Update 4 files

- /group_vars/all.yml
- /roles/matrix/tasks/main.yml
- /roles/matrix/templates/docker-compose.yml.j2
- /vault.yml

group_vars/all.yml

@@ -152,18 +152,13 @@ matrix_port: "45132"
 matrix_domain: "matrix.zailon.ru"
 matrix_server_name: "{{ matrix_domain }}"
 matrix_registration_enabled: false
-matrix_report_stats: false
+matrix_report_stats: "no"
-matrix_admin_user: "@admin:{{ matrix_domain }}"
+matrix_postgres_user: "synapse"
-vault_matrix_postgres_password: "13qeadZC"
+matrix_postgres_password: "13qeadZC"
-vault_matrix_synapse_secret: "f9e5c2071a178dd8260c7a07b8e133417ff0d7c5d5ca12efdb215d56e19f05f4"
+matrix_postgres_db: "synapse"
-vault_matrix_macaroon_secret: "11e917490abf2306026ee6e3f49137ca911bd166dc0b8f4bccd62602bf9e6966"
-vault_matrix_form_secret: "f61c53b083b51e14d2875940971b9e2d5f9ea4c69944cecf458075bf055eca45"
-vault_matrix_admin_password: "13qeadZC"
-matrix_postgres_password: "{{ vault_matrix_postgres_password }}"
 matrix_synapse_secret: "{{ vault_matrix_synapse_secret }}"
 matrix_macaroon_secret: "{{ vault_matrix_macaroon_secret }}"
 matrix_form_secret: "{{ vault_matrix_form_secret }}"
-
 # ------------192.168.1.208 manage------------
 
 # MeshCentral

roles/matrix/tasks/main.yml

@@ -4,8 +4,6 @@
     path: "{{ item }}"
     state: directory
     mode: 0755
-    owner: "991"
-    group: "991"
   loop:
     - "{{ matrix_base_dir }}"
     - "{{ matrix_data_dir }}"
@@ -13,38 +11,67 @@
     - "{{ matrix_media_dir }}"
     - "{{ matrix_postgres_dir }}"
 
-- name: Generate Synapse configuration
+- name: Generate Synapse configuration file
   command: >
     docker run --rm
     -v {{ matrix_config_dir }}:/data
+    -e SYNAPSE_SERVER_NAME={{ matrix_server_name }}
+    -e SYNAPSE_REPORT_STATS={{ matrix_report_stats }}
     matrixdotorg/synapse:latest
-    python -m synapse.app.homeserver
+    generate
-    --server-name {{ matrix_server_name }}
-    --config-path /data/homeserver.yaml
-    --generate-config
-    --report-stats={{ "yes" if matrix_report_stats else "no" }}
   args:
     creates: "{{ matrix_config_dir }}/homeserver.yaml"
 
-- name: Copy custom configuration files
+- name: Update homeserver.yaml with PostgreSQL configuration
-  template:
+  blockinfile:
-    src: "{{ item }}"
+    path: "{{ matrix_config_dir }}/homeserver.yaml"
-    dest: "{{ matrix_config_dir }}/"
+    marker: "# {mark} ANSIBLE MANAGED POSTGRES CONFIG"
-    mode: 0644
+    block: |
-  loop:
+      database:
-    - "homeserver.yaml"
+        name: psycopg2
-    - "log.config"
+        args:
+          user: {{ matrix_postgres_user }}
+          password: {{ matrix_postgres_password }}
+          database: {{ matrix_postgres_db }}
+          host: matrix-postgres
+          cp_min: 5
+          cp_max: 10
+          sslmode: disable
+
+- name: Update homeserver.yaml with media storage settings
+  blockinfile:
+    path: "{{ matrix_config_dir }}/homeserver.yaml"
+    marker: "# {mark} ANSIBLE MANAGED MEDIA CONFIG"
+    block: |
+      media_store_path: /data/media_store
+      uploads_path: /data/uploads
+      max_upload_size: "50M"
+      url_preview_enabled: true
+
+- name: Update homeserver.yaml with registration settings
+  blockinfile:
+    path: "{{ matrix_config_dir }}/homeserver.yaml"
+    marker: "# {mark} ANSIBLE MANAGED REGISTRATION CONFIG"
+    block: |
+      enable_registration: {{ matrix_registration_enabled | bool | lower }}
+      registration_shared_secret: "{{ matrix_synapse_secret }}"
+
+- name: Update homeserver.yaml with additional settings
+  blockinfile:
+    path: "{{ matrix_config_dir }}/homeserver.yaml"
+    marker: "# {mark} ANSIBLE MANAGED ADDITIONAL CONFIG"
+    block: |
+      macaroon_secret_key: "{{ matrix_macaroon_secret }}"
+      form_secret: "{{ matrix_form_secret }}"
+      trusted_key_servers:
+        - server_name: "matrix.org"
 
 - name: Set proper permissions on config files
   file:
-    path: "{{ matrix_config_dir }}/{{ item }}"
+    path: "{{ matrix_config_dir }}/homeserver.yaml"
     owner: "991"
     group: "991"
     mode: "0644"
-  loop:
-    - "homeserver.yaml"
-    - "log.config"
-    - "homeserver.yaml.generated"  # если файл существует
 
 - name: Deploy Matrix docker-compose.yml
   template:
@@ -59,14 +86,14 @@
   args:
     executable: /bin/bash
 
-- name: Wait for database to be ready
+- name: Wait for PostgreSQL to be ready
   wait_for:
     host: localhost
-    port: "{{ matrix_port }}"
+    port: 5432
     timeout: 60
   delegate_to: localhost
 
-- name: Wait for services to start
+- name: Wait for Synapse to start
   pause:
     seconds: 30
 
@@ -81,23 +108,20 @@
   debug:
     var: matrix_status.stdout
 
-- name: Register admin user (if specified)
+- name: Register admin user (if enabled)
   shell: |
     cd {{ matrix_base_dir }}
     docker exec matrix-synapse register_new_matrix_user http://localhost:8008 -c /data/homeserver.yaml -u admin -p {{ vault_matrix_admin_password }} --admin
-  when: matrix_admin_user != "" and matrix_registration_enabled
+  when: matrix_registration_enabled
   ignore_errors: true
   become: no
 
-- name: Show connection info
+- name: Show deployment info
   debug:
     msg: |
-      Matrix Synapse deployed!
+      Matrix Synapse успешно развернут!
-      Server: {{ matrix_server_name }}
-      Client port: {{ matrix_port }}
-      Admin: {{ matrix_admin_user }}
       
-      Next steps:
+      Сервер: {{ matrix_server_name }}
-      1. Configure reverse proxy in NPM
+      Порт: {{ matrix_port }}
-      2. Open ports in firewall if needed
+      PostgreSQL: matrix-postgres:5432
-      3. Configure SSL certificates
+      

roles/matrix/templates/docker-compose.yml.j2

@@ -4,37 +4,44 @@ services:
   matrix-postgres:
     image: postgres:13
     container_name: matrix-postgres
+    restart: unless-stopped
     environment:
-      POSTGRES_DB: synapse
+      POSTGRES_USER: {{ matrix_postgres_user }}
-      POSTGRES_USER: synapse
       POSTGRES_PASSWORD: {{ matrix_postgres_password }}
+      POSTGRES_DB: {{ matrix_postgres_db }}
       POSTGRES_INITDB_ARGS: "--encoding=UTF8 --lc-collate=C --lc-ctype=C"
     volumes:
       - {{ matrix_postgres_dir }}:/var/lib/postgresql/data
-    restart: always
     healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U synapse"]
+      test: ["CMD-SHELL", "pg_isready -U {{ matrix_postgres_user }}"]
-      interval: 5s
+      interval: 10s
       timeout: 5s
       retries: 5
+    networks:
+      - matrix-network
 
   matrix-synapse:
     image: matrixdotorg/synapse:latest
     container_name: matrix-synapse
+    restart: unless-stopped
     ports:
       - "{{ matrix_port }}:8008"
     volumes:
-      - {{ matrix_data_dir }}:/data
       - {{ matrix_config_dir }}:/data
       - {{ matrix_media_dir }}:/data/media
     environment:
-      SYNAPSE_CONFIG_PATH: /data/homeserver.yaml
+      - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
     depends_on:
       matrix-postgres:
         condition: service_healthy
-    restart: always
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:8008/health"]
       interval: 15s
       timeout: 5s
-      retries: 3
+      retries: 3
+    networks:
+      - matrix-network
+
+networks:
+  matrix-network:
+    driver: bridge

vault.yml

@@ -1,5 +1,5 @@
-vault_matrix_postgres_password: "your_secure_postgres_password_here"
+vault_matrix_postgres_password: "13qeadZC"
 vault_matrix_synapse_secret: "f9e5c2071a178dd8260c7a07b8e133417ff0d7c5d5ca12efdb215d56e19f05f4"
 vault_matrix_macaroon_secret: "11e917490abf2306026ee6e3f49137ca911bd166dc0b8f4bccd62602bf9e6966"
 vault_matrix_form_secret: "f61c53b083b51e14d2875940971b9e2d5f9ea4c69944cecf458075bf055eca45"
-vault_matrix_admin_password: "your_admin_password_here"
+vault_matrix_admin_password: "13qeadZC"