Update 4 files

- /roles/matrix/files/homeserver.yaml
- /roles/matrix/templates/homeserver.yaml.j2
- /roles/matrix/templates/docker-compose.yml.j2
- /roles/matrix/tasks/main.yml

roles/matrix/tasks/main.yml

@@ -1,9 +1,11 @@
 ---
-- name: Create Matrix directories
+- name: Ensure Matrix directories exist
-  file:
+  ansible.builtin.file:
     path: "{{ item }}"
     state: directory
-    mode: 0755
+    owner: root
+    group: root
+    mode: '0755'
   loop:
     - "{{ matrix_base_dir }}"
     - "{{ matrix_data_dir }}"
@@ -11,114 +13,44 @@
     - "{{ matrix_media_dir }}"
     - "{{ matrix_postgres_dir }}"
 
-- name: Generate Synapse configuration file
+- name: Copy log.config (static file)
-  command: >
+  ansible.builtin.copy:
-    docker run --rm
-    -v {{ matrix_config_dir }}:/data
-    -e SYNAPSE_SERVER_NAME={{ matrix_server_name }}
-    -e SYNAPSE_REPORT_STATS={{ matrix_report_stats }}
-    matrixdotorg/synapse:latest
-    generate
-  args:
-    creates: "{{ matrix_config_dir }}/homeserver.yaml"
-
-- name: Update homeserver.yaml with PostgreSQL configuration
-  blockinfile:
-    path: "{{ matrix_config_dir }}/homeserver.yaml"
-    marker: "# {mark} ANSIBLE MANAGED POSTGRES CONFIG"
-    block: |
-      database:
-        name: psycopg2
-        args:
-          user: {{ matrix_postgres_user }}
-          password: "{{ vault_matrix_postgres_password }}"
-          database: {{ matrix_postgres_db }}
-          host: matrix-postgres
-          cp_min: 5
-          cp_max: 10
-          sslmode: disable
-
-- name: Update homeserver.yaml with media storage settings
-  blockinfile:
-    path: "{{ matrix_config_dir }}/homeserver.yaml"
-    marker: "# {mark} ANSIBLE MANAGED MEDIA CONFIG"
-    block: |
-      media_store_path: /data/media_store
-      uploads_path: /data/uploads
-      max_upload_size: "50M"
-      url_preview_enabled: true
-
-- name: Update homeserver.yaml with registration settings
-  blockinfile:
-    path: "{{ matrix_config_dir }}/homeserver.yaml"
-    marker: "# {mark} ANSIBLE MANAGED REGISTRATION CONFIG"
-    block: |
-      enable_registration: {{ matrix_registration_enabled | bool | lower }}
-      registration_shared_secret: "{{ vault_matrix_synapse_secret }}"
-
-- name: Update homeserver.yaml with additional settings
-  blockinfile:
-    path: "{{ matrix_config_dir }}/homeserver.yaml"
-    marker: "# {mark} ANSIBLE MANAGED ADDITIONAL CONFIG"
-    block: |
-      macaroon_secret_key: "{{ vault_matrix_macaroon_secret }}"
-      form_secret: "{{ vault_matrix_form_secret }}"
-      trusted_key_servers:
-        - server_name: "matrix.org"
-
-- name: Set proper permissions on config files
-  file:
-    path: "{{ matrix_config_dir }}/homeserver.yaml"
-    owner: "991"
-    group: "991"
-    mode: "0644"
-
-- name: Copy log.config to config directory
-  copy:
     src: log.config
     dest: "{{ matrix_config_dir }}/log.config"
-    mode: 0644
+    owner: root
+    group: root
+    mode: '0644'
 
-- name: Deploy Matrix docker-compose.yml
+- name: Deploy homeserver.yaml from template
-  template:
+  ansible.builtin.template:
-    src: "docker-compose.yml.j2"
+    src: homeserver.yaml.j2
+    dest: "{{ matrix_config_dir }}/homeserver.yaml"
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: Deploy docker-compose.yml for Matrix
+  ansible.builtin.template:
+    src: docker-compose.yml.j2
     dest: "{{ matrix_base_dir }}/docker-compose.yml"
-    mode: 0644
+    owner: root
+    group: root
+    mode: '0640'
 
-- name: Start Matrix services
+- name: Start Matrix stack via docker-compose
-  shell: |
+  ansible.builtin.shell: |
-    cd {{ matrix_base_dir }}
+    docker-compose -f "{{ matrix_base_dir }}/docker-compose.yml" up -d
-    docker compose up -d
   args:
-    executable: /bin/bash
+    chdir: "{{ matrix_base_dir }}"
+  register: compose_result
+  changed_when: "'Recreating' in compose_result.stdout or 'Creating' in compose_result.stdout"
 
-- name: Wait for Synapse to start
+- name: Wait for Synapse to become healthy
-  pause:
+  ansible.builtin.uri:
-    seconds: 30
+    url: "http://localhost:{{ matrix_port }}/health"
-
+    timeout: 5
-- name: Check Matrix container status
+  register: health_check
-  shell: |
+  until: health_check.status == 200
-    docker ps --filter name=matrix-synapse
+  retries: 12
-    docker ps --filter name=matrix-postgres
+  delay: 10
-  register: matrix_status
+  ignore_errors: yes
-  changed_when: false
-
-- name: Show Matrix status
-  debug:
-    var: matrix_status.stdout
-
-- name: Register admin user (if enabled)
-  shell: |
-    cd {{ matrix_base_dir }}
-    docker exec matrix-synapse register_new_matrix_user http://localhost:8008 -c /data/homeserver.yaml -u admin -p "{{ vault_matrix_admin_password }}" --admin
-  when: matrix_registration_enabled
-  ignore_errors: true
-  become: no
-
-- name: Show deployment info
-  debug:
-    msg: |
-      Matrix Synapse успешно развернут!
-      Сервер: {{ matrix_server_name }}
-      Порт: {{ matrix_port }}
-      PostgreSQL: matrix-postgres:5432

roles/matrix/templates/docker-compose.yml.j2

@@ -1,32 +1,46 @@
 version: '3.8'
 services:
   matrix-postgres:
-    image: postgres:15
+    image: postgres:13
+    container_name: matrix-postgres
     restart: unless-stopped
     environment:
-      POSTGRES_USER: {{ matrix_postgres_user }}
+      POSTGRES_USER: "{{ matrix_postgres_user }}"
-      POSTGRES_PASSWORD: "{{ vault_matrix_postgres_password }}"
+      POSTGRES_PASSWORD: "{{ matrix_postgres_password }}"
-      POSTGRES_DB: {{ matrix_postgres_db }}
+      POSTGRES_DB: "{{ matrix_postgres_db }}"
+      POSTGRES_INITDB_ARGS: "--encoding=UTF8 --lc-collate=C --lc-ctype=C"
     volumes:
-      - {{ matrix_postgres_dir }}:/var/lib/postgresql/data
+      - "{{ matrix_postgres_dir }}:/var/lib/postgresql/data"
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U {{ matrix_postgres_user }}"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
     networks:
-      - matrix
+      - matrix-network
 
   matrix-synapse:
     image: matrixdotorg/synapse:latest
+    container_name: matrix-synapse
     restart: unless-stopped
-    depends_on:
-      - matrix-postgres
-    environment:
-      - SYNAPSE_SERVER_NAME={{ matrix_server_name }}
-      - SYNAPSE_REPORT_STATS={{ matrix_report_stats | bool | lower }}
-    volumes:
-      - {{ matrix_config_dir }}:/data
     ports:
       - "{{ matrix_port }}:8008"
+    volumes:
+      - "{{ matrix_config_dir }}:/data"
+      - "{{ matrix_media_dir }}:/data/media"
+    environment:
+      - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
+    depends_on:
+      matrix-postgres:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8008/health"]
+      interval: 15s
+      timeout: 5s
+      retries: 3
     networks:
-      - matrix
+      - matrix-network
 
 networks:
-  matrix:
+  matrix-network:
     driver: bridge

roles/matrix/templates/homeserver.yaml.j2

@@ -12,9 +12,9 @@ listeners:
 database:
   name: psycopg2
   args:
-    user: synapse
+    user: "{{ matrix_postgres_user }}"
-    password: "{{ vault_matrix_postgres_password }}"
+    password: "{{ matrix_postgres_password }}"
-    database: synapse
+    database: "{{ matrix_postgres_db }}"
     host: matrix-postgres
     cp_min: 5
     cp_max: 10
@@ -23,9 +23,9 @@ media_store_path: /data/media_store
 uploads_path: /data/uploads
 enable_registration: {{ matrix_registration_enabled | bool | lower }}
 enable_registration_without_verification: false
-registration_shared_secret: "{{ vault_matrix_synapse_secret }}"
+registration_shared_secret: "{{ matrix_synapse_secret }}"
-macaroon_secret_key: "{{ vault_matrix_macaroon_secret }}"
+macaroon_secret_key: "{{ matrix_macaroon_secret }}"
-form_secret: "{{ vault_matrix_form_secret }}"
+form_secret: "{{ matrix_form_secret }}"
 report_stats: {{ matrix_report_stats | bool | lower }}
 retention:
   enabled: true
@@ -44,6 +44,5 @@ url_preview_ip_range_blacklist:
   - 'fe80::/64'
   - 'fc00::/7'
 max_upload_size: "50M"
-# Federation
+federation_domain_whitelist: null
-federation_domain_whitelist: ~
 allow_public_rooms_over_federation: true