ansible/roles/matrix/tasks/main.yml

118 lines
3.8 KiB
YAML

#!/usr/bin/ansible-playbook
# vim:ft=ansible:
---
- name: Set up Matrix
block:
- name: Set up repos
block:
- name: Add repo keys
apt_key:
url: "{{ item }}"
loop:
- "https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg"
- name: Add repos
apt_repository:
repo: "{{ item }}"
loop:
- "deb https://packages.matrix.org/debian/ {{ ansible_distribution_release }} main"
- name: Install packages
apt:
name:
- matrix-synapse-py3
- python3-psycopg2
- name: Set up PostgreSQL
block:
- name: Create DB user
postgresql_user:
name: matrix
password: "{{ matrix.db_password }}"
login_host: "{{ matrix_db_hostname }}"
login_user: "{{ psql.ansible.user }}"
login_password: "{{ psql.ansible.pass }}"
- name: Create DB
postgresql_db:
name: matrix
owner: matrix
lc_collate: C
lc_ctype: C
login_host: "{{ matrix_db_hostname }}"
login_user: "{{ psql.ansible.user }}"
login_password: "{{ psql.ansible.pass }}"
when: matrix_db_hostname is defined
- name: Set up Apache
block:
- name: Template out config
template:
src: "apache2-matrix.conf"
dest: "/etc/apache2/conf-available/matrix.conf"
notify: restart apache
- name: Enable configs
command:
cmd: a2enconf "{{ item }}"
creates: "/etc/apache2/conf-enabled/{{ item }}.conf"
loop:
- matrix
notify: restart apache
- name: Enable modules
command:
cmd: a2enmod "{{ item }}"
creates: "/etc/apache2/mods-enabled/{{ item }}.load"
loop:
- proxy
- proxy_http
notify: restart apache
- name: Template out vhost
template:
src: "apache2-vhost-ssl.conf"
dest: "/etc/apache2/sites-available/{{ matrix.url }}.conf"
notify: restart apache
- name: Create webroot
file:
state: directory
path: "{{ matrix_webroot }}"
- name: Enable site
command:
cmd: "a2ensite {{ matrix.url }}.conf"
creates: "/etc/apache2/sites-enabled/{{ matrix.url }}.conf"
notify: restart apache
- name: Generate certificate
include_role:
name: https
vars:
website_url: "{{ matrix.url }}"
- name: Configure Synapse
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
loop:
- { src: "homeserver.yaml", dest: "/etc/matrix-synapse/homeserver.yaml", mode: "0644" }
- { src: "server_name.yaml", dest: "/etc/matrix-synapse/conf.d/server_name.yaml", mode: "0644" }
notify: restart synapse
- name: Check for secrets
stat: path="/etc/matrix-synapse/conf.d/shared_secrets.yaml"
register: p
- name: Generate secrets
block:
- name: Generate registration_shared_secret
command: pwgen 32 1
register: matrix_reg_secret
- name: Generate turn_shared_secret
command: pwgen 32 1
register: matrix_turn_secret
- name: Template out shared_secrets.yaml
template:
src: "shared_secrets.yaml"
dest: "/etc/matrix-synapse/conf.d/shared_secrets.yaml"
mode: "0640"
owner: "matrix-synapse"
group: "root"
notify: restart synapse
when: not p.stat.exists
- name: Template out backup module
template:
src: "backup.sh"
dest: "/opt/backups/modules/{{ matrix.url }}.sh"
mode: "0600"
become: yes