118 lines
3.8 KiB
YAML
118 lines
3.8 KiB
YAML
#!/usr/bin/ansible-playbook
|
|
# vim:ft=ansible:
|
|
---
|
|
- name: Set up Matrix
|
|
block:
|
|
- name: Set up repos
|
|
block:
|
|
- name: Add repo keys
|
|
apt_key:
|
|
url: "{{ item }}"
|
|
loop:
|
|
- "https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg"
|
|
- name: Add repos
|
|
apt_repository:
|
|
repo: "{{ item }}"
|
|
loop:
|
|
- "deb https://packages.matrix.org/debian/ bionic main"
|
|
- name: Install packages
|
|
apt:
|
|
name:
|
|
- matrix-synapse-py3
|
|
- python3-psycopg2
|
|
- name: Set up PostgreSQL
|
|
block:
|
|
- name: Create DB user
|
|
postgresql_user:
|
|
name: matrix
|
|
password: "{{ matrix_db_password }}"
|
|
login_host: "{{ matrix_db_hostname }}"
|
|
login_user: "{{ psql.ansible.user }}"
|
|
login_password: "{{ psql.ansible.pass }}"
|
|
- name: Create DB
|
|
postgresql_db:
|
|
name: matrix
|
|
owner: matrix
|
|
lc_collate: C
|
|
lc_ctype: C
|
|
login_host: "{{ matrix_db_hostname }}"
|
|
login_user: "{{ psql.ansible.user }}"
|
|
login_password: "{{ psql.ansible.pass }}"
|
|
when: matrix_db_hostname is defined
|
|
- name: Set up Apache
|
|
block:
|
|
- name: Template out config
|
|
template:
|
|
src: "apache2-matrix.conf"
|
|
dest: "/etc/apache2/conf-available/matrix.conf"
|
|
notify: restart apache
|
|
- name: Enable configs
|
|
command:
|
|
cmd: a2enconf "{{ item }}"
|
|
creates: "/etc/apache2/conf-enabled/{{ item }}.conf"
|
|
loop:
|
|
- matrix
|
|
notify: restart apache
|
|
- name: Enable modules
|
|
command:
|
|
cmd: a2enmod "{{ item }}"
|
|
creates: "/etc/apache2/mods-enabled/{{ item }}.load"
|
|
loop:
|
|
- proxy
|
|
- proxy_http
|
|
notify: restart apache
|
|
- name: Template out vhost
|
|
template:
|
|
src: "apache2-vhost-ssl.conf"
|
|
dest: "/etc/apache2/sites-available/{{ matrix_url }}.conf"
|
|
notify: restart apache
|
|
- name: Create webroot
|
|
file:
|
|
state: directory
|
|
path: "{{ matrix_webroot }}"
|
|
- name: Enable site
|
|
command:
|
|
cmd: "a2ensite {{ matrix_url }}.conf"
|
|
creates: "/etc/apache2/sites-enabled/{{ matrix_url }}.conf"
|
|
notify: restart apache
|
|
- name: Generate certificate
|
|
include_role:
|
|
name: https
|
|
vars:
|
|
website_url: "{{ matrix_url }}"
|
|
- name: Configure Synapse
|
|
template:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
mode: "{{ item.mode }}"
|
|
loop:
|
|
- { src: "homeserver.yaml", dest: "/etc/matrix-synapse/homeserver.yaml", mode: "0644" }
|
|
- { src: "server_name.yaml", dest: "/etc/matrix-synapse/conf.d/server_name.yaml", mode: "0644" }
|
|
notify: restart synapse
|
|
- name: Check for secrets
|
|
stat: path="/etc/matrix-synapse/conf.d/shared_secrets.yaml"
|
|
register: p
|
|
- name: Generate secrets
|
|
block:
|
|
- name: Generate registration_shared_secret
|
|
command: pwgen 32 1
|
|
register: matrix_reg_secret
|
|
- name: Generate turn_shared_secret
|
|
command: pwgen 32 1
|
|
register: matrix_turn_secret
|
|
- name: Template out shared_secrets.yaml
|
|
template:
|
|
src: "shared_secrets.yaml"
|
|
dest: "/etc/matrix-synapse/conf.d/shared_secrets.yaml"
|
|
mode: "0640"
|
|
owner: "matrix-synapse"
|
|
group: "root"
|
|
notify: restart synapse
|
|
when: not p.stat.exists
|
|
- name: Template out backup module
|
|
template:
|
|
src: "backup.sh"
|
|
dest: "/opt/backups/modules/{{ matrix_url }}.sh"
|
|
mode: "0600"
|
|
become: yes
|