Update 3 files

- /roles/matrix/files/homeserver.yaml - /roles/matrix/tasks/main.yml - /roles/matrix/templates/docker-compose.yml.j2
2025-10-23 12:42:44 +00:00 · 2025-10-23 12:42:44 +00:00 · 0b07f96e8e
commit 0b07f96e8e
parent 1b4cb67ed6
3 changed files with 61 additions and 112 deletions
--- a/roles/matrix/files/homeserver.yaml
+++ b/roles/matrix/files/homeserver.yaml
@ -1,57 +0,0 @@
 server_name: "{{ matrix_server_name }}"
 pid_file: /data/homeserver.pid
 public_baseurl: "https://{{ matrix_domain }}/"
 listeners:
  - port: 8008
    tls: false
    type: http
    x_forwarded: true
    resources:
      - names: [client, federation]
        compress: false
 database:
  name: psycopg2
  args:
    user: synapse
    password: "{{ matrix_postgres_password }}"
    database: synapse
    host: matrix-postgres
    cp_min: 5
    cp_max: 10
 log_config: "/data/log.config"
 media_store_path: /data/media_store
 uploads_path: /data/uploads
 enable_registration: {{ matrix_registration_enabled | bool | lower }}
 enable_registration_without_verification: false
 registration_shared_secret: "{{ matrix_synapse_secret }}"
 macaroon_secret_key: "{{ matrix_macaroon_secret }}"
 form_secret: "{{ matrix_form_secret }}"
 report_stats: {{ matrix_report_stats | bool | lower }}
 retention:
  enabled: true
  default_policy:
    min_lifetime: 1d
    max_lifetime: 30d
 url_preview_enabled: true
 url_preview_ip_range_blacklist:
  - '127.0.0.0/8'
  - '10.0.0.0/8'
  - '172.16.0.0/12'
  - '192.168.0.0/16'
  - '100.64.0.0/10'
  - '169.254.0.0/16'
  - '::1/128'
  - 'fe80::/64'
  - 'fc00::/7'
 max_upload_size: "50M"
 # Federation
 federation_domain_whitelist: ~
 allow_public_rooms_over_federation: true
--- a/roles/matrix/tasks/main.yml
+++ b/roles/matrix/tasks/main.yml
@ -31,7 +31,7 @@
        name: psycopg2
        args:
          user: {{ matrix_postgres_user }}
-          password: {{ matrix_postgres_password }}
+          password: "{{ vault_matrix_postgres_password }}"
          database: {{ matrix_postgres_db }}
          host: matrix-postgres
          cp_min: 5
@ -54,15 +54,15 @@
    marker: "# {mark} ANSIBLE MANAGED REGISTRATION CONFIG"
    block: |
      enable_registration: {{ matrix_registration_enabled | bool | lower }}
-      registration_shared_secret: "{{ matrix_synapse_secret }}"
+      registration_shared_secret: "{{ vault_matrix_synapse_secret }}"
 - name: Update homeserver.yaml with additional settings
  blockinfile:
    path: "{{ matrix_config_dir }}/homeserver.yaml"
    marker: "# {mark} ANSIBLE MANAGED ADDITIONAL CONFIG"
    block: |
-      macaroon_secret_key: "{{ matrix_macaroon_secret }}"
+      macaroon_secret_key: "{{ vault_matrix_macaroon_secret }}"
-      form_secret: "{{ matrix_form_secret }}"
+      form_secret: "{{ vault_matrix_form_secret }}"
      trusted_key_servers:
        - server_name: "matrix.org"
@ -73,6 +73,12 @@
    group: "991"
    mode: "0644"
 - name: Copy log.config to config directory
  copy:
    src: log.config
    dest: "{{ matrix_config_dir }}/log.config"
    mode: 0644
 - name: Deploy Matrix docker-compose.yml
  template:
    src: "docker-compose.yml.j2"
@ -111,7 +117,7 @@
 - name: Register admin user (if enabled)
  shell: |
    cd {{ matrix_base_dir }}
-    docker exec matrix-synapse register_new_matrix_user http://localhost:8008 -c /data/homeserver.yaml -u admin -p {{ vault_matrix_admin_password }} --admin
+    docker exec matrix-synapse register_new_matrix_user http://localhost:8008 -c /data/homeserver.yaml -u admin -p "{{ vault_matrix_admin_password }}" --admin
  when: matrix_registration_enabled
  ignore_errors: true
  become: no
@ -120,8 +126,6 @@
  debug:
    msg: |
      Matrix Synapse успешно развернут!
      Сервер: {{ matrix_server_name }}
      Порт: {{ matrix_port }}
-      PostgreSQL: matrix-postgres:5432
+      PostgreSQL: matrix-postgres:5432
--- a/roles/matrix/templates/docker-compose.yml.j2
+++ b/roles/matrix/templates/docker-compose.yml.j2
@ -1,47 +1,49 @@
-version: '3.8'
+server_name: "{{ matrix_server_name }}"
-
+pid_file: /data/homeserver.pid
-services:
+public_baseurl: "https://{{ matrix_domain }}/"
-  matrix-postgres:
+listeners:
-    image: postgres:13
+  - port: 8008
-    container_name: matrix-postgres
+    tls: false
-    restart: unless-stopped
+    type: http
-    environment:
+    x_forwarded: true
-      POSTGRES_USER: {{ matrix_postgres_user }}
+    resources:
-      POSTGRES_PASSWORD: {{ matrix_postgres_password }}
+      - names: [client, federation]
-      POSTGRES_DB: {{ matrix_postgres_db }}
+        compress: false
-      POSTGRES_INITDB_ARGS: "--encoding=UTF8 --lc-collate=C --lc-ctype=C"
+database:
-    volumes:
+  name: psycopg2
-      - {{ matrix_postgres_dir }}:/var/lib/postgresql/data
+  args:
-    healthcheck:
+    user: synapse
-      test: ["CMD-SHELL", "pg_isready -U {{ matrix_postgres_user }}"]
+    password: "{{ vault_matrix_postgres_password }}"
-      interval: 10s
+    database: synapse
-      timeout: 5s
+    host: matrix-postgres
-      retries: 5
+    cp_min: 5
-    networks:
+    cp_max: 10
-      - matrix-network
+log_config: "/data/log.config"
-
+media_store_path: /data/media_store
-  matrix-synapse:
+uploads_path: /data/uploads
-    image: matrixdotorg/synapse:latest
+enable_registration: {{ matrix_registration_enabled | bool | lower }}
-    container_name: matrix-synapse
+enable_registration_without_verification: false
-    restart: unless-stopped
+registration_shared_secret: "{{ vault_matrix_synapse_secret }}"
-    ports:
+macaroon_secret_key: "{{ vault_matrix_macaroon_secret }}"
-      - "{{ matrix_port }}:8008"
+form_secret: "{{ vault_matrix_form_secret }}"
-    volumes:
+report_stats: {{ matrix_report_stats | bool | lower }}
-      - {{ matrix_config_dir }}:/data
+retention:
-      - {{ matrix_media_dir }}:/data/media
+  enabled: true
-    environment:
+  default_policy:
-      - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
+    min_lifetime: 1d
-    depends_on:
+    max_lifetime: 30d
-      matrix-postgres:
+url_preview_enabled: true
-        condition: service_healthy
+url_preview_ip_range_blacklist:
-    healthcheck:
+  - '127.0.0.0/8'
-      test: ["CMD", "curl", "-f", "http://localhost:8008/health"]
+  - '10.0.0.0/8'
-      interval: 15s
+  - '172.16.0.0/12'
-      timeout: 5s
+  - '192.168.0.0/16'
-      retries: 3
+  - '100.64.0.0/10'
-    networks:
+  - '169.254.0.0/16'
-      - matrix-network
+  - '::1/128'
-
+  - 'fe80::/64'
-networks:
+  - 'fc00::/7'
-  matrix-network:
+max_upload_size: "50M"
-    driver: bridge
+# Federation
 federation_domain_whitelist: ~
 allow_public_rooms_over_federation: true