Add Matrix/Riot package and updated README
This commit is contained in:
parent
ee2c8b1604
commit
fd64bcb708
|
@ -0,0 +1,3 @@
|
||||||
|
Example BLSE2 Ansible Roles
|
||||||
|
|
||||||
|
This is a collection of Ansible roles from the Boniface Labs Server Environment, version 2, in a santized public form. It is useful as a reference for Ansible and on how to configure these services. Note that many roles may rely on BLSE-specific variables set in group_vars, which are not included here.
|
|
@ -0,0 +1,15 @@
|
||||||
|
---
|
||||||
|
- name: restart matrix-synapse
|
||||||
|
service:
|
||||||
|
name: matrix-synapse
|
||||||
|
state: restarted
|
||||||
|
|
||||||
|
- name: restart mxisd
|
||||||
|
service:
|
||||||
|
name: mxisd
|
||||||
|
state: restarted
|
||||||
|
|
||||||
|
- name: restart nginx
|
||||||
|
service:
|
||||||
|
name: nginx
|
||||||
|
state: restarted
|
|
@ -0,0 +1,122 @@
|
||||||
|
---
|
||||||
|
- name: install matrix packages
|
||||||
|
apt:
|
||||||
|
pkg:
|
||||||
|
- matrix-synapse
|
||||||
|
- matrix-synapse-ldap3
|
||||||
|
- python3-psycopg2
|
||||||
|
- python3-jinja2
|
||||||
|
- python3-bleach
|
||||||
|
- openjdk-8-jre-headless
|
||||||
|
- mxisd
|
||||||
|
state: latest
|
||||||
|
|
||||||
|
- name: install the rest auth provider
|
||||||
|
get_url:
|
||||||
|
url: "https://raw.githubusercontent.com/kamax-matrix/matrix-synapse-rest-auth/master/rest_auth_provider.py"
|
||||||
|
dest: "/usr/lib/python3/dist-packages/rest_auth_provider.py"
|
||||||
|
|
||||||
|
- name: ensure services are started and enabled
|
||||||
|
service:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: started
|
||||||
|
enabled: yes
|
||||||
|
with_items:
|
||||||
|
- matrix-synapse
|
||||||
|
- mxisd
|
||||||
|
|
||||||
|
- name: install matrix-synapse configurations
|
||||||
|
template:
|
||||||
|
src: "{{ item.src }}.j2"
|
||||||
|
dest: "{{ item.dest }}"
|
||||||
|
owner: matrix-synapse
|
||||||
|
group: adm
|
||||||
|
mode: 0640
|
||||||
|
notify: restart matrix-synapse
|
||||||
|
with_items:
|
||||||
|
- { src: "matrix-homeserver.yaml", dest: "/etc/matrix-synapse/homeserver.yaml" }
|
||||||
|
- { src: "matrix-server_name.yaml", dest: "/etc/matrix-synapse/conf.d/server_name.yaml" }
|
||||||
|
- { src: "matrix-report_stats.yaml", dest: "/etc/matrix-synapse/conf.d/report_stats.yaml" }
|
||||||
|
- { src: "matrix-homeserver.signing.key", dest: "/etc/matrix-synapse/homeserver.signing.key" }
|
||||||
|
|
||||||
|
- name: install mxisd configurations
|
||||||
|
template:
|
||||||
|
src: "{{ item.src }}.j2"
|
||||||
|
dest: "{{ item.dest }}"
|
||||||
|
owner: mxisd
|
||||||
|
group: adm
|
||||||
|
mode: 0640
|
||||||
|
notify: restart mxisd
|
||||||
|
with_items:
|
||||||
|
- { src: "mxisd.yaml", dest: "/etc/mxisd/mxisd.yaml" }
|
||||||
|
|
||||||
|
- name: link the res folder to the right place
|
||||||
|
file:
|
||||||
|
src: "/usr/lib/python3/dist-packages/synapse/res"
|
||||||
|
dest: "/var/lib/matrix-synapse/res"
|
||||||
|
state: link
|
||||||
|
|
||||||
|
- name: create matrix data directories
|
||||||
|
file:
|
||||||
|
dest: "/srv/matrix/{{ item }}"
|
||||||
|
state: directory
|
||||||
|
owner: matrix-synapse
|
||||||
|
group: sudo
|
||||||
|
mode: 0750
|
||||||
|
with_items:
|
||||||
|
- media
|
||||||
|
- uploads
|
||||||
|
|
||||||
|
- name: install nginx packages
|
||||||
|
apt:
|
||||||
|
pkg:
|
||||||
|
- nginx
|
||||||
|
state: latest
|
||||||
|
|
||||||
|
- name: ensure services are started and enabled
|
||||||
|
service:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: started
|
||||||
|
enabled: yes
|
||||||
|
with_items:
|
||||||
|
- nginx
|
||||||
|
|
||||||
|
- name: disable default nginx configuration
|
||||||
|
file:
|
||||||
|
dest: "/etc/nginx/sites-enabled/default"
|
||||||
|
state: "absent"
|
||||||
|
|
||||||
|
- name: install nginx configuration
|
||||||
|
template:
|
||||||
|
src: "riot-nginx.j2"
|
||||||
|
dest: "/etc/nginx/sites-enabled/riot"
|
||||||
|
notify: restart nginx
|
||||||
|
|
||||||
|
- name: download riot
|
||||||
|
get_url:
|
||||||
|
url: "https://github.com/vector-im/riot-web/releases/download/{{ riot_version }}/riot-{{ riot_version }}.tar.gz"
|
||||||
|
dest: "/var/www/riot.tar.gz"
|
||||||
|
|
||||||
|
- name: extract riot
|
||||||
|
unarchive:
|
||||||
|
src: "/var/www/riot.tar.gz"
|
||||||
|
dest: "/var/www"
|
||||||
|
owner: www-data
|
||||||
|
group: www-data
|
||||||
|
copy: no
|
||||||
|
creates: "/var/www/riot-{{ riot_version }}"
|
||||||
|
|
||||||
|
- name: create versionless riot symlink
|
||||||
|
file:
|
||||||
|
src: "/var/www/riot-{{ riot_version }}"
|
||||||
|
dest: "/var/www/riot"
|
||||||
|
state: link
|
||||||
|
|
||||||
|
- name: install riot configuration
|
||||||
|
template:
|
||||||
|
src: "riot-config.json.j2"
|
||||||
|
dest: "/var/www/riot/config.json"
|
||||||
|
owner: www-data
|
||||||
|
group: www-data
|
||||||
|
notify: restart nginx
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
{{ matrix_homeserver_signing_key }}
|
|
@ -0,0 +1,123 @@
|
||||||
|
---
|
||||||
|
# Matrix homeserver configuration
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
no_tls: True
|
||||||
|
tls_fingerprints: []
|
||||||
|
pid_file: "/var/run/matrix-synapse.pid"
|
||||||
|
soft_file_limit: 0
|
||||||
|
public_baseurl: "https://im.bonifacelabs.ca"
|
||||||
|
listeners:
|
||||||
|
- port: 8008
|
||||||
|
tls: false
|
||||||
|
bind_addresses:
|
||||||
|
- '::'
|
||||||
|
type: http
|
||||||
|
x_forwarded: true
|
||||||
|
resources:
|
||||||
|
- names: [client, webclient]
|
||||||
|
compress: true
|
||||||
|
- names: [federation]
|
||||||
|
compress: false
|
||||||
|
database:
|
||||||
|
name: psycopg2
|
||||||
|
args:
|
||||||
|
user: "{{ postgres_client['matrix'].username }}"
|
||||||
|
password: "{{ postgres_client['matrix'].passwd }}"
|
||||||
|
database: "{{ postgres_client['matrix'].database }}"
|
||||||
|
host: "{{ postgres_client['matrix'].host }}"
|
||||||
|
port: "{{ postgres_client['matrix'].port_readwrite }}"
|
||||||
|
cp_min: 5
|
||||||
|
cp_max: 10
|
||||||
|
event_cache_size: "10K"
|
||||||
|
log_config: "/etc/matrix-synapse/log.yaml"
|
||||||
|
rc_messages_per_second: 2.0
|
||||||
|
rc_message_burst_count: 10.0
|
||||||
|
federation_rc_window_size: 1000
|
||||||
|
federation_rc_sleep_limit: 10
|
||||||
|
federation_rc_sleep_delay: 500
|
||||||
|
federation_rc_reject_limit: 50
|
||||||
|
federation_rc_concurrent: 3
|
||||||
|
media_store_path: "/srv/matrix/media"
|
||||||
|
uploads_path: "/srv/matrix/uploads"
|
||||||
|
max_upload_size: "10M"
|
||||||
|
max_image_pixels: "32M"
|
||||||
|
dynamic_thumbnails: false
|
||||||
|
thumbnail_sizes:
|
||||||
|
- width: 32
|
||||||
|
height: 32
|
||||||
|
method: crop
|
||||||
|
- width: 96
|
||||||
|
height: 96
|
||||||
|
method: crop
|
||||||
|
- width: 320
|
||||||
|
height: 240
|
||||||
|
method: scale
|
||||||
|
- width: 640
|
||||||
|
height: 480
|
||||||
|
method: scale
|
||||||
|
- width: 800
|
||||||
|
height: 600
|
||||||
|
method: scale
|
||||||
|
url_preview_enabled: False
|
||||||
|
max_spider_size: "10M"
|
||||||
|
enable_registration_captcha: False
|
||||||
|
enable_registration: False
|
||||||
|
bcrypt_rounds: 12
|
||||||
|
allow_guest_access: False
|
||||||
|
trusted_third_party_id_servers:
|
||||||
|
- "im.{{ blsedomains_webdomain }}"
|
||||||
|
auto_join_rooms:
|
||||||
|
- "#hallway:{{ blsedomains_webdomain }}"
|
||||||
|
- "#fun:{{ blsedomains_webdomain }}"
|
||||||
|
- "#games:{{ blsedomains_webdomain }}"
|
||||||
|
enable_metrics: False
|
||||||
|
room_invite_state_types:
|
||||||
|
- "m.room.join_rules"
|
||||||
|
- "m.room.canonical_alias"
|
||||||
|
- "m.room.avatar"
|
||||||
|
- "m.room.name"
|
||||||
|
app_service_config_files: []
|
||||||
|
expire_access_token: False
|
||||||
|
signing_key_path: "/etc/matrix-synapse/homeserver.signing.key"
|
||||||
|
old_signing_keys: {}
|
||||||
|
key_refresh_interval: "1d" # 1 Day.
|
||||||
|
perspectives:
|
||||||
|
servers:
|
||||||
|
"matrix.org":
|
||||||
|
verify_keys:
|
||||||
|
"ed25519:auto":
|
||||||
|
key: "{{ matrixorg_verify_key }}"
|
||||||
|
password_config:
|
||||||
|
enabled: true
|
||||||
|
email:
|
||||||
|
enable_notifs: true
|
||||||
|
smtp_host: "{{ blsecluster_smtphost }}"
|
||||||
|
smtp_port: 587
|
||||||
|
smtp_user: "{{ username_email_root }}"
|
||||||
|
smtp_pass: "{{ passwd_email_root }}"
|
||||||
|
require_transport_security: True
|
||||||
|
notif_from: "The BLSE Matrix Server <matrix@bonifacelabs.ca>"
|
||||||
|
app_name: Matrix
|
||||||
|
template_dir: res/templates
|
||||||
|
notif_template_html: notif_mail.html
|
||||||
|
notif_template_text: notif_mail.txt
|
||||||
|
notif_for_new_users: True
|
||||||
|
riot_base_url: "https://riot.bonifacelabs.ca"
|
||||||
|
password_providers:
|
||||||
|
- module: "rest_auth_provider.RestAuthProvider"
|
||||||
|
config:
|
||||||
|
endpoint: "http://localhost:8090"
|
||||||
|
# - module: "ldap_auth_provider.LdapAuthProvider"
|
||||||
|
# config:
|
||||||
|
# enabled: true
|
||||||
|
# uri: "ldap://{{ blsecluster_ldaphost }}:389"
|
||||||
|
# start_tls: false
|
||||||
|
# base: "{{ ldap_basedn }}"
|
||||||
|
# attributes:
|
||||||
|
# uid: "uid"
|
||||||
|
# mail: "mail"
|
||||||
|
# name: "cn"
|
||||||
|
# bind_dn: "{{ username_ldap_admin }}"
|
||||||
|
# bind_password: "{{ passwd_ldap_admin }}"
|
||||||
|
# filter: "(&(objectClass=mailUser)(accountStatus=active))"
|
||||||
|
enable_group_creation: false
|
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
# Matrix report_stats configuration
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
report_stats: false
|
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
# Matrix server_name configuration
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
server_name: "{{ blsedomains_webdomain }}"
|
|
@ -0,0 +1,47 @@
|
||||||
|
---
|
||||||
|
# mxisd configuration file
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
matrix:
|
||||||
|
domain: "im.{{ blsedomains_webdomain }}"
|
||||||
|
key:
|
||||||
|
path: '/var/lib/mxisd/keys'
|
||||||
|
storage:
|
||||||
|
provider:
|
||||||
|
sqlite:
|
||||||
|
database: '/var/lib/mxisd/store.db'
|
||||||
|
ldap:
|
||||||
|
enabled: true
|
||||||
|
connection:
|
||||||
|
host: "{{ blsecluster_ldaphost }}"
|
||||||
|
port: 389
|
||||||
|
bindDn: "{{ username_ldap_admin }}"
|
||||||
|
bindPassword: "{{ passwd_ldap_admin }}"
|
||||||
|
baseDNs:
|
||||||
|
- "{{ ldap_basedn }}"
|
||||||
|
filter: "(&(objectClass=mailUser)(accountStatus=active))"
|
||||||
|
attribute:
|
||||||
|
uid:
|
||||||
|
type: "uid"
|
||||||
|
value: "uid"
|
||||||
|
name: "cn"
|
||||||
|
threepid:
|
||||||
|
email:
|
||||||
|
- "mail"
|
||||||
|
threepid:
|
||||||
|
medium:
|
||||||
|
email:
|
||||||
|
identity:
|
||||||
|
from: "matrix@{{ blsedomains_webdomain }}"
|
||||||
|
connectors:
|
||||||
|
smtp:
|
||||||
|
host: "{{ blsecluster_smtphost }}"
|
||||||
|
port: 587
|
||||||
|
tls: 1
|
||||||
|
login: "{{ username_email_root }}"
|
||||||
|
password: "{{ passwd_email_root }}"
|
||||||
|
dns:
|
||||||
|
overwrite:
|
||||||
|
homeserver:
|
||||||
|
client:
|
||||||
|
- name: 'im.{{ blsedomains_webdomain }}'
|
||||||
|
value: 'http://localhost:8008'
|
|
@ -0,0 +1,37 @@
|
||||||
|
{
|
||||||
|
"default_hs_url": "https://im.{{ blsedomains_webdomain }}",
|
||||||
|
"default_is_url": "https://im.{{ blsedomains_webdomain }}",
|
||||||
|
"disable_custom_urls": false,
|
||||||
|
"disable_guests": false,
|
||||||
|
"disable_login_language_selector": false,
|
||||||
|
"disable_3pid_login": false,
|
||||||
|
"brand": "Riot",
|
||||||
|
"integrations_ui_url": "https://scalar.vector.im/",
|
||||||
|
"integrations_rest_url": "https://scalar.vector.im/api",
|
||||||
|
"integrations_jitsi_widget_url": "https://scalar.vector.im/api/widgets/jitsi.html",
|
||||||
|
"bug_report_endpoint_url": "https://riot.im/bugreports/submit",
|
||||||
|
"features": {
|
||||||
|
"feature_groups": "labs",
|
||||||
|
"feature_pinning": "labs"
|
||||||
|
},
|
||||||
|
"default_federate": true,
|
||||||
|
"default_theme": "light",
|
||||||
|
"roomDirectory": {
|
||||||
|
"servers": [
|
||||||
|
"{{ blsedomains_webdomain }}",
|
||||||
|
"im.{{ blsedomains_webdomain }}"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"welcomeUserId": "@riot-bot:matrix.org",
|
||||||
|
"piwik": {
|
||||||
|
"url": "https://piwik.riot.im/",
|
||||||
|
"whitelistedHSUrls": ["https://{{ blsedomains_webdomain }}", "https://im.{{ blsedomains_webdomain }}", "https://matrix.org"],
|
||||||
|
"whitelistedISUrls": ["https://{{ blsedomains_webdomain }}", "https://im.{{ blsedomains_webdomain }}", "https://vector.im", "https://matrix.org"],
|
||||||
|
"siteId": 1
|
||||||
|
},
|
||||||
|
"enable_presence_by_hs_url": {
|
||||||
|
"https://{{ blsedomains_webdomain }}": true,
|
||||||
|
"https://im.{{ blsedomains_webdomain }}": true,
|
||||||
|
"https://matrix.org": true
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,16 @@
|
||||||
|
# Simple and straightforward web server for Riot
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
server {
|
||||||
|
listen 80 default_server;
|
||||||
|
listen [::]:80 default_server;
|
||||||
|
|
||||||
|
root /var/www/riot;
|
||||||
|
|
||||||
|
index index.html;
|
||||||
|
|
||||||
|
server_name _;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue