Update 7 files

- /group_vars/all.yml
- /group_vars/all/vault.yml
- /roles/matrix/tasks/main.yml
- /roles/matrix/files/homeserver.yaml
- /roles/matrix/files/log.config
- /roles/matrix/templates/docker-compose.yml.j2
- /olimp-deploy.yml

group_vars/all.yml

@@ -142,6 +142,23 @@ mumble_server_password: "passw0rd"
 mumble_superuser_password: "13qeadZC"
 mumble_max_users: "100"
 
+# Matrix Synapse
+matrix_base_dir: "/mnt/matrix"
+matrix_data_dir: "{{ matrix_base_dir }}/data"
+matrix_config_dir: "{{ matrix_base_dir }}/config"
+matrix_media_dir: "{{ matrix_base_dir }}/media"
+matrix_postgres_dir: "{{ matrix_base_dir }}/postgres"
+matrix_port: "45132"
+matrix_domain: "matrix.zailon.ru"
+matrix_server_name: "{{ matrix_domain }}"
+matrix_registration_enabled: false
+matrix_report_stats: false
+matrix_admin_user: "@admin:{{ matrix_domain }}"
+matrix_postgres_password: "{{ vault_matrix_postgres_password }}"
+matrix_synapse_secret: "{{ vault_matrix_synapse_secret }}"
+matrix_macaroon_secret: "{{ vault_matrix_macaroon_secret }}"
+matrix_form_secret: "{{ vault_matrix_form_secret }}"
+
 # ------------192.168.1.208 manage------------
 
 # MeshCentral

group_vars/all/vault.yml

@@ -0,0 +1,5 @@
+vault_matrix_postgres_password: "your_secure_postgres_password_here"
+vault_matrix_synapse_secret: "f9e5c2071a178dd8260c7a07b8e133417ff0d7c5d5ca12efdb215d56e19f05f4"
+vault_matrix_macaroon_secret: "11e917490abf2306026ee6e3f49137ca911bd166dc0b8f4bccd62602bf9e6966"
+vault_matrix_form_secret: "f61c53b083b51e14d2875940971b9e2d5f9ea4c69944cecf458075bf055eca45"
+vault_matrix_admin_password: "your_admin_password_here"

olimp-deploy.yml

@@ -34,7 +34,7 @@
   roles:
     - { role: docker,                 tags: deploy_docker }
     - { role: mumble,                 tags: deploy_mumble }
-
+    - { role: matrix,                 tags: deploy_matrix }
 - hosts: manage
   roles:
     - { role: docker,                 tags: deploy_docker }

roles/matrix/files/homeserver.yaml

@@ -0,0 +1,56 @@
+server_name: "{{ matrix_server_name }}"
+pid_file: /data/homeserver.pid
+public_baseurl: "https://{{ matrix_domain }}/"
+listeners:
+  - port: 8008
+    tls: false
+    type: http
+    x_forwarded: true
+    resources:
+      - names: [client, federation]
+        compress: false
+
+database:
+  name: psycopg2
+  args:
+    user: synapse
+    password: "{{ matrix_postgres_password }}"
+    database: synapse
+    host: matrix-postgres
+    cp_min: 5
+    cp_max: 10
+
+log_config: "/data/log.config"
+media_store_path: /data/media_store
+uploads_path: /data/uploads
+enable_registration: {{ matrix_registration_enabled }}
+enable_registration_without_verification: false
+registration_shared_secret: "{{ matrix_synapse_secret }}"
+macaroon_secret_key: "{{ matrix_macaroon_secret }}"
+form_secret: "{{ matrix_form_secret }}"
+
+report_stats: {{ "true" if matrix_report_stats else "false" }}
+
+retention:
+  enabled: true
+  default_policy:
+    min_lifetime: 1d
+    max_lifetime: 30d
+
+url_preview_enabled: true
+url_preview_ip_range_blacklist:
+  - '127.0.0.0/8'
+  - '10.0.0.0/8'
+  - '172.16.0.0/12'
+  - '192.168.0.0/16'
+  - '100.64.0.0/10'
+  - '169.254.0.0/16'
+  - '::1/128'
+  - 'fe80::/64'
+  - 'fc00::/7'
+
+max_upload_size: "50M"
+
+# Federation
+federation_domain_whitelist: ~
+allow_public_rooms_over_federation: true

roles/matrix/files/log.config

@@ -0,0 +1,29 @@
+version: 1
+formatters:
+  precise:
+   format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
+filters:
+  context:
+    (): synapse.util.logcontext.LoggingContextFilter
+    request: ""
+handlers:
+  file:
+    class: logging.handlers.RotatingFileHandler
+    formatter: precise
+    filename: /data/homeserver.log
+    maxBytes: 104857600
+    backupCount: 10
+    filters: [context]
+    level: INFO
+  console:
+    class: logging.StreamHandler
+    formatter: precise
+    level: INFO
+loggers:
+  synapse:
+    level: INFO
+  synapse.storage.SQL:
+    level: INFO
+root:
+  level: INFO
+  handlers: [file, console]

roles/matrix/tasks/main.yml

@@ -0,0 +1,95 @@
+---
+- name: Create Matrix directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0755
+    owner: "991"
+    group: "991"
+  loop:
+    - "{{ matrix_base_dir }}"
+    - "{{ matrix_data_dir }}"
+    - "{{ matrix_config_dir }}"
+    - "{{ matrix_media_dir }}"
+    - "{{ matrix_postgres_dir }}"
+
+- name: Generate Synapse configuration
+  docker_container:
+    name: matrix-config-generator
+    image: matrixdotorg/synapse:latest
+    command: |
+      python -m synapse.app.homeserver \
+        --server-name {{ matrix_server_name }} \
+        --config-path /data/homeserver.yaml \
+        --generate-config \
+        --report-stats={{ "yes" if matrix_report_stats else "no" }}
+    volumes:
+      - "{{ matrix_config_dir }}:/data"
+    auto_remove: true
+
+- name: Copy custom configuration files
+  copy:
+    src: "{{ item }}"
+    dest: "{{ matrix_config_dir }}/"
+    mode: 0644
+  loop:
+    - "homeserver.yaml"
+    - "log.config"
+
+- name: Set proper permissions on config files
+  file:
+    path: "{{ matrix_config_dir }}/{{ item }}"
+    owner: "991"
+    group: "991"
+    mode: "0644"
+  loop:
+    - "homeserver.yaml"
+    - "log.config"
+
+- name: Deploy Matrix docker-compose.yml
+  template:
+    src: "docker-compose.yml.j2"
+    dest: "{{ matrix_base_dir }}/docker-compose.yml"
+    mode: 0644
+
+- name: Start Matrix services
+  shell: |
+    cd {{ matrix_base_dir }}
+    docker compose up -d
+  args:
+    executable: /bin/bash
+
+- name: Wait for services to start
+  pause:
+    seconds: 30
+
+- name: Check Matrix container status
+  shell: |
+    docker ps --filter name=matrix-synapse
+    docker ps --filter name=matrix-postgres
+  register: matrix_status
+  changed_when: false
+
+- name: Show Matrix status
+  debug:
+    var: matrix_status.stdout
+
+- name: Register admin user (if specified)
+  shell: |
+    cd {{ matrix_base_dir }}
+    docker exec matrix-synapse register_new_matrix_user http://localhost:8008 -c /data/homeserver.yaml -u admin -p {{ vault_matrix_admin_password }} --admin
+  when: matrix_admin_user != "" and matrix_registration_enabled
+  ignore_errors: true
+
+- name: Show connection info
+  debug:
+    msg: |
+      Matrix Synapse deployed!
+      Server: {{ matrix_server_name }}
+      Client port: {{ matrix_port }}
+      Admin: {{ matrix_admin_user }}
+      
+      Next steps:
+      1. Configure reverse proxy in NPM
+      2. Open ports in firewall if needed
+      3. Configure SSL certificates

roles/matrix/templates/docker-compose.yml.j2

@@ -0,0 +1,40 @@
+version: '3.8'
+
+services:
+  matrix-postgres:
+    image: postgres:13
+    container_name: matrix-postgres
+    environment:
+      POSTGRES_DB: synapse
+      POSTGRES_USER: synapse
+      POSTGRES_PASSWORD: {{ matrix_postgres_password }}
+      POSTGRES_INITDB_ARGS: "--encoding=UTF8 --lc-collate=C --lc-ctype=C"
+    volumes:
+      - {{ matrix_postgres_dir }}:/var/lib/postgresql/data
+    restart: always
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U synapse"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+
+  matrix-synapse:
+    image: matrixdotorg/synapse:latest
+    container_name: matrix-synapse
+    ports:
+      - "{{ matrix_port }}:8008"
+    volumes:
+      - {{ matrix_data_dir }}:/data
+      - {{ matrix_config_dir }}:/data
+      - {{ matrix_media_dir }}:/data/media
+    environment:
+      SYNAPSE_CONFIG_PATH: /data/homeserver.yaml
+    depends_on:
+      matrix-postgres:
+        condition: service_healthy
+    restart: always
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8008/health"]
+      interval: 15s
+      timeout: 5s
+      retries: 3