mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2024-12-12 08:43:55 +02:00
initial PR
This commit is contained in:
parent
9bc0eb36ab
commit
4c882c513b
2
roles/matrix-awx/defaults/main.yml
Executable file
2
roles/matrix-awx/defaults/main.yml
Executable file
@ -0,0 +1,2 @@
|
||||
|
||||
matrix_awx_enabled: false
|
88
roles/matrix-awx/surveys/configure_corporal.json.j2
Executable file
88
roles/matrix-awx/surveys/configure_corporal.json.j2
Executable file
@ -0,0 +1,88 @@
|
||||
{
|
||||
"name": "Configure Matrix Corporal",
|
||||
"description": "",
|
||||
"spec": [
|
||||
{
|
||||
"question_name": "Enable Corporal",
|
||||
"question_description": "Controls if Matrix Corporal is enabled at all. If you're unsure if you need Matrix Corporal or not, you most likely don't.",
|
||||
"required": true,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_corporal_enabled|string|lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_corporal_enabled",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Corporal Policy Provider",
|
||||
"question_description": "Controls what provider policy is used with Matrix Corporal.",
|
||||
"required": true,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_corporal_policy_provider_mode }}",
|
||||
"choices": "Simple Static File\nHTTP Pull Mode (API Enabled)\nHTTP Push Mode (API Enabled)",
|
||||
"new_question": true,
|
||||
"variable": "matrix_corporal_policy_provider_mode",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Simple Static File Configuration",
|
||||
"question_description": "The configuration file for Matrix Corporal, only needed if 'Simple Static File' provider is selected, any configuration entered here will be saved and applied.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 65536,
|
||||
"default": "",
|
||||
"new_question": true,
|
||||
"variable": "matrix_corporal_simple_static_config",
|
||||
"type": "textarea"
|
||||
},
|
||||
{
|
||||
"question_name": "HTTP Pull Mode URI",
|
||||
"question_description": "The network address to remotely fetch the configuration from. Only needed if 'HTTP Pull Mode (API Enabled)' provider is selected.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 4096,
|
||||
"default": "{{ matrix_corporal_pull_mode_uri }}",
|
||||
"new_question": true,
|
||||
"variable": "matrix_corporal_pull_mode_uri",
|
||||
"type": "text"
|
||||
},
|
||||
{
|
||||
"question_name": "HTTP Pull Mode Authentication Token",
|
||||
"question_description": "An authentication token for pulling the Corporal configuration from a network location. Only needed if 'HTTP Pull Mode (API Enabled)' provider is selected. WARNING: You must set a strong and unique password here.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 256,
|
||||
"default": "{{ matrix_corporal_pull_mode_token }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "matrix_corporal_pull_mode_token",
|
||||
"type": "password"
|
||||
},
|
||||
{
|
||||
"question_name": "Corporal API Authentication Token",
|
||||
"question_description": "An authentication token for interfacing with Corporals API. Only needed to be set if 'HTTP Pull Mode (API Enabled)' or 'HTTP Push Mode (API Enabled)' provider is selected. WARNING: You must set a strong and unique password here.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 256,
|
||||
"default": "{{ matrix_corporal_http_api_auth_token }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "matrix_corporal_http_api_auth_token",
|
||||
"type": "password"
|
||||
},
|
||||
{
|
||||
"question_name": "Raise Synapse Ratelimits",
|
||||
"question_description": "For Matrix Corporal to work you will need to temporarily raise the rate limits for logins, please return this value to 'Normal' after you're done using Corporal.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_corporal_raise_ratelimits }}",
|
||||
"choices": "Normal\nRaised",
|
||||
"new_question": true,
|
||||
"variable": "matrix_corporal_raise_ratelimits",
|
||||
"type": "multiplechoice"
|
||||
}
|
||||
]
|
||||
}
|
78
roles/matrix-awx/surveys/configure_element.json.j2
Executable file
78
roles/matrix-awx/surveys/configure_element.json.j2
Executable file
@ -0,0 +1,78 @@
|
||||
{
|
||||
"name": "",
|
||||
"description": "",
|
||||
"spec": [
|
||||
{
|
||||
"question_name": "Enable Element-Web",
|
||||
"question_description": "Set if Element web client is enabled or not.",
|
||||
"required": true,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_client_element_enabled }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_client_element_enabled",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Set Branding for Web Client",
|
||||
"question_description": "Sets the 'branding' seen in the tab and on the welcome page to a custom value.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 256,
|
||||
"default": "{{ matrix_client_element_brand }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "matrix_client_element_brand",
|
||||
"type": "text"
|
||||
},
|
||||
{
|
||||
"question_name": "Set Theme for Web Client",
|
||||
"question_description": "Sets the default theme for the web client, can be changed later by individual users.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_client_element_default_theme }}",
|
||||
"choices": "light\ndark",
|
||||
"new_question": true,
|
||||
"variable": "matrix_client_element_default_theme",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Set Welcome Page Background",
|
||||
"question_description": "URL to Wallpaper, shown in background of the welcome page. Must be a 'https' link, otherwise it won't be set.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 1024,
|
||||
"default": "{{ matrix_client_element_branding_welcomeBackgroundUrl }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "matrix_client_element_branding_welcomeBackgroundUrl",
|
||||
"type": "text"
|
||||
},
|
||||
{
|
||||
"question_name": "Show Registration Button",
|
||||
"question_description": "If you show the registration button on the welcome page.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_client_element_registration_enabled }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_client_element_registration_enabled",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Set Element Subdomain.",
|
||||
"question_description": "Sets the subdomain of the Element web-client, you should only specify the subdomain, not the base domain you've already set. (Eg: 'element' for element.example.org) Note that if you change this value you'll need to reconfigure your DNS.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 2048,
|
||||
"default": "{{ element_subdomain }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "element_subdomain",
|
||||
"type": "text"
|
||||
}
|
||||
]
|
||||
}
|
31
roles/matrix-awx/surveys/configure_jitsi.json.j2
Executable file
31
roles/matrix-awx/surveys/configure_jitsi.json.j2
Executable file
@ -0,0 +1,31 @@
|
||||
{
|
||||
"name": "",
|
||||
"description": "",
|
||||
"spec": [
|
||||
{
|
||||
"question_name": "Enable Jitsi",
|
||||
"question_description": "Set if Jitsi is enabled or not. If disabled your server will use the https://jitsi.riot.im server. If you're on a smaller server disabling this might increase the performance of your Matrix service.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_jitsi_enabled }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_jitsi_enabled",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Set Default Language.",
|
||||
"question_description": "2 digit 639-1 language code to adjust the language of the web client. For a list of possible codes see: https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 2,
|
||||
"default": "{{ matrix_jitsi_web_config_defaultLanguage }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "matrix_jitsi_web_config_defaultLanguage",
|
||||
"type": "text"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
41
roles/matrix-awx/surveys/configure_ma1sd.json.j2
Normal file
41
roles/matrix-awx/surveys/configure_ma1sd.json.j2
Normal file
@ -0,0 +1,41 @@
|
||||
{
|
||||
"name": "",
|
||||
"description": "",
|
||||
"spec": [
|
||||
{
|
||||
"question_name": "Enable ma1sd",
|
||||
"question_description": "Set if ma1sd is enabled or not. If disabled your server will loose identity functionality (not recommended).",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_ma1sd_enabled|string|lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_ma1sd_enabled",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "ma1sd Authentication Mode",
|
||||
"question_description": "Set the source of user account authentication credentials with the ma1sd.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ ext_matrix_ma1sd_auth_store }}",
|
||||
"choices": "Synapse Internal\nLDAP/AD",
|
||||
"new_question": true,
|
||||
"variable": "ext_matrix_ma1sd_auth_store",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "LDAP/AD Configuration",
|
||||
"question_description": "Settings for connecting LDAP/AD to the ma1sd service. (ignored if using Synapse Internal, see https://github.com/ma1uta/ma1sd/blob/master/docs/stores/README.md )",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 65536,
|
||||
"default": {{ ext_matrix_ma1sd_configuration_extension_yaml | to_json }},
|
||||
"new_question": true,
|
||||
"variable": "ext_matrix_ma1sd_configuration_extension_yaml",
|
||||
"type": "textarea"
|
||||
}
|
||||
]
|
||||
}
|
198
roles/matrix-awx/surveys/configure_synapse.json.j2
Executable file
198
roles/matrix-awx/surveys/configure_synapse.json.j2
Executable file
@ -0,0 +1,198 @@
|
||||
{
|
||||
"name": "Configure Synapse",
|
||||
"description": "",
|
||||
"spec": [
|
||||
{
|
||||
"question_name": "Enable Public Registration",
|
||||
"question_description": "Controls whether people with access to the homeserver can register by themselves.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_synapse_enable_registration|string|lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_synapse_enable_registration",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Enable Federation",
|
||||
"question_description": "Controls whether Synapse will federate at all. Disable this to completely isolate your server from the rest of the Matrix network.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_synapse_federation_enabled|string|lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_synapse_federation_enabled",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Allow Public Rooms Over Federation",
|
||||
"question_description": "Controls whether remote servers can fetch this server's public rooms directory via federation. For private servers, you'll most likely want to forbid this.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_synapse_allow_public_rooms_over_federation|string|lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_synapse_allow_public_rooms_over_federation",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Enable Community Creation",
|
||||
"question_description": "Allows regular users (who aren't server admins) to create 'communities', which are basically groups of rooms.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_synapse_enable_group_creation|string|lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_synapse_enable_group_creation",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Enable Synapse Presence",
|
||||
"question_description": "Controls whether presence is enabled. This shows who's online and reading your posts. Disabling it will increase both performance and user privacy.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_synapse_use_presence|string|lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_synapse_use_presence",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Enable URL Previews",
|
||||
"question_description": "Controls whether URL previews should be generated. This will cause a request from Synapse to URLs shared by users.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_synapse_url_preview_enabled|string|lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_synapse_url_preview_enabled",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Enable Guest Access",
|
||||
"question_description": "Controls whether 'guest accounts' can access rooms without registering. Guest users do not count towards your servers user limit.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_synapse_allow_guest_access|string|lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_synapse_allow_guest_access",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Registration Requires Email",
|
||||
"question_description": "Controls whether an email address is required to register on the server.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ ext_registrations_require_3pid|string|lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "ext_registrations_require_3pid",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Registration Shared Secret",
|
||||
"question_description": "A secret that allows registration of standard or admin accounts by anyone who has the shared secret, even if registration is otherwise disabled. WARNING: You must set a strong and unique password here.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 256,
|
||||
"default": "",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "matrix_synapse_registration_shared_secret",
|
||||
"type": "password"
|
||||
},
|
||||
{
|
||||
"question_name": "Synapse Max Upload Size",
|
||||
"question_description": "Sets the maximum size for uploaded files in MB.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 3,
|
||||
"default": "{{ matrix_synapse_max_upload_size_mb }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "matrix_synapse_max_upload_size_mb",
|
||||
"type": "text"
|
||||
},
|
||||
{
|
||||
"question_name": "URL Preview Languages",
|
||||
"question_description": "Sets the languages that URL previews will be generated in. Entries are a 2-3 letter IETF language tag, they must be seperated with newlines. For example: 'fr' https://en.wikipedia.org/wiki/IETF_language_tag",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 65536,
|
||||
"default": {{ ext_url_preview_accept_language_default|to_json }},
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "ext_url_preview_accept_language_raw",
|
||||
"type": "textarea"
|
||||
},
|
||||
{
|
||||
"question_name": "Federation Whitelist",
|
||||
"question_description": "Here you can list the URLs of other Matrix homeservers and Synapse will only federate with those homeservers. Entries must be seperated with newlines and must not have a 'https://' prefix. For example: 'matrix.example.org'",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 65536,
|
||||
"default": {{ ext_federation_whitelist_raw|to_json }},
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "ext_federation_whitelist_raw",
|
||||
"type": "textarea"
|
||||
},
|
||||
{
|
||||
"question_name": "Synapse Auto-Join Rooms",
|
||||
"question_description": "Sets the 'auto-join' rooms, where new users will be automatically invited to, these rooms must already exist. Entries must be room addresses that are separated with newlines. For example: '#announcements:example.org'",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 65536,
|
||||
"default": {{ matrix_synapse_auto_join_rooms_raw|to_json }},
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "matrix_synapse_auto_join_rooms_raw",
|
||||
"type": "textarea"
|
||||
},
|
||||
{
|
||||
"question_name": "Enable ReCaptcha on Registration",
|
||||
"question_description": "Enables Googles ReCaptcha verification for registering an account, recommended for public servers.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ ext_enable_registration_captcha|string|lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "ext_enable_registration_captcha",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "Recaptcha Public Key",
|
||||
"question_description": "Sets the Google ReCaptcha public key for this website.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 40,
|
||||
"default": "{{ ext_recaptcha_public_key }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "ext_recaptcha_public_key",
|
||||
"type": "text"
|
||||
},
|
||||
{
|
||||
"question_name": "Recaptcha Private Key",
|
||||
"question_description": "Sets the Google ReCaptcha private key for this website.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 40,
|
||||
"default": "{{ ext_recaptcha_private_key }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "ext_recaptcha_private_key",
|
||||
"type": "text"
|
||||
}
|
||||
]
|
||||
}
|
18
roles/matrix-awx/surveys/configure_synapse_admin.json.j2
Normal file
18
roles/matrix-awx/surveys/configure_synapse_admin.json.j2
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"name": "Configure Synapse Admin",
|
||||
"description": "Configure 'Synapse Admin', a moderation tool to help you manage your server.",
|
||||
"spec": [
|
||||
{
|
||||
"question_name": "Enable Synapse Admin",
|
||||
"question_description": "Set if Synapse Admin is enabled or not. If enabled you can access it at https://matrix.{{ matrix_domain }}/synapse-admin.",
|
||||
"required": false,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ matrix_synapse_admin_enabled|string|lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "matrix_synapse_admin_enabled",
|
||||
"type": "multiplechoice"
|
||||
}
|
||||
]
|
||||
}
|
30
roles/matrix-awx/surveys/configure_website_access_backup.json.j2
Executable file
30
roles/matrix-awx/surveys/configure_website_access_backup.json.j2
Executable file
@ -0,0 +1,30 @@
|
||||
{
|
||||
"name": "Configure Website Access Backup",
|
||||
"description": "Configure base domain website settings and access the services backup.",
|
||||
"spec": [
|
||||
{
|
||||
"question_name": "Customise Base Domain Website",
|
||||
"question_description": "Set if you want to adjust the base domain website using SFTP.",
|
||||
"required": true,
|
||||
"min": null,
|
||||
"max": null,
|
||||
"default": "{{ customise_base_domain_website|string|lower }}",
|
||||
"choices": "true\nfalse",
|
||||
"new_question": true,
|
||||
"variable": "customise_base_domain_website",
|
||||
"type": "multiplechoice"
|
||||
},
|
||||
{
|
||||
"question_name": "SFTP Password",
|
||||
"question_description": "Sets the password of the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as download the latest copy of your services backup. If empty the password won't be updated. WARNING: You must set a strong and unique password here.",
|
||||
"required": false,
|
||||
"min": 0,
|
||||
"max": 64,
|
||||
"default": "{{ sftp_password }}",
|
||||
"choices": "",
|
||||
"new_question": true,
|
||||
"variable": "sftp_password",
|
||||
"type": "password"
|
||||
}
|
||||
]
|
||||
}
|
31
roles/matrix-awx/tasks/create_user.yml
Executable file
31
roles/matrix-awx/tasks/create_user.yml
Executable file
@ -0,0 +1,31 @@
|
||||
#
|
||||
# Create user and define if they are admin
|
||||
#
|
||||
# /usr/local/bin/matrix-synapse-register-user <your_username> <your_password> <admin access: 0 or 1>
|
||||
#
|
||||
|
||||
- name: Set admin bool to zero
|
||||
set_fact:
|
||||
admin_bool: 0
|
||||
when: admin_access == 'false'
|
||||
|
||||
- name: Examine if server admin set
|
||||
set_fact:
|
||||
admin_bool: 1
|
||||
when: admin_access == 'true'
|
||||
|
||||
- name: Set boolean value to exit playbook
|
||||
set_fact:
|
||||
end_playbook: true
|
||||
|
||||
- name: Create user account
|
||||
command: |
|
||||
/usr/local/bin/matrix-synapse-register-user {{ new_username }} '{{ new_password }}' {{ admin_bool }}
|
||||
register: cmd
|
||||
|
||||
- name: Result
|
||||
debug: msg="{{ cmd.stdout }}"
|
||||
|
||||
- name: End playbook if this task list is called.
|
||||
meta: end_play
|
||||
when: end_playbook is defined and end_playbook|bool
|
159
roles/matrix-awx/tasks/customise_website_access_backup.yml
Executable file
159
roles/matrix-awx/tasks/customise_website_access_backup.yml
Executable file
@ -0,0 +1,159 @@
|
||||
|
||||
|
||||
- name: Enable index.html creation if user doesn't wish to customise base domain
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Base Domain Settings'
|
||||
with_dict:
|
||||
'matrix_nginx_proxy_base_domain_homepage_enabled': 'true'
|
||||
when: customise_base_domain_website|bool == false
|
||||
|
||||
- name: Disable index.html creation to allow multi-file site if user does wish to customise base domain
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Base Domain Settings'
|
||||
with_dict:
|
||||
'matrix_nginx_proxy_base_domain_homepage_enabled': 'false'
|
||||
when: customise_base_domain_website|bool == true
|
||||
|
||||
- name: Record 'Customise Website + Access Backup' variables locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# AWX Settings'
|
||||
with_dict:
|
||||
'customise_base_domain_website': '{{ customise_base_domain_website }}'
|
||||
|
||||
- name: Copy new 'matrix_vars.yml' to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
dest: '/matrix/awx/matrix_vars.yml'
|
||||
mode: '0660'
|
||||
|
||||
- name: Reload vars in matrix_vars.yml
|
||||
include_vars:
|
||||
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
|
||||
- name: Save new 'Customise Website + Access Backup' survey.json to the AWX tower, template
|
||||
delegate_to: 127.0.0.1
|
||||
template:
|
||||
src: './roles/matrix-awx/surveys/configure_website_access_backup.json.j2'
|
||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_backup.json'
|
||||
|
||||
- name: Copy new 'Customise Website + Access Backup' survey.json to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_backup.json'
|
||||
dest: '/matrix/awx/configure_website_access_backup.json'
|
||||
mode: '0660'
|
||||
|
||||
- name: Collect AWX admin token the hard way!
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
||||
register: tower_token
|
||||
no_log: True
|
||||
|
||||
- name: Recreate 'Customise Base Domain Website' job template
|
||||
delegate_to: 127.0.0.1
|
||||
awx.awx.tower_job_template:
|
||||
name: "{{ matrix_domain }} - 1 - Configure Website + Access Backup"
|
||||
description: "Configure base domain website settings and access the services backup."
|
||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
||||
job_type: run
|
||||
job_tags: "start,setup-nginx-proxy"
|
||||
inventory: "{{ member_id }}"
|
||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
||||
playbook: setup.yml
|
||||
credential: "{{ member_id }} - AWX SSH Key"
|
||||
survey_enabled: true
|
||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_backup.json') }}"
|
||||
become_enabled: yes
|
||||
state: present
|
||||
verbosity: 1
|
||||
tower_host: "https://{{ tower_host }}"
|
||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
||||
validate_certs: yes
|
||||
|
||||
# Copied over from provision stage
|
||||
|
||||
- name: Copy ssh_sftp.service file
|
||||
copy:
|
||||
src: './roles/matrix-awx/templates/sftp/ssh_sftp.service'
|
||||
dest: '/lib/systemd/system/ssh_sftp.service'
|
||||
mode: 0644
|
||||
|
||||
- name: Copy sshd config file
|
||||
copy:
|
||||
src: './roles/matrix-awx/templates/sftp/sshd_sftp_config'
|
||||
dest: '/etc/ssh/sshd_sftp_config'
|
||||
mode: 0644
|
||||
|
||||
- name: Ensure group "sftp" exists
|
||||
group:
|
||||
name: sftp
|
||||
state: present
|
||||
|
||||
- name: If user defines sftp_password, enable account / set password on 'stfp' account.
|
||||
user:
|
||||
name: sftp
|
||||
comment: SFTP user to set custom web files
|
||||
shell: /bin/false
|
||||
home: /home/sftp/
|
||||
group: sftp
|
||||
password: "{{ sftp_password | password_hash('sha512') }}"
|
||||
update_password: always
|
||||
when: (sftp_password is defined) and (sftp_password|length > 0)
|
||||
|
||||
# would be safer if it generated the password for you!
|
||||
|
||||
- name: Setup SFTP users default root path
|
||||
shell: sudo usermod -d / sftp
|
||||
|
||||
- name: adding existing user 'sftp' to group matrix
|
||||
user:
|
||||
name: sftp
|
||||
groups: matrix
|
||||
append: yes
|
||||
|
||||
- name: Create the ro /chroot directory with sticky bit if it doesn't exist. (/chroot/website has matrix:matrix permissions and is mounted to nginx container)
|
||||
file:
|
||||
path: /chroot
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: '1755'
|
||||
|
||||
- name: Create the rw /chroot/website directory if it doesn't exist.
|
||||
file:
|
||||
path: /chroot/website
|
||||
state: directory
|
||||
owner: matrix
|
||||
group: matrix
|
||||
mode: '0574'
|
||||
|
||||
- name: Ensure /chroot/backup/ location exists
|
||||
file:
|
||||
path: /chroot/backup
|
||||
state: directory
|
||||
owner: sftp
|
||||
group: sftp
|
||||
mode: '0700'
|
||||
|
||||
- name: Enable service ssh_sftp.service
|
||||
service:
|
||||
name: ssh_sftp.service
|
||||
enabled: yes
|
||||
|
||||
- name: Start service ssh_sftp.service
|
||||
service:
|
||||
name: ssh_sftp.service
|
||||
state: started
|
||||
|
21
roles/matrix-awx/tasks/import_awx.yml
Normal file
21
roles/matrix-awx/tasks/import_awx.yml
Normal file
@ -0,0 +1,21 @@
|
||||
|
||||
- name: Ensure /matrix/awx is empty
|
||||
shell: rm -r /matrix/awx/*
|
||||
|
||||
- name: Ensure /matrix/synapse is empty
|
||||
shell: rm -r /matrix/synapse/*
|
||||
|
||||
- name: Extract from /chroot/backup
|
||||
shell: tar -xvzf /chroot/backup/matrix.tar.gz -C /matrix/
|
||||
|
||||
- name: Ensure correct ownership of /matrix/awx
|
||||
shell: chown -R matrix:matrix /matrix/awx
|
||||
|
||||
- name: Ensure correct ownership of /matrix/synapse
|
||||
shell: chown -R matrix:matrix /matrix/synapse
|
||||
|
||||
- name: Fetch matrix_vars.yml file to AWX
|
||||
fetch:
|
||||
src: /matrix/awx/matrix_vars.yml
|
||||
dest: /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/
|
||||
flat: yes
|
10
roles/matrix-awx/tasks/load_hosting_and_org_variables.yml
Normal file
10
roles/matrix-awx/tasks/load_hosting_and_org_variables.yml
Normal file
@ -0,0 +1,10 @@
|
||||
|
||||
- name: Include vars in organisation.yml
|
||||
include_vars:
|
||||
file: '/var/lib/awx/projects/clients/{{ member_id }}/organisation.yml'
|
||||
no_log: True
|
||||
|
||||
- name: Include vars in hosting_vars.yml
|
||||
include_vars:
|
||||
file: '/var/lib/awx/projects/hosting/hosting_vars.yml'
|
||||
no_log: True
|
6
roles/matrix-awx/tasks/load_matrix_variables.yml
Executable file
6
roles/matrix-awx/tasks/load_matrix_variables.yml
Executable file
@ -0,0 +1,6 @@
|
||||
|
||||
- name: Include vars in matrix_vars.yml
|
||||
include_vars:
|
||||
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
# no_log: True
|
||||
|
73
roles/matrix-awx/tasks/main.yml
Executable file
73
roles/matrix-awx/tasks/main.yml
Executable file
@ -0,0 +1,73 @@
|
||||
|
||||
# Load initial hosting and organisation variables from AWX volume
|
||||
- import_tasks: "{{ role_path }}/tasks/load_hosting_and_org_variables.yml"
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- always
|
||||
|
||||
# Create a user account if called
|
||||
- import_tasks: "{{ role_path }}/tasks/create_user.yml"
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- create-user
|
||||
|
||||
# Perform extra self-check functions
|
||||
- import_tasks: "{{ role_path }}/tasks/self_check.yml"
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- self-check
|
||||
|
||||
# Import configs, media repo from /chroot/backup import
|
||||
- import_tasks: "{{ role_path }}/tasks/import_awx.yml"
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- import-awx
|
||||
|
||||
# Configure SFTP so user can upload a static website
|
||||
- import_tasks: "{{ role_path }}/tasks/customise_website_access_backup.yml"
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- setup-nginx-proxy
|
||||
|
||||
# Additional playbook to set the variable file during Element configuration
|
||||
- import_tasks: "{{ role_path }}/tasks/set_variables_element.yml"
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- setup-client-element
|
||||
|
||||
# Additional playbook to set the variable file during Synapse configuration
|
||||
- import_tasks: "{{ role_path }}/tasks/set_variables_synapse.yml"
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- setup-synapse
|
||||
|
||||
# Additional playbook to set the variable file during Jitsi configuration
|
||||
- import_tasks: "{{ role_path }}/tasks/set_variables_jitsi.yml"
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- setup-jitsi
|
||||
|
||||
# Additional playbook to set the variable file during Ma1sd configuration
|
||||
- import_tasks: "{{ role_path }}/tasks/set_variables_ma1sd.yml"
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- setup-ma1sd
|
||||
|
||||
# Additional playbook to set the variable file during Corporal configuration
|
||||
- import_tasks: "{{ role_path }}/tasks/set_variables_corporal.yml"
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- setup-corporal
|
||||
|
||||
# Additional playbook to set the variable file during Synapse Admin configuration
|
||||
- import_tasks: "{{ role_path }}/tasks/set_variables_synapse_admin.yml"
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- setup-all
|
||||
|
||||
# Load newly formed matrix variables from tower volume
|
||||
- import_tasks: "{{ role_path }}/tasks/load_matrix_variables.yml"
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- always
|
||||
|
94
roles/matrix-awx/tasks/self_check.yml
Normal file
94
roles/matrix-awx/tasks/self_check.yml
Normal file
@ -0,0 +1,94 @@
|
||||
|
||||
- name: Install prerequisite apt packages on target
|
||||
apt:
|
||||
name:
|
||||
- sysstat
|
||||
state: present
|
||||
|
||||
- name: Install prerequisite yum packages on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
yum:
|
||||
name:
|
||||
- bind-utils
|
||||
state: present
|
||||
|
||||
- name: Install prerequisite pip packages on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
pip:
|
||||
name:
|
||||
- dnspython
|
||||
state: present
|
||||
|
||||
- name: Calculate CPU usage statistics
|
||||
shell: iostat -c
|
||||
register: cpu_usage_stat
|
||||
no_log: True
|
||||
|
||||
- name: Print CPU usage statistics
|
||||
debug:
|
||||
msg: "{{ cpu_usage_stat.stdout.split('\n') }}"
|
||||
when: cpu_usage_stat is defined
|
||||
|
||||
- name: Calculate RAM usage statistics
|
||||
shell: free -mh
|
||||
register: ram_usage_stat
|
||||
no_log: True
|
||||
|
||||
- name: Print RAM usage statistics
|
||||
debug:
|
||||
msg: "{{ ram_usage_stat.stdout.split('\n') }}"
|
||||
when: ram_usage_stat is defined
|
||||
|
||||
- name: Calculate free disk space
|
||||
shell: df -h
|
||||
register: disk_space_stat
|
||||
no_log: True
|
||||
|
||||
- name: Print free disk space
|
||||
debug:
|
||||
msg: "{{ disk_space_stat.stdout.split('\n') }}"
|
||||
when: disk_space_stat is defined
|
||||
|
||||
- name: Calculate size of Synapse database
|
||||
shell: du -sh /matrix/postgres/data
|
||||
register: db_size_stat
|
||||
no_log: True
|
||||
|
||||
- name: Print size of Synapse database
|
||||
debug:
|
||||
msg: "{{ db_size_stat.stdout.split('\n') }}"
|
||||
when: db_size_stat is defined
|
||||
|
||||
- name: Calculate size of local media repository
|
||||
shell: du -sh /matrix/synapse/storage/media-store/local*
|
||||
register: local_media_size_stat
|
||||
ignore_errors: yes
|
||||
no_log: True
|
||||
|
||||
- name: Print size of local media repository
|
||||
debug:
|
||||
msg: "{{ local_media_size_stat.stdout.split('\n') }}"
|
||||
when: local_media_size_stat is defined
|
||||
|
||||
- name: Calculate size of remote media repository
|
||||
shell: du -sh /matrix/synapse/storage/media-store/remote*
|
||||
register: remote_media_size_stat
|
||||
ignore_errors: yes
|
||||
no_log: True
|
||||
|
||||
- name: Print size of remote media repository
|
||||
debug:
|
||||
msg: "{{ remote_media_size_stat.stdout.split('\n') }}"
|
||||
when: remote_media_size_stat is defined
|
||||
|
||||
- name: Calculate docker container statistics
|
||||
shell: docker stats --all --no-stream
|
||||
register: docker_stats
|
||||
ignore_errors: yes
|
||||
no_log: True
|
||||
|
||||
- name: Print docker container statistics
|
||||
debug:
|
||||
msg: "{{ docker_stats.stdout.split('\n') }}"
|
||||
when: docker_stats is defined
|
||||
|
254
roles/matrix-awx/tasks/set_variables_corporal.yml
Executable file
254
roles/matrix-awx/tasks/set_variables_corporal.yml
Executable file
@ -0,0 +1,254 @@
|
||||
|
||||
- name: Record Corporal Enabled/Disabled variable
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Corporal Settings'
|
||||
with_dict:
|
||||
'matrix_corporal_enabled': '{{ matrix_corporal_enabled }}'
|
||||
|
||||
- name: Enable Shared Secret Auth if Corporal enabled
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Shared Secret Auth Settings'
|
||||
with_dict:
|
||||
'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'true'
|
||||
when: matrix_corporal_enabled|bool
|
||||
|
||||
- name: Disable Shared Secret Auth if Corporal disabled
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Shared Secret Auth Settings'
|
||||
with_dict:
|
||||
'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'false'
|
||||
when: not matrix_corporal_enabled|bool
|
||||
|
||||
- name: Enable Rest Auth Endpoint if Corporal enabled
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Synapse Extension'
|
||||
with_dict:
|
||||
'matrix_synapse_ext_password_provider_rest_auth_enabled': 'true'
|
||||
when: matrix_corporal_enabled|bool
|
||||
|
||||
- name: Disable Rest Auth Endpoint if Corporal disabled
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Synapse Extension'
|
||||
with_dict:
|
||||
'matrix_synapse_ext_password_provider_rest_auth_enabled': 'false'
|
||||
when: not matrix_corporal_enabled|bool
|
||||
|
||||
- name: Disable Corporal API if Simple Static File mode selected
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Corporal Settings'
|
||||
with_dict:
|
||||
'matrix_corporal_http_api_enabled': 'false'
|
||||
when: (matrix_corporal_policy_provider_mode == "Simple Static File") or (not matrix_corporal_enabled|bool)
|
||||
|
||||
- name: Enable Corporal API if Push/Pull mode delected
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Corporal Settings'
|
||||
with_dict:
|
||||
'matrix_corporal_http_api_enabled': 'true'
|
||||
when: (matrix_corporal_policy_provider_mode != "Simple Static File") and (matrix_corporal_enabled|bool)
|
||||
|
||||
- name: Record Corporal API Access Token if it's defined
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Corporal Settings'
|
||||
with_dict:
|
||||
'matrix_corporal_http_api_auth_token': '{{ matrix_corporal_http_api_auth_token }}'
|
||||
when: matrix_corporal_http_api_auth_token|length > 0
|
||||
|
||||
- name: Record 'Simple Static File' configuration variables in matrix_vars.yml
|
||||
delegate_to: 127.0.0.1
|
||||
blockinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
insertafter: "# Corporal Policy Provider Settings"
|
||||
block: |
|
||||
matrix_corporal_policy_provider_config: |
|
||||
{
|
||||
"Type": "static_file",
|
||||
"Path": "/etc/matrix-corporal/corporal-policy.json"
|
||||
}
|
||||
when: matrix_corporal_policy_provider_mode == "Simple Static File"
|
||||
|
||||
- name: Touch the /matrix/corporal/ directory
|
||||
file:
|
||||
path: "/matrix/corporal/"
|
||||
state: directory
|
||||
owner: matrix
|
||||
group: matrix
|
||||
mode: '750'
|
||||
|
||||
- name: Touch the /matrix/corporal/config/ directory
|
||||
file:
|
||||
path: "/matrix/corporal/config/"
|
||||
state: directory
|
||||
owner: matrix
|
||||
group: matrix
|
||||
mode: '750'
|
||||
|
||||
- name: Touch the /matrix/corporal/cache/ directory
|
||||
file:
|
||||
path: "/matrix/corporal/cache/"
|
||||
state: directory
|
||||
owner: matrix
|
||||
group: matrix
|
||||
mode: '750'
|
||||
|
||||
- name: Touch the corporal-policy.json file to ensure it exists
|
||||
file:
|
||||
path: "/matrix/corporal/config/corporal-policy.json"
|
||||
state: touch
|
||||
owner: matrix
|
||||
group: matrix
|
||||
mode: '660'
|
||||
|
||||
- name: Touch the last-policy.json file to ensure it exists
|
||||
file:
|
||||
path: "/matrix/corporal/config/last-policy.json"
|
||||
state: touch
|
||||
owner: matrix
|
||||
group: matrix
|
||||
mode: '660'
|
||||
|
||||
- name: Record 'Simple Static File' configuration content in corporal-policy.json
|
||||
copy:
|
||||
content: "{{ matrix_corporal_simple_static_config | string }}"
|
||||
dest: "/matrix/corporal/config/corporal-policy.json"
|
||||
owner: matrix
|
||||
group: matrix
|
||||
mode: '660'
|
||||
when: (matrix_corporal_policy_provider_mode == "Simple Static File") and (matrix_corporal_simple_static_config|length > 0)
|
||||
|
||||
- name: Record 'HTTP Pull Mode' configuration variables in matrix_vars.yml
|
||||
delegate_to: 127.0.0.1
|
||||
blockinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
insertafter: "# Corporal Policy Provider Settings"
|
||||
block: |
|
||||
matrix_corporal_policy_provider_config: |
|
||||
{
|
||||
"Type": "http",
|
||||
"Uri": "{{ matrix_corporal_pull_mode_uri }}",
|
||||
"AuthorizationBearerToken": "{{ matrix_corporal_pull_mode_token }}",
|
||||
"CachePath": "/var/cache/matrix-corporal/last-policy.json",
|
||||
"ReloadIntervalSeconds": 1800,
|
||||
"TimeoutMilliseconds": 30000
|
||||
}
|
||||
when: (matrix_corporal_policy_provider_mode == "HTTP Pull Mode (API Enabled)") and (matrix_corporal_pull_mode_uri|length > 0) and (matrix_corporal_pull_mode_token|length > 0)
|
||||
|
||||
- name: Record 'HTTP Push Mode' configuration variables in matrix_vars.yml
|
||||
delegate_to: 127.0.0.1
|
||||
blockinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
insertafter: "# Corporal Policy Provider Settings"
|
||||
block: |
|
||||
matrix_corporal_policy_provider_config: |
|
||||
{
|
||||
"Type": "last_seen_store_policy",
|
||||
"CachePath": "/var/cache/matrix-corporal/last-policy.json"
|
||||
}
|
||||
when: (matrix_corporal_policy_provider_mode == "HTTP Push Mode (API Enabled)")
|
||||
|
||||
- name: Lower RateLimit if set to 'Normal'
|
||||
delegate_to: 127.0.0.1
|
||||
replace:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: ' address:\n per_second: 50\n burst_count: 300\n account:\n per_second: 0.17\n burst_count: 300'
|
||||
replace: ' address:\n per_second: 0.17\n burst_count: 3\n account:\n per_second: 0.17\n burst_count: 3'
|
||||
when: matrix_corporal_raise_ratelimits == "Normal"
|
||||
|
||||
- name: Raise RateLimit if set to 'Raised'
|
||||
delegate_to: 127.0.0.1
|
||||
replace:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: ' address:\n per_second: 0.17\n burst_count: 3\n account:\n per_second: 0.17\n burst_count: 3'
|
||||
replace: ' address:\n per_second: 50\n burst_count: 300\n account:\n per_second: 0.17\n burst_count: 300'
|
||||
when: matrix_corporal_raise_ratelimits == "Raised"
|
||||
|
||||
- name: Copy new 'matrix_vars.yml' to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
dest: '/matrix/awx/matrix_vars.yml'
|
||||
mode: '0664'
|
||||
|
||||
- name: Save new 'Configure Corporal' survey.json to the AWX tower
|
||||
delegate_to: 127.0.0.1
|
||||
template:
|
||||
src: 'roles/matrix-awx/surveys/configure_corporal.json.j2'
|
||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json'
|
||||
|
||||
- name: Copy new 'Configure Corporal' survey.json to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json'
|
||||
dest: '/matrix/awx/configure_corporal.json'
|
||||
mode: '0660'
|
||||
|
||||
- debug:
|
||||
msg: "matrix_corporal_matrix_homeserver_api_endpoint: {{ matrix_corporal_matrix_homeserver_api_endpoint }}"
|
||||
|
||||
- debug:
|
||||
msg: "matrix_corporal_matrix_auth_shared_secret: {{ matrix_corporal_matrix_auth_shared_secret }}"
|
||||
|
||||
- debug:
|
||||
msg: "matrix_corporal_http_gateway_internal_rest_auth_enabled: {{ matrix_corporal_http_gateway_internal_rest_auth_enabled }}"
|
||||
|
||||
- debug:
|
||||
msg: "matrix_corporal_matrix_registration_shared_secret: {{ matrix_corporal_matrix_registration_shared_secret }}"
|
||||
|
||||
- name: Collect AWX admin token the hard way!
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
||||
register: tower_token
|
||||
no_log: True
|
||||
|
||||
- name: Recreate 'Configure Corporal (Advanced)' job template
|
||||
delegate_to: 127.0.0.1
|
||||
awx.awx.tower_job_template:
|
||||
name: "{{ matrix_domain }} - 1 - Configure Corporal (Advanced)"
|
||||
description: "Configure Matrix Corporal, a tool that manages your Matrix server according to a configuration policy."
|
||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
||||
job_type: run
|
||||
job_tags: "start,setup-corporal"
|
||||
inventory: "{{ member_id }}"
|
||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
||||
playbook: setup.yml
|
||||
credential: "{{ member_id }} - AWX SSH Key"
|
||||
survey_enabled: true
|
||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json') }}"
|
||||
become_enabled: yes
|
||||
state: present
|
||||
verbosity: 1
|
||||
tower_host: "https://{{ tower_host }}"
|
||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
||||
validate_certs: yes
|
||||
|
77
roles/matrix-awx/tasks/set_variables_element.yml
Executable file
77
roles/matrix-awx/tasks/set_variables_element.yml
Executable file
@ -0,0 +1,77 @@
|
||||
|
||||
- name: Record Element-Web variables locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Element Settings'
|
||||
with_dict:
|
||||
'matrix_client_element_enabled': '{{ matrix_client_element_enabled }}'
|
||||
'matrix_client_element_jitsi_preferredDomain': '{{ matrix_client_element_jitsi_preferredDomain }}'
|
||||
'matrix_client_element_brand': '{{ matrix_client_element_brand }}'
|
||||
'matrix_client_element_default_theme': '{{ matrix_client_element_default_theme }}'
|
||||
'matrix_client_element_registration_enabled': '{{ matrix_client_element_registration_enabled }}'
|
||||
'matrix_server_fqn_element': "{{ element_subdomain }}.{{ matrix_domain }}"
|
||||
|
||||
- name: Set fact for 'https' string
|
||||
set_fact:
|
||||
https_string: "https"
|
||||
|
||||
- name: Record Element-Web Background variable locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Element Settings'
|
||||
with_dict:
|
||||
'matrix_client_element_branding_welcomeBackgroundUrl': '{{ matrix_client_element_branding_welcomeBackgroundUrl }}'
|
||||
when: (https_string in matrix_client_element_branding_welcomeBackgroundUrl) and ( matrix_client_element_branding_welcomeBackgroundUrl|length > 0 )
|
||||
|
||||
- name: Copy new 'matrix_vars.yml' to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
dest: '/matrix/awx/matrix_vars.yml'
|
||||
mode: '0660'
|
||||
|
||||
- name: Save new 'Configure Element' survey.json to the AWX tower, template
|
||||
delegate_to: 127.0.0.1
|
||||
template:
|
||||
src: 'roles/matrix-awx/surveys/configure_element.json.j2'
|
||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json'
|
||||
|
||||
- name: Copy new 'Configure Element' survey.json to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json'
|
||||
dest: '/matrix/awx/configure_element.json'
|
||||
mode: '0660'
|
||||
|
||||
- name: Collect AWX admin token the hard way!
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
||||
register: tower_token
|
||||
no_log: True
|
||||
|
||||
- name: Recreate 'Configure Element' job template
|
||||
delegate_to: 127.0.0.1
|
||||
awx.awx.tower_job_template:
|
||||
name: "{{ matrix_domain }} - 1 - Configure Element"
|
||||
description: "Configure Element client via survey."
|
||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
||||
job_type: run
|
||||
job_tags: "start,setup-client-element"
|
||||
inventory: "{{ member_id }}"
|
||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
||||
playbook: setup.yml
|
||||
credential: "{{ member_id }} - AWX SSH Key"
|
||||
survey_enabled: true
|
||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json') }}"
|
||||
become_enabled: yes
|
||||
state: present
|
||||
verbosity: 1
|
||||
tower_host: "https://{{ tower_host }}"
|
||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
||||
validate_certs: yes
|
||||
|
58
roles/matrix-awx/tasks/set_variables_jitsi.yml
Executable file
58
roles/matrix-awx/tasks/set_variables_jitsi.yml
Executable file
@ -0,0 +1,58 @@
|
||||
|
||||
- name: Record Jitsi variables locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Jitsi Settings'
|
||||
with_dict:
|
||||
'matrix_jitsi_enabled': '{{ matrix_jitsi_enabled }}'
|
||||
'matrix_jitsi_web_config_defaultLanguage': '{{ matrix_jitsi_web_config_defaultLanguage }}'
|
||||
|
||||
- name: Copy new 'matrix_vars.yml' to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
dest: '/matrix/awx/matrix_vars.yml'
|
||||
mode: '0660'
|
||||
|
||||
- name: Save new 'Configure Jitsi' survey.json to the AWX tower, template
|
||||
delegate_to: 127.0.0.1
|
||||
template:
|
||||
src: 'roles/matrix-awx/surveys/configure_jitsi.json.j2'
|
||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json'
|
||||
|
||||
- name: Copy new 'Configure Jitsi' survey.json to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json'
|
||||
dest: '/matrix/awx/configure_jitsi.json'
|
||||
mode: '0660'
|
||||
|
||||
- name: Collect AWX admin token the hard way!
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
||||
register: tower_token
|
||||
no_log: True
|
||||
|
||||
- name: Recreate 'Configure Jitsi' job template
|
||||
delegate_to: 127.0.0.1
|
||||
awx.awx.tower_job_template:
|
||||
name: "{{ matrix_domain }} - 1 - Configure Jitsi"
|
||||
description: "Configure Jitsi conferencing settings."
|
||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
||||
job_type: run
|
||||
job_tags: "start,setup-jitsi"
|
||||
inventory: "{{ member_id }}"
|
||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
||||
playbook: setup.yml
|
||||
credential: "{{ member_id }} - AWX SSH Key"
|
||||
survey_enabled: true
|
||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json') }}"
|
||||
become_enabled: yes
|
||||
state: present
|
||||
verbosity: 1
|
||||
tower_host: "https://{{ tower_host }}"
|
||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
||||
validate_certs: yes
|
||||
|
130
roles/matrix-awx/tasks/set_variables_ma1sd.yml
Executable file
130
roles/matrix-awx/tasks/set_variables_ma1sd.yml
Executable file
@ -0,0 +1,130 @@
|
||||
|
||||
- name: Record ma1sd variables locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# ma1sd Settings'
|
||||
with_dict:
|
||||
'matrix_ma1sd_enabled': '{{ matrix_ma1sd_enabled }}'
|
||||
|
||||
- name: Disable REST auth (matrix-corporal/ma1sd) if using internal auth
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Synapse Extension'
|
||||
with_dict:
|
||||
'matrix_synapse_ext_password_provider_rest_auth_enabled': 'false'
|
||||
when: ext_matrix_ma1sd_auth_store == 'Synapse Internal'
|
||||
|
||||
- name: Enable REST auth if using external LDAP/AD with ma1sd
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Synapse Extension'
|
||||
with_dict:
|
||||
'matrix_synapse_ext_password_provider_rest_auth_enabled': 'true'
|
||||
'matrix_synapse_ext_password_provider_rest_auth_endpoint': 'http://matrix-ma1sd:8090'
|
||||
when: ext_matrix_ma1sd_auth_store == 'LDAP/AD'
|
||||
|
||||
- name: Strip header from ma1sd configuration extension if using internal auth
|
||||
set_fact:
|
||||
ext_matrix_ma1sd_configuration_extension_yaml_parsed: "{{ ext_matrix_ma1sd_configuration_extension_yaml.splitlines() | reject('search', '^matrix_client_element_configuration_extension_json:') | list }}"
|
||||
when: ext_matrix_ma1sd_auth_store == 'LDAP/AD'
|
||||
|
||||
- name: Remove entire ma1sd configuration extension
|
||||
delegate_to: 127.0.0.1
|
||||
replace:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: '^.*\n'
|
||||
after: '# Start ma1sd Extension'
|
||||
before: '# End ma1sd Extension'
|
||||
|
||||
- name: Replace conjoined ma1sd configuration extension limiters
|
||||
delegate_to: 127.0.0.1
|
||||
replace:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: '^# Start ma1sd Extension# End ma1sd Extension'
|
||||
replace: '# Start ma1sd Extension\n# End ma1sd Extension'
|
||||
|
||||
- name: Insert ma1sd configuration extension header if using external LDAP/AD with ma1sd
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
line: "matrix_ma1sd_configuration_extension_yaml: |"
|
||||
insertafter: '# Start ma1sd Extension'
|
||||
when: ext_matrix_ma1sd_auth_store == 'LDAP/AD'
|
||||
|
||||
- name: Set ma1sd configuration extension if using external LDAP/AD with ma1sd
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
insertbefore: '# End ma1sd Extension'
|
||||
line: '{{ item }}'
|
||||
with_items: "{{ ext_matrix_ma1sd_configuration_extension_yaml_parsed }}"
|
||||
when: ext_matrix_ma1sd_auth_store == 'LDAP/AD'
|
||||
|
||||
- name: Record ma1sd Custom variables locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertbefore: '# Custom Settings'
|
||||
with_dict:
|
||||
'ext_matrix_ma1sd_auth_store': '{{ ext_matrix_ma1sd_auth_store }}'
|
||||
'ext_matrix_ma1sd_configuration_extension_yaml': '{{ ext_matrix_ma1sd_configuration_extension_yaml.splitlines() | to_json }}'
|
||||
|
||||
- name: Copy new 'matrix_vars.yml' to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
dest: '/matrix/awx/matrix_vars.yml'
|
||||
mode: '0660'
|
||||
|
||||
- name: Save new 'Configure ma1sd' survey.json to the AWX tower, template
|
||||
delegate_to: 127.0.0.1
|
||||
template:
|
||||
src: 'roles/matrix-awx/surveys/configure_ma1sd.json.j2'
|
||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json'
|
||||
|
||||
- name: Copy new 'Configure ma1sd' survey.json to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json'
|
||||
dest: '/matrix/awx/configure_ma1sd.json'
|
||||
mode: '0660'
|
||||
|
||||
- name: Collect AWX admin token the hard way!
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
||||
register: tower_token
|
||||
no_log: True
|
||||
|
||||
- name: Recreate 'Configure ma1sd (Advanced)' job template
|
||||
delegate_to: 127.0.0.1
|
||||
awx.awx.tower_job_template:
|
||||
name: "{{ matrix_domain }} - 1 - Configure ma1sd (Advanced)"
|
||||
description: "Configure Jitsi conferencing settings."
|
||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
||||
job_type: run
|
||||
job_tags: "start,setup-ma1sd"
|
||||
inventory: "{{ member_id }}"
|
||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
||||
playbook: setup.yml
|
||||
credential: "{{ member_id }} - AWX SSH Key"
|
||||
survey_enabled: true
|
||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json') }}"
|
||||
become_enabled: yes
|
||||
state: present
|
||||
verbosity: 1
|
||||
tower_host: "https://{{ tower_host }}"
|
||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
||||
validate_certs: yes
|
||||
|
||||
# ^ This playbook isn't executing so the survey isn't being updated! :P
|
||||
|
223
roles/matrix-awx/tasks/set_variables_synapse.yml
Executable file
223
roles/matrix-awx/tasks/set_variables_synapse.yml
Executable file
@ -0,0 +1,223 @@
|
||||
|
||||
- name: Record Synapse variables locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Synapse Settings'
|
||||
with_dict:
|
||||
'matrix_synapse_allow_public_rooms_over_federation': '{{ matrix_synapse_allow_public_rooms_over_federation }}'
|
||||
'matrix_synapse_enable_registration': '{{ matrix_synapse_enable_registration }}'
|
||||
'matrix_synapse_federation_enabled': '{{ matrix_synapse_federation_enabled }}'
|
||||
'matrix_synapse_enable_group_creation': '{{ matrix_synapse_enable_group_creation }}'
|
||||
'matrix_synapse_use_presence': '{{ matrix_synapse_use_presence }}'
|
||||
'matrix_synapse_max_upload_size_mb': '{{ matrix_synapse_max_upload_size_mb }}'
|
||||
'matrix_synapse_url_preview_enabled': '{{ matrix_synapse_url_preview_enabled }}'
|
||||
'matrix_synapse_allow_guest_access': '{{ matrix_synapse_allow_guest_access }}'
|
||||
|
||||
- name: Empty Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if raw inputs empty
|
||||
delegate_to: 127.0.0.1
|
||||
replace:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^matrix_synapse_auto_join_rooms: .*$"
|
||||
replace: "matrix_synapse_auto_join_rooms: []"
|
||||
when: matrix_synapse_auto_join_rooms_raw|length == 0
|
||||
|
||||
- name: If the raw inputs is not empty start constructing parsed auto_join_rooms list
|
||||
set_fact:
|
||||
matrix_synapse_auto_join_rooms_array: |-
|
||||
{{ matrix_synapse_auto_join_rooms_raw.splitlines() | to_json }}
|
||||
when: matrix_synapse_auto_join_rooms_raw|length > 0
|
||||
|
||||
- name: Record Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if it's not blank
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Synapse Settings'
|
||||
with_dict:
|
||||
"matrix_synapse_auto_join_rooms": "{{ matrix_synapse_auto_join_rooms_array }}"
|
||||
when: matrix_synapse_auto_join_rooms_raw|length > 0
|
||||
|
||||
- name: Record Synapse Shared Secret if it's defined
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Synapse Settings'
|
||||
with_dict:
|
||||
'matrix_synapse_registration_shared_secret': '{{ matrix_synapse_registration_shared_secret }}'
|
||||
when: matrix_synapse_registration_shared_secret|length > 0
|
||||
|
||||
- name: Record registations_require_3pid extra variable if true
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "{{ item }}:"
|
||||
line: "{{ item }}"
|
||||
insertbefore: '# End Synapse Extension'
|
||||
with_items:
|
||||
- " registrations_require_3pid:"
|
||||
- " - email"
|
||||
when: ext_registrations_require_3pid|bool
|
||||
|
||||
- name: Remove registrations_require_3pid extra variable if false
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "{{ item }}:"
|
||||
line: "{{ item }}"
|
||||
insertbefore: '# End Synapse Extension'
|
||||
state: absent
|
||||
with_items:
|
||||
- " registrations_require_3pid:"
|
||||
- " - email"
|
||||
when: not ext_registrations_require_3pid|bool
|
||||
|
||||
- name: Remove URL Languages
|
||||
delegate_to: 127.0.0.1
|
||||
replace:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: '^(?!.*\bemail\b) - [a-zA-Z\-]{2,5}\n'
|
||||
after: ' url_preview_accept_language:'
|
||||
before: '# End Synapse Extension'
|
||||
|
||||
- name: Set URL languages default if raw inputs empty
|
||||
set_fact:
|
||||
ext_url_preview_accept_language_default: 'en'
|
||||
when: ext_url_preview_accept_language_raw|length == 0
|
||||
|
||||
- name: Set URL languages default if raw inputs not empty
|
||||
set_fact:
|
||||
ext_url_preview_accept_language_default: "{{ ext_url_preview_accept_language_raw }}"
|
||||
when: ext_url_preview_accept_language_raw|length > 0
|
||||
|
||||
- name: Set URL languages if raw inputs empty
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
insertafter: '^ url_preview_accept_language:'
|
||||
line: " - {{ ext_url_preview_accept_language_default }}"
|
||||
when: ext_url_preview_accept_language_raw|length == 0
|
||||
|
||||
- name: Set URL languages if raw inputs not empty
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
insertafter: '^ url_preview_accept_language:'
|
||||
line: " - {{ item }}"
|
||||
with_items: "{{ ext_url_preview_accept_language_raw.splitlines() }}"
|
||||
when: ext_url_preview_accept_language_raw|length > 0
|
||||
|
||||
- name: Remove Federation Whitelisting 1
|
||||
delegate_to: 127.0.0.1
|
||||
replace:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: '^ - [a-z0-9]+\.[a-z0-9.]+\n'
|
||||
after: ' federation_domain_whitelist:'
|
||||
before: '# End Synapse Extension'
|
||||
|
||||
- name: Remove Federation Whitelisting 2
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
line: " federation_domain_whitelist:"
|
||||
state: absent
|
||||
|
||||
- name: Set Federation Whitelisting 1
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
insertafter: '^matrix_synapse_configuration_extension_yaml: \|'
|
||||
line: " federation_domain_whitelist:"
|
||||
when: ext_federation_whitelist_raw|length > 0
|
||||
|
||||
- name: Set Federation Whitelisting 2
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
insertafter: '^ federation_domain_whitelist:'
|
||||
line: " - {{ item }}"
|
||||
with_items: "{{ ext_federation_whitelist_raw.splitlines() }}"
|
||||
when: ext_federation_whitelist_raw|length > 0
|
||||
|
||||
- name: Record Synapse Custom variables locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertbefore: '# Custom Settings'
|
||||
with_dict:
|
||||
'ext_federation_whitelist_raw': '{{ ext_federation_whitelist_raw.splitlines() | to_json }}'
|
||||
'ext_url_preview_accept_language_default': '{{ ext_url_preview_accept_language_default.splitlines() | to_json }}'
|
||||
|
||||
- name: Set ext_recaptcha_public_key to a 'public-key' if undefined
|
||||
set_fact: ext_recaptcha_public_key="public-key"
|
||||
when: (ext_recaptcha_public_key is not defined) or (ext_recaptcha_public_key|length == 0)
|
||||
|
||||
- name: Set ext_recaptcha_private_key to a 'private-key' if undefined
|
||||
set_fact: ext_recaptcha_private_key="private-key"
|
||||
when: (ext_recaptcha_private_key is not defined) or (ext_recaptcha_private_key|length == 0)
|
||||
|
||||
- name: Record Synapse Extension variables locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertbefore: '# End Synapse Extension'
|
||||
with_dict:
|
||||
' enable_registration_captcha': '{{ ext_enable_registration_captcha }}'
|
||||
' recaptcha_public_key': '{{ ext_recaptcha_public_key }}'
|
||||
' recaptcha_private_key': '{{ ext_recaptcha_private_key }}'
|
||||
|
||||
- name: Copy new 'matrix_vars.yml' to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
dest: '/matrix/awx/matrix_vars.yml'
|
||||
mode: '0660'
|
||||
|
||||
- name: Save new 'Configure Synapse' survey.json to the AWX tower, template
|
||||
delegate_to: 127.0.0.1
|
||||
template:
|
||||
src: 'roles/matrix-awx/surveys/configure_synapse.json.j2'
|
||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//configure_synapse.json'
|
||||
|
||||
- name: Copy new 'Configure Synapse' survey.json to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json'
|
||||
dest: '/matrix/awx/configure_synapse.json'
|
||||
mode: '0660'
|
||||
|
||||
- name: Collect AWX admin token the hard way!
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
||||
register: tower_token
|
||||
no_log: True
|
||||
|
||||
- name: Recreate 'Configure Synapse' job template
|
||||
delegate_to: 127.0.0.1
|
||||
awx.awx.tower_job_template:
|
||||
name: "{{ matrix_domain }} - 1 - Configure Synapse"
|
||||
description: "Configure Synapse (homeserver) settings."
|
||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
||||
job_type: run
|
||||
job_tags: "start,setup-synapse"
|
||||
inventory: "{{ member_id }}"
|
||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
||||
playbook: setup.yml
|
||||
credential: "{{ member_id }} - AWX SSH Key"
|
||||
survey_enabled: true
|
||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json') }}"
|
||||
become_enabled: yes
|
||||
state: present
|
||||
verbosity: 1
|
||||
tower_host: "https://{{ tower_host }}"
|
||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
||||
validate_certs: yes
|
||||
|
58
roles/matrix-awx/tasks/set_variables_synapse_admin.yml
Normal file
58
roles/matrix-awx/tasks/set_variables_synapse_admin.yml
Normal file
@ -0,0 +1,58 @@
|
||||
|
||||
- name: Record Synapse Admin variables locally on AWX
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: '# Synapse Admin Settings'
|
||||
with_dict:
|
||||
'matrix_synapse_admin_enabled': '{{ matrix_synapse_admin_enabled }}'
|
||||
|
||||
- name: Copy new 'matrix_vars.yml' to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
dest: '/matrix/awx/matrix_vars.yml'
|
||||
mode: '0660'
|
||||
|
||||
- name: Save new 'Configure Synapse Admin' survey.json to the AWX tower, template
|
||||
delegate_to: 127.0.0.1
|
||||
template:
|
||||
src: 'roles/matrix-awx/surveys/configure_synapse_admin.json.j2'
|
||||
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json'
|
||||
|
||||
- name: Copy new 'Configure Synapse Admin' survey.json to target machine
|
||||
copy:
|
||||
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json'
|
||||
dest: '/matrix/awx/configure_synapse_admin.json'
|
||||
mode: '0660'
|
||||
|
||||
- name: Collect AWX admin token the hard way!
|
||||
delegate_to: 127.0.0.1
|
||||
shell: |
|
||||
curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g'
|
||||
register: tower_token
|
||||
no_log: True
|
||||
|
||||
- name: Recreate 'Configure Synapse Admin' job template
|
||||
delegate_to: 127.0.0.1
|
||||
awx.awx.tower_job_template:
|
||||
name: "{{ matrix_domain }} - 1 - Configure Synapse Admin"
|
||||
description: "Configure 'Synapse Admin', a moderation tool to help you manage your server."
|
||||
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
|
||||
job_type: run
|
||||
job_tags: "start,setup-all"
|
||||
inventory: "{{ member_id }}"
|
||||
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
|
||||
playbook: setup.yml
|
||||
credential: "{{ member_id }} - AWX SSH Key"
|
||||
survey_enabled: true
|
||||
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json') }}"
|
||||
become_enabled: yes
|
||||
state: present
|
||||
verbosity: 1
|
||||
tower_host: "https://{{ tower_host }}"
|
||||
tower_oauthtoken: "{{ tower_token.stdout }}"
|
||||
validate_certs: yes
|
||||
|
||||
|
23
roles/matrix-awx/templates/sftp/ssh_sftp.service
Executable file
23
roles/matrix-awx/templates/sftp/ssh_sftp.service
Executable file
@ -0,0 +1,23 @@
|
||||
[Unit]
|
||||
Description=OpenBSD Secure Shell server
|
||||
Documentation=man:sshd(8) man:sshd_config(5)
|
||||
After=network.target auditd.service
|
||||
ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
|
||||
|
||||
[Service]
|
||||
EnvironmentFile=-/etc/default/ssh
|
||||
ExecStartPre=/usr/sbin/sshd -t
|
||||
ExecStart=/usr/sbin/sshd -D -f /etc/ssh/sshd_sftp_config $SSHD_OPTS
|
||||
ExecReload=/usr/sbin/sshd -t
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
KillMode=process
|
||||
Restart=on-failure
|
||||
RestartPreventExitStatus=255
|
||||
Type=notify
|
||||
RuntimeDirectory=sshd
|
||||
RuntimeDirectoryMode=0755
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Alias=sshd_sftp.service
|
||||
|
33
roles/matrix-awx/templates/sftp/sshd_sftp_config
Executable file
33
roles/matrix-awx/templates/sftp/sshd_sftp_config
Executable file
@ -0,0 +1,33 @@
|
||||
# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
|
||||
|
||||
# This is the sshd server system-wide configuration file. See
|
||||
# sshd_config(5) for more information.
|
||||
|
||||
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
|
||||
|
||||
# The strategy used for options in the default sshd_config shipped with
|
||||
# OpenSSH is to specify options with their default value where
|
||||
# possible, but leave them commented. Uncommented options override the
|
||||
# default value.
|
||||
|
||||
Port 2222
|
||||
PermitRootLogin no
|
||||
PasswordAuthentication yes
|
||||
ChallengeResponseAuthentication no
|
||||
UsePAM yes
|
||||
X11Forwarding yes
|
||||
PrintMotd no
|
||||
|
||||
AcceptEnv LANG LC_*
|
||||
|
||||
# override default of no subsystems
|
||||
Subsystem sftp internal-sftp
|
||||
|
||||
Match User sftp
|
||||
ChrootDirectory /chroot
|
||||
PermitTunnel no
|
||||
X11Forwarding no
|
||||
AllowTcpForwarding no
|
||||
ForceCommand internal-sftp
|
||||
|
||||
|
20
roles/matrix-common-after/tasks/awx_post.yml
Normal file
20
roles/matrix-common-after/tasks/awx_post.yml
Normal file
@ -0,0 +1,20 @@
|
||||
---
|
||||
|
||||
- name: Create user account
|
||||
command: |
|
||||
/usr/local/bin/matrix-synapse-register-user janitor '{{ matrix_awx_janitor_user_password }}' 1
|
||||
register: cmd
|
||||
when: not matrix_awx_janitor_user_created|bool
|
||||
no_log: True
|
||||
|
||||
- name: Update AWX janitor user created variable
|
||||
delegate_to: 127.0.0.1
|
||||
lineinfile:
|
||||
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
|
||||
regexp: "^#? *{{ item.key | regex_escape() }}:"
|
||||
line: "{{ item.key }}: {{ item.value }}"
|
||||
insertafter: 'AWX Settings'
|
||||
with_dict:
|
||||
'matrix_awx_janitor_user_created': 'true'
|
||||
when: not matrix_awx_janitor_user_created|bool
|
||||
|
@ -1,3 +1,4 @@
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/start.yml"
|
||||
when: run_start|bool
|
||||
tags:
|
||||
@ -11,7 +12,14 @@
|
||||
- import_tasks: "{{ role_path }}/tasks/dump_runtime_results.yml"
|
||||
tags:
|
||||
- always
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/awx_post.yml"
|
||||
when: run_setup|bool and matrix_awx_enabled|bool
|
||||
tags:
|
||||
- always
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/run_docker_prune.yml"
|
||||
tags:
|
||||
- run-docker-prune
|
||||
|
||||
|
||||
|
5
roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2
Normal file → Executable file
5
roles/matrix-nginx-proxy/templates/systemd/matrix-nginx-proxy.service.j2
Normal file → Executable file
@ -33,7 +33,12 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \
|
||||
-p {{ matrix_nginx_proxy_container_federation_host_bind_port }}:8448 \
|
||||
{% endif %}
|
||||
--mount type=bind,src={{ matrix_nginx_proxy_base_path }}/nginx.conf,dst=/etc/nginx/nginx.conf,ro \
|
||||
{% if matrix_awx_enabled|bool == false or matrix_nginx_proxy_base_domain_homepage_enabled %}
|
||||
--mount type=bind,src={{ matrix_nginx_proxy_data_path }},dst=/nginx-data,ro \
|
||||
{% endif %}
|
||||
{% if matrix_awx_enabled and matrix_nginx_proxy_base_domain_homepage_enabled|bool == false %}
|
||||
--mount type=bind,src=/chroot/website,dst=/nginx-data/matrix-domain,ro \
|
||||
{% endif %}
|
||||
--mount type=bind,src={{ matrix_nginx_proxy_confd_path }},dst=/etc/nginx/conf.d,ro \
|
||||
{% if matrix_ssl_retrieval_method != 'none' %}
|
||||
--mount type=bind,src={{ matrix_ssl_config_dir_path }},dst={{ matrix_ssl_config_dir_path }},ro \
|
||||
|
Loading…
Reference in New Issue
Block a user