diff --git a/group_vars/all.yml b/group_vars/all.yml index b0e487d..00bbc53 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -152,18 +152,13 @@ matrix_port: "45132" matrix_domain: "matrix.zailon.ru" matrix_server_name: "{{ matrix_domain }}" matrix_registration_enabled: false -matrix_report_stats: false -matrix_admin_user: "@admin:{{ matrix_domain }}" -vault_matrix_postgres_password: "13qeadZC" -vault_matrix_synapse_secret: "f9e5c2071a178dd8260c7a07b8e133417ff0d7c5d5ca12efdb215d56e19f05f4" -vault_matrix_macaroon_secret: "11e917490abf2306026ee6e3f49137ca911bd166dc0b8f4bccd62602bf9e6966" -vault_matrix_form_secret: "f61c53b083b51e14d2875940971b9e2d5f9ea4c69944cecf458075bf055eca45" -vault_matrix_admin_password: "13qeadZC" -matrix_postgres_password: "{{ vault_matrix_postgres_password }}" +matrix_report_stats: "no" +matrix_postgres_user: "synapse" +matrix_postgres_password: "13qeadZC" +matrix_postgres_db: "synapse" matrix_synapse_secret: "{{ vault_matrix_synapse_secret }}" matrix_macaroon_secret: "{{ vault_matrix_macaroon_secret }}" matrix_form_secret: "{{ vault_matrix_form_secret }}" - # ------------192.168.1.208 manage------------ # MeshCentral diff --git a/roles/matrix/tasks/main.yml b/roles/matrix/tasks/main.yml index 96b3fc7..d7df676 100644 --- a/roles/matrix/tasks/main.yml +++ b/roles/matrix/tasks/main.yml @@ -4,8 +4,6 @@ path: "{{ item }}" state: directory mode: 0755 - owner: "991" - group: "991" loop: - "{{ matrix_base_dir }}" - "{{ matrix_data_dir }}" @@ -13,38 +11,67 @@ - "{{ matrix_media_dir }}" - "{{ matrix_postgres_dir }}" -- name: Generate Synapse configuration +- name: Generate Synapse configuration file command: > docker run --rm -v {{ matrix_config_dir }}:/data + -e SYNAPSE_SERVER_NAME={{ matrix_server_name }} + -e SYNAPSE_REPORT_STATS={{ matrix_report_stats }} matrixdotorg/synapse:latest - python -m synapse.app.homeserver - --server-name {{ matrix_server_name }} - --config-path /data/homeserver.yaml - --generate-config - --report-stats={{ "yes" if matrix_report_stats else "no" }} + generate args: creates: "{{ matrix_config_dir }}/homeserver.yaml" -- name: Copy custom configuration files - template: - src: "{{ item }}" - dest: "{{ matrix_config_dir }}/" - mode: 0644 - loop: - - "homeserver.yaml" - - "log.config" +- name: Update homeserver.yaml with PostgreSQL configuration + blockinfile: + path: "{{ matrix_config_dir }}/homeserver.yaml" + marker: "# {mark} ANSIBLE MANAGED POSTGRES CONFIG" + block: | + database: + name: psycopg2 + args: + user: {{ matrix_postgres_user }} + password: {{ matrix_postgres_password }} + database: {{ matrix_postgres_db }} + host: matrix-postgres + cp_min: 5 + cp_max: 10 + sslmode: disable + +- name: Update homeserver.yaml with media storage settings + blockinfile: + path: "{{ matrix_config_dir }}/homeserver.yaml" + marker: "# {mark} ANSIBLE MANAGED MEDIA CONFIG" + block: | + media_store_path: /data/media_store + uploads_path: /data/uploads + max_upload_size: "50M" + url_preview_enabled: true + +- name: Update homeserver.yaml with registration settings + blockinfile: + path: "{{ matrix_config_dir }}/homeserver.yaml" + marker: "# {mark} ANSIBLE MANAGED REGISTRATION CONFIG" + block: | + enable_registration: {{ matrix_registration_enabled | bool | lower }} + registration_shared_secret: "{{ matrix_synapse_secret }}" + +- name: Update homeserver.yaml with additional settings + blockinfile: + path: "{{ matrix_config_dir }}/homeserver.yaml" + marker: "# {mark} ANSIBLE MANAGED ADDITIONAL CONFIG" + block: | + macaroon_secret_key: "{{ matrix_macaroon_secret }}" + form_secret: "{{ matrix_form_secret }}" + trusted_key_servers: + - server_name: "matrix.org" - name: Set proper permissions on config files file: - path: "{{ matrix_config_dir }}/{{ item }}" + path: "{{ matrix_config_dir }}/homeserver.yaml" owner: "991" group: "991" mode: "0644" - loop: - - "homeserver.yaml" - - "log.config" - - "homeserver.yaml.generated" # если файл существует - name: Deploy Matrix docker-compose.yml template: @@ -59,14 +86,14 @@ args: executable: /bin/bash -- name: Wait for database to be ready +- name: Wait for PostgreSQL to be ready wait_for: host: localhost - port: "{{ matrix_port }}" + port: 5432 timeout: 60 delegate_to: localhost -- name: Wait for services to start +- name: Wait for Synapse to start pause: seconds: 30 @@ -81,23 +108,20 @@ debug: var: matrix_status.stdout -- name: Register admin user (if specified) +- name: Register admin user (if enabled) shell: | cd {{ matrix_base_dir }} docker exec matrix-synapse register_new_matrix_user http://localhost:8008 -c /data/homeserver.yaml -u admin -p {{ vault_matrix_admin_password }} --admin - when: matrix_admin_user != "" and matrix_registration_enabled + when: matrix_registration_enabled ignore_errors: true become: no -- name: Show connection info +- name: Show deployment info debug: msg: | - Matrix Synapse deployed! - Server: {{ matrix_server_name }} - Client port: {{ matrix_port }} - Admin: {{ matrix_admin_user }} + Matrix Synapse успешно развернут! - Next steps: - 1. Configure reverse proxy in NPM - 2. Open ports in firewall if needed - 3. Configure SSL certificates \ No newline at end of file + Сервер: {{ matrix_server_name }} + Порт: {{ matrix_port }} + PostgreSQL: matrix-postgres:5432 + \ No newline at end of file diff --git a/roles/matrix/templates/docker-compose.yml.j2 b/roles/matrix/templates/docker-compose.yml.j2 index 7c3e44c..fa2f86d 100644 --- a/roles/matrix/templates/docker-compose.yml.j2 +++ b/roles/matrix/templates/docker-compose.yml.j2 @@ -4,37 +4,44 @@ services: matrix-postgres: image: postgres:13 container_name: matrix-postgres + restart: unless-stopped environment: - POSTGRES_DB: synapse - POSTGRES_USER: synapse + POSTGRES_USER: {{ matrix_postgres_user }} POSTGRES_PASSWORD: {{ matrix_postgres_password }} + POSTGRES_DB: {{ matrix_postgres_db }} POSTGRES_INITDB_ARGS: "--encoding=UTF8 --lc-collate=C --lc-ctype=C" volumes: - {{ matrix_postgres_dir }}:/var/lib/postgresql/data - restart: always healthcheck: - test: ["CMD-SHELL", "pg_isready -U synapse"] - interval: 5s + test: ["CMD-SHELL", "pg_isready -U {{ matrix_postgres_user }}"] + interval: 10s timeout: 5s retries: 5 + networks: + - matrix-network matrix-synapse: image: matrixdotorg/synapse:latest container_name: matrix-synapse + restart: unless-stopped ports: - "{{ matrix_port }}:8008" volumes: - - {{ matrix_data_dir }}:/data - {{ matrix_config_dir }}:/data - {{ matrix_media_dir }}:/data/media environment: - SYNAPSE_CONFIG_PATH: /data/homeserver.yaml + - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml depends_on: matrix-postgres: condition: service_healthy - restart: always healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8008/health"] interval: 15s timeout: 5s - retries: 3 \ No newline at end of file + retries: 3 + networks: + - matrix-network + +networks: + matrix-network: + driver: bridge \ No newline at end of file diff --git a/vault.yml b/vault.yml index 217ae81..3b01866 100644 --- a/vault.yml +++ b/vault.yml @@ -1,5 +1,5 @@ -vault_matrix_postgres_password: "your_secure_postgres_password_here" +vault_matrix_postgres_password: "13qeadZC" vault_matrix_synapse_secret: "f9e5c2071a178dd8260c7a07b8e133417ff0d7c5d5ca12efdb215d56e19f05f4" vault_matrix_macaroon_secret: "11e917490abf2306026ee6e3f49137ca911bd166dc0b8f4bccd62602bf9e6966" vault_matrix_form_secret: "f61c53b083b51e14d2875940971b9e2d5f9ea4c69944cecf458075bf055eca45" -vault_matrix_admin_password: "your_admin_password_here" \ No newline at end of file +vault_matrix_admin_password: "13qeadZC" \ No newline at end of file