||||||
|
Options MultiViews FollowSymlinks
|
||||||
|
</Directory>
|
||||||
|
ProxyPreserveHost On
|
||||||
|
ProxyRequests Off
|
||||||
|
ProxyPass / http://127.0.0.1:8008/ nocanon retry=1
|
||||||
|
ProxyPassReverse / https://127.0.0.1:8008/
|
||||||
|
|
||||||
|
RequestHeader set X_FORWARDED_PROTO 'https'
|
||||||
|
RequestHeader set X-Forwarded-Ssl on
|
||||||
|
</VirtualHost>
|
2167
roles/matrix/templates/homeserver.yaml
Normal file
2167
roles/matrix/templates/homeserver.yaml
Normal file
File diff suppressed because it is too large
Load Diff
9
roles/matrix/templates/server_name.yaml
Normal file
9
roles/matrix/templates/server_name.yaml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
# This file is autogenerated, and will be recreated on upgrade if it is deleted.
|
||||||
|
# Any changes you make will be preserved.
|
||||||
|
|
||||||
|
# The domain name of the server, with optional explicit port.
|
||||||
|
# This is used by remote servers to connect to this server,
|
||||||
|
# e.g. matrix.org, localhost:8080, etc.
|
||||||
|
# This is also the last part of your UserID.
|
||||||
|
#
|
||||||
|
server_name: {{ matrix_server_name }}
|
@ -9,6 +9,9 @@
|
|||||||
- role: backups
|
- role: backups
|
||||||
tags: [ backups ]
|
tags: [ backups ]
|
||||||
- role: matrix
|
- role: matrix
|
||||||
|
vars:
|
||||||
|
matrix_server_name: "9iron.club"
|
||||||
|
matrix_url: "matrix.9iron.club"
|
||||||
tags: [ fedi, matrix ]
|
tags: [ fedi, matrix ]
|
||||||
- hosts: web1
|
- hosts: web1
|
||||||
roles:
|
roles:
|
||||||
|
Loading…
Reference in New Issue
Block a user