bonifacelabs-public
/
blse2-public
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add Matrix/Riot package and updated README

This commit is contained in:
Joshua Boniface 2019-06-06 09:21:08 -04:00
parent ee2c8b1604
commit fd64bcb708
10 changed files with 372 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -0,0 +1,3 @@
Example BLSE2 Ansible Roles
This is a collection of Ansible roles from the Boniface Labs Server Environment, version 2, in a santized public form. It is useful as a reference for Ansible and on how to configure these services. Note that many roles may rely on BLSE-specific variables set in group_vars, which are not included here.

15
package-riot/handlers/main.yml Normal file
View File

@ -0,0 +1,15 @@
---
- name: restart matrix-synapse
service:
name: matrix-synapse
state: restarted
- name: restart mxisd
service:
name: mxisd
state: restarted
- name: restart nginx
service:
name: nginx
state: restarted

122
package-riot/tasks/main.yml Normal file
View File

@ -0,0 +1,122 @@
---
- name: install matrix packages
apt:
pkg:
- matrix-synapse
- matrix-synapse-ldap3
- python3-psycopg2
- python3-jinja2
- python3-bleach
- openjdk-8-jre-headless
- mxisd
state: latest
- name: install the rest auth provider
get_url:
url: "https://raw.githubusercontent.com/kamax-matrix/matrix-synapse-rest-auth/master/rest_auth_provider.py"
dest: "/usr/lib/python3/dist-packages/rest_auth_provider.py"
- name: ensure services are started and enabled
service:
name: "{{ item }}"
state: started
enabled: yes
with_items:
- matrix-synapse
- mxisd
- name: install matrix-synapse configurations
template:
src: "{{ item.src }}.j2"
dest: "{{ item.dest }}"
owner: matrix-synapse
group: adm
mode: 0640
notify: restart matrix-synapse
with_items:
- { src: "matrix-homeserver.yaml", dest: "/etc/matrix-synapse/homeserver.yaml" }
- { src: "matrix-server_name.yaml", dest: "/etc/matrix-synapse/conf.d/server_name.yaml" }
- { src: "matrix-report_stats.yaml", dest: "/etc/matrix-synapse/conf.d/report_stats.yaml" }
- { src: "matrix-homeserver.signing.key", dest: "/etc/matrix-synapse/homeserver.signing.key" }
- name: install mxisd configurations
template:
src: "{{ item.src }}.j2"
dest: "{{ item.dest }}"
owner: mxisd
group: adm
mode: 0640
notify: restart mxisd
with_items:
- { src: "mxisd.yaml", dest: "/etc/mxisd/mxisd.yaml" }
- name: link the res folder to the right place
file:
src: "/usr/lib/python3/dist-packages/synapse/res"
dest: "/var/lib/matrix-synapse/res"
state: link
- name: create matrix data directories
file:
dest: "/srv/matrix/{{ item }}"
state: directory
owner: matrix-synapse
group: sudo
mode: 0750
with_items:
- media
- uploads
- name: install nginx packages
apt:
pkg:
- nginx
state: latest
- name: ensure services are started and enabled
service:
name: "{{ item }}"
state: started
enabled: yes
with_items:
- nginx
- name: disable default nginx configuration
file:
dest: "/etc/nginx/sites-enabled/default"
state: "absent"
- name: install nginx configuration
template:
src: "riot-nginx.j2"
dest: "/etc/nginx/sites-enabled/riot"
notify: restart nginx
- name: download riot
get_url:
url: "https://github.com/vector-im/riot-web/releases/download/{{ riot_version }}/riot-{{ riot_version }}.tar.gz"
dest: "/var/www/riot.tar.gz"
- name: extract riot
unarchive:
src: "/var/www/riot.tar.gz"
dest: "/var/www"
owner: www-data
group: www-data
copy: no
creates: "/var/www/riot-{{ riot_version }}"
- name: create versionless riot symlink
file:
src: "/var/www/riot-{{ riot_version }}"
dest: "/var/www/riot"
state: link
- name: install riot configuration
template:
src: "riot-config.json.j2"
dest: "/var/www/riot/config.json"
owner: www-data
group: www-data
notify: restart nginx

1
package-riot/templates/matrix-homeserver.signing.key.j2 Normal file
View File

@ -0,0 +1 @@
{{ matrix_homeserver_signing_key }}

123
package-riot/templates/matrix-homeserver.yaml.j2 Normal file
View File

@ -0,0 +1,123 @@
---
# Matrix homeserver configuration
# {{ ansible_managed }}
no_tls: True
tls_fingerprints: []
pid_file: "/var/run/matrix-synapse.pid"
soft_file_limit: 0
public_baseurl: "https://im.bonifacelabs.ca"
listeners:
- port: 8008
tls: false
bind_addresses:
- '::'
type: http
x_forwarded: true
resources:
- names: [client, webclient]
compress: true
- names: [federation]
compress: false
database:
name: psycopg2
args:
user: "{{ postgres_client['matrix'].username }}"
password: "{{ postgres_client['matrix'].passwd }}"
database: "{{ postgres_client['matrix'].database }}"
host: "{{ postgres_client['matrix'].host }}"
port: "{{ postgres_client['matrix'].port_readwrite }}"
cp_min: 5
cp_max: 10
event_cache_size: "10K"
log_config: "/etc/matrix-synapse/log.yaml"
rc_messages_per_second: 2.0
rc_message_burst_count: 10.0
federation_rc_window_size: 1000
federation_rc_sleep_limit: 10
federation_rc_sleep_delay: 500
federation_rc_reject_limit: 50
federation_rc_concurrent: 3
media_store_path: "/srv/matrix/media"
uploads_path: "/srv/matrix/uploads"
max_upload_size: "10M"
max_image_pixels: "32M"
dynamic_thumbnails: false
thumbnail_sizes:
- width: 32
height: 32
method: crop
- width: 96
height: 96
method: crop
- width: 320
height: 240
method: scale
- width: 640
height: 480
method: scale
- width: 800
height: 600
method: scale
url_preview_enabled: False
max_spider_size: "10M"
enable_registration_captcha: False
enable_registration: False
bcrypt_rounds: 12
allow_guest_access: False
trusted_third_party_id_servers:
- "im.{{ blsedomains_webdomain }}"
auto_join_rooms:
- "#hallway:{{ blsedomains_webdomain }}"
- "#fun:{{ blsedomains_webdomain }}"
- "#games:{{ blsedomains_webdomain }}"
enable_metrics: False
room_invite_state_types:
- "m.room.join_rules"
- "m.room.canonical_alias"
- "m.room.avatar"
- "m.room.name"
app_service_config_files: []
expire_access_token: False
signing_key_path: "/etc/matrix-synapse/homeserver.signing.key"
old_signing_keys: {}
key_refresh_interval: "1d" # 1 Day.
perspectives:
servers:
"matrix.org":
verify_keys:
"ed25519:auto":
key: "{{ matrixorg_verify_key }}"
password_config:
enabled: true
email:
enable_notifs: true
smtp_host: "{{ blsecluster_smtphost }}"
smtp_port: 587
smtp_user: "{{ username_email_root }}"
smtp_pass: "{{ passwd_email_root }}"
require_transport_security: True
notif_from: "The BLSE Matrix Server <matrix@bonifacelabs.ca>"
app_name: Matrix
template_dir: res/templates
notif_template_html: notif_mail.html
notif_template_text: notif_mail.txt
notif_for_new_users: True
riot_base_url: "https://riot.bonifacelabs.ca"
password_providers:
- module: "rest_auth_provider.RestAuthProvider"
config:
endpoint: "http://localhost:8090"
# - module: "ldap_auth_provider.LdapAuthProvider"
# config:
# enabled: true
# uri: "ldap://{{ blsecluster_ldaphost }}:389"
# start_tls: false
# base: "{{ ldap_basedn }}"
# attributes:
# uid: "uid"
# mail: "mail"
# name: "cn"
# bind_dn: "{{ username_ldap_admin }}"
# bind_password: "{{ passwd_ldap_admin }}"
# filter: "(&(objectClass=mailUser)(accountStatus=active))"
enable_group_creation: false

4
package-riot/templates/matrix-report_stats.yaml.j2 Normal file
View File

@ -0,0 +1,4 @@
---
# Matrix report_stats configuration
# {{ ansible_managed }}
report_stats: false

4
package-riot/templates/matrix-server_name.yaml.j2 Normal file
View File

@ -0,0 +1,4 @@
---
# Matrix server_name configuration
# {{ ansible_managed }}
server_name: "{{ blsedomains_webdomain }}"

47
package-riot/templates/mxisd.yaml.j2 Normal file
View File

@ -0,0 +1,47 @@
---
# mxisd configuration file
# {{ ansible_managed }}
matrix:
domain: "im.{{ blsedomains_webdomain }}"
key:
path: '/var/lib/mxisd/keys'
storage:
provider:
sqlite:
database: '/var/lib/mxisd/store.db'
ldap:
enabled: true
connection:
host: "{{ blsecluster_ldaphost }}"
port: 389
bindDn: "{{ username_ldap_admin }}"
bindPassword: "{{ passwd_ldap_admin }}"
baseDNs:
- "{{ ldap_basedn }}"
filter: "(&(objectClass=mailUser)(accountStatus=active))"
attribute:
uid:
type: "uid"
value: "uid"
name: "cn"
threepid:
email:
- "mail"
threepid:
medium:
email:
identity:
from: "matrix@{{ blsedomains_webdomain }}"
connectors:
smtp:
host: "{{ blsecluster_smtphost }}"
port: 587
tls: 1
login: "{{ username_email_root }}"
password: "{{ passwd_email_root }}"
dns:
overwrite:
homeserver:
client:
- name: 'im.{{ blsedomains_webdomain }}'
value: 'http://localhost:8008'

37
package-riot/templates/riot-config.json.j2 Normal file
View File

@ -0,0 +1,37 @@
{
"default_hs_url": "https://im.{{ blsedomains_webdomain }}",
"default_is_url": "https://im.{{ blsedomains_webdomain }}",
"disable_custom_urls": false,
"disable_guests": false,
"disable_login_language_selector": false,
"disable_3pid_login": false,
"brand": "Riot",
"integrations_ui_url": "https://scalar.vector.im/",
"integrations_rest_url": "https://scalar.vector.im/api",
"integrations_jitsi_widget_url": "https://scalar.vector.im/api/widgets/jitsi.html",
"bug_report_endpoint_url": "https://riot.im/bugreports/submit",
"features": {
"feature_groups": "labs",
"feature_pinning": "labs"
},
"default_federate": true,
"default_theme": "light",
"roomDirectory": {
"servers": [
"{{ blsedomains_webdomain }}",
"im.{{ blsedomains_webdomain }}"
]
},
"welcomeUserId": "@riot-bot:matrix.org",
"piwik": {
"url": "https://piwik.riot.im/",
"whitelistedHSUrls": ["https://{{ blsedomains_webdomain }}", "https://im.{{ blsedomains_webdomain }}", "https://matrix.org"],
"whitelistedISUrls": ["https://{{ blsedomains_webdomain }}", "https://im.{{ blsedomains_webdomain }}", "https://vector.im", "https://matrix.org"],
"siteId": 1
},
"enable_presence_by_hs_url": {
"https://{{ blsedomains_webdomain }}": true,
"https://im.{{ blsedomains_webdomain }}": true,
"https://matrix.org": true
}
}

16
package-riot/templates/riot-nginx.j2 Normal file
View File

@ -0,0 +1,16 @@
# Simple and straightforward web server for Riot
# {{ ansible_managed }}
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/riot;
index index.html;
server_name _;
location / {
try_files $uri $uri/ =404;
}
}