From 0b07f96e8e9ec5cfe0280a6c8db3273995daaa2b Mon Sep 17 00:00:00 2001 From: Administrator Date: Thu, 23 Oct 2025 12:42:44 +0000 Subject: [PATCH] Update 3 files - /roles/matrix/files/homeserver.yaml - /roles/matrix/tasks/main.yml - /roles/matrix/templates/docker-compose.yml.j2 --- roles/matrix/files/homeserver.yaml | 57 ------------ roles/matrix/tasks/main.yml | 20 ++-- roles/matrix/templates/docker-compose.yml.j2 | 96 ++++++++++---------- 3 files changed, 61 insertions(+), 112 deletions(-) delete mode 100644 roles/matrix/files/homeserver.yaml diff --git a/roles/matrix/files/homeserver.yaml b/roles/matrix/files/homeserver.yaml deleted file mode 100644 index 65b543f..0000000 --- a/roles/matrix/files/homeserver.yaml +++ /dev/null @@ -1,57 +0,0 @@ -server_name: "{{ matrix_server_name }}" -pid_file: /data/homeserver.pid -public_baseurl: "https://{{ matrix_domain }}/" - -listeners: - - port: 8008 - tls: false - type: http - x_forwarded: true - resources: - - names: [client, federation] - compress: false - -database: - name: psycopg2 - args: - user: synapse - password: "{{ matrix_postgres_password }}" - database: synapse - host: matrix-postgres - cp_min: 5 - cp_max: 10 - -log_config: "/data/log.config" -media_store_path: /data/media_store -uploads_path: /data/uploads -enable_registration: {{ matrix_registration_enabled | bool | lower }} -enable_registration_without_verification: false -registration_shared_secret: "{{ matrix_synapse_secret }}" -macaroon_secret_key: "{{ matrix_macaroon_secret }}" -form_secret: "{{ matrix_form_secret }}" - -report_stats: {{ matrix_report_stats | bool | lower }} - -retention: - enabled: true - default_policy: - min_lifetime: 1d - max_lifetime: 30d - -url_preview_enabled: true -url_preview_ip_range_blacklist: - - '127.0.0.0/8' - - '10.0.0.0/8' - - '172.16.0.0/12' - - '192.168.0.0/16' - - '100.64.0.0/10' - - '169.254.0.0/16' - - '::1/128' - - 'fe80::/64' - - 'fc00::/7' - -max_upload_size: "50M" - -# Federation -federation_domain_whitelist: ~ -allow_public_rooms_over_federation: true \ No newline at end of file diff --git a/roles/matrix/tasks/main.yml b/roles/matrix/tasks/main.yml index d7df676..9720f0a 100644 --- a/roles/matrix/tasks/main.yml +++ b/roles/matrix/tasks/main.yml @@ -31,7 +31,7 @@ name: psycopg2 args: user: {{ matrix_postgres_user }} - password: {{ matrix_postgres_password }} + password: "{{ vault_matrix_postgres_password }}" database: {{ matrix_postgres_db }} host: matrix-postgres cp_min: 5 @@ -54,15 +54,15 @@ marker: "# {mark} ANSIBLE MANAGED REGISTRATION CONFIG" block: | enable_registration: {{ matrix_registration_enabled | bool | lower }} - registration_shared_secret: "{{ matrix_synapse_secret }}" + registration_shared_secret: "{{ vault_matrix_synapse_secret }}" - name: Update homeserver.yaml with additional settings blockinfile: path: "{{ matrix_config_dir }}/homeserver.yaml" marker: "# {mark} ANSIBLE MANAGED ADDITIONAL CONFIG" block: | - macaroon_secret_key: "{{ matrix_macaroon_secret }}" - form_secret: "{{ matrix_form_secret }}" + macaroon_secret_key: "{{ vault_matrix_macaroon_secret }}" + form_secret: "{{ vault_matrix_form_secret }}" trusted_key_servers: - server_name: "matrix.org" @@ -73,6 +73,12 @@ group: "991" mode: "0644" +- name: Copy log.config to config directory + copy: + src: log.config + dest: "{{ matrix_config_dir }}/log.config" + mode: 0644 + - name: Deploy Matrix docker-compose.yml template: src: "docker-compose.yml.j2" @@ -111,7 +117,7 @@ - name: Register admin user (if enabled) shell: | cd {{ matrix_base_dir }} - docker exec matrix-synapse register_new_matrix_user http://localhost:8008 -c /data/homeserver.yaml -u admin -p {{ vault_matrix_admin_password }} --admin + docker exec matrix-synapse register_new_matrix_user http://localhost:8008 -c /data/homeserver.yaml -u admin -p "{{ vault_matrix_admin_password }}" --admin when: matrix_registration_enabled ignore_errors: true become: no @@ -120,8 +126,6 @@ debug: msg: | Matrix Synapse успешно развернут! - Сервер: {{ matrix_server_name }} Порт: {{ matrix_port }} - PostgreSQL: matrix-postgres:5432 - \ No newline at end of file + PostgreSQL: matrix-postgres:5432 \ No newline at end of file diff --git a/roles/matrix/templates/docker-compose.yml.j2 b/roles/matrix/templates/docker-compose.yml.j2 index fa2f86d..09140bc 100644 --- a/roles/matrix/templates/docker-compose.yml.j2 +++ b/roles/matrix/templates/docker-compose.yml.j2 @@ -1,47 +1,49 @@ -version: '3.8' - -services: - matrix-postgres: - image: postgres:13 - container_name: matrix-postgres - restart: unless-stopped - environment: - POSTGRES_USER: {{ matrix_postgres_user }} - POSTGRES_PASSWORD: {{ matrix_postgres_password }} - POSTGRES_DB: {{ matrix_postgres_db }} - POSTGRES_INITDB_ARGS: "--encoding=UTF8 --lc-collate=C --lc-ctype=C" - volumes: - - {{ matrix_postgres_dir }}:/var/lib/postgresql/data - healthcheck: - test: ["CMD-SHELL", "pg_isready -U {{ matrix_postgres_user }}"] - interval: 10s - timeout: 5s - retries: 5 - networks: - - matrix-network - - matrix-synapse: - image: matrixdotorg/synapse:latest - container_name: matrix-synapse - restart: unless-stopped - ports: - - "{{ matrix_port }}:8008" - volumes: - - {{ matrix_config_dir }}:/data - - {{ matrix_media_dir }}:/data/media - environment: - - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml - depends_on: - matrix-postgres: - condition: service_healthy - healthcheck: - test: ["CMD", "curl", "-f", "http://localhost:8008/health"] - interval: 15s - timeout: 5s - retries: 3 - networks: - - matrix-network - -networks: - matrix-network: - driver: bridge \ No newline at end of file +server_name: "{{ matrix_server_name }}" +pid_file: /data/homeserver.pid +public_baseurl: "https://{{ matrix_domain }}/" +listeners: + - port: 8008 + tls: false + type: http + x_forwarded: true + resources: + - names: [client, federation] + compress: false +database: + name: psycopg2 + args: + user: synapse + password: "{{ vault_matrix_postgres_password }}" + database: synapse + host: matrix-postgres + cp_min: 5 + cp_max: 10 +log_config: "/data/log.config" +media_store_path: /data/media_store +uploads_path: /data/uploads +enable_registration: {{ matrix_registration_enabled | bool | lower }} +enable_registration_without_verification: false +registration_shared_secret: "{{ vault_matrix_synapse_secret }}" +macaroon_secret_key: "{{ vault_matrix_macaroon_secret }}" +form_secret: "{{ vault_matrix_form_secret }}" +report_stats: {{ matrix_report_stats | bool | lower }} +retention: + enabled: true + default_policy: + min_lifetime: 1d + max_lifetime: 30d +url_preview_enabled: true +url_preview_ip_range_blacklist: + - '127.0.0.0/8' + - '10.0.0.0/8' + - '172.16.0.0/12' + - '192.168.0.0/16' + - '100.64.0.0/10' + - '169.254.0.0/16' + - '::1/128' + - 'fe80::/64' + - 'fc00::/7' +max_upload_size: "50M" +# Federation +federation_domain_whitelist: ~ +allow_public_rooms_over_federation: true \ No newline at end of file