--- - name: 'install gnupg and ca-cert' apt: pkg: - 'gnupg' - 'ca-certificates' tags: - 'packages' - name: 'add matrix gnupg key to apt' apt_key: id: 'AAF9AE843A7584B5A3E4CD2BCF45A512DE2DA058' url: 'https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg' state: 'present' tags: - 'packages' - name: 'add matrix apt repos' apt_repository: repo: '{{ item }}' state: 'present' loop: - 'deb https://packages.matrix.org/debian/ bullseye main' - 'deb-src https://packages.matrix.org/debian/ bullseye main' tags: - 'packages' - name: 'set synapse server name' debconf: name: 'matrix-synapse-py3' question: 'matrix-synapse/server-name' vtype: 'string' value: '{{ synapse_domain }}' - name: 'install synapse' import_role: name='service' vars: service_name: 'matrix-synapse' service_packages: - 'matrix-synapse-py3' - 'postgresql' - 'postgresql-contrib' - 'python3-psycopg2' - block: - name: 'PGSQL | create synapse DB' postgresql_db: name: 'synapse' encoding: 'UTF-8' lc_collate: 'C' lc_ctype: 'C' template: 'template0' - name: 'PGSQL | create synapse DB user' postgresql_user: name: 'matrix-synapse' db: 'synapse' priv: 'ALL' become: true become_method: 'su' become_user: 'postgres' #- name: fix synapse folders permissions # file: # path: "{{ item }}" # owner: matrix-synapse # group: nogroup # mode: 0750 # state: directory # with_items: # - /etc/matrix-synapse # - /etc/matrix-synapse/conf.d - name: 'upload synapse reverse proxy conf' template: src: 'synapse.conf.j2' dest: '/etc/nginx/locations/{{ synapse_nginx_fqdn }}/synapse.conf' vars: nginx_proxy_remote_host: '{{ synapse_nginx_proxy_remote_host }}' nginx_proxy_location_path: '{{ synapse_nginx_proxy_location_path }}' notify: 'restart nginx' - name: 'try to read LDAP service password' command: 'sed -n "s/^\s\+bind_password: \"\(.\+\)\"$/\1/p" /etc/matrix-synapse/homeserver.yaml' register: synapse_read_ldap_passwd no_log: true tags: - 'service_password' - name: 'set LDAP service password' set_fact: synapse_ldap_passwd: '{{ synapse_read_ldap_passwd.stdout | d("") }}' no_log: true tags: - 'service_password' - block: - name: 'LDAP | generate client service password' gen_passwd: 'length=32' register: 'synapse_ldap_gen_passwd' no_log: true tags: - 'service_password' - name: 'LDAP | set client service password on server' delegate_to: 'localhost' ldap_passwd: dn: 'cn={{ host_fqdn }},ou=Server,{{ ldap_basedn }}' passwd: '{{ synapse_ldap_gen_passwd.passwd }}' server_uri: 'ldap://{{ ldap_server }}' start_tls: '{{ ldap_tls_enabled }}' bind_dn: '{{ ldap_admin_dn }}' bind_pw: '{{ ldap_admin_pw }}' - name: 'LDAP | set client service password on client' set_fact: synapse_ldap_passwd: '{{ synapse_ldap_gen_passwd.passwd }}' no_log: true when: synapse_ldap_passwd == '' or ldap_renew_secret tags: - 'service_password' - name: 'LDAP | update client root ca' copy: content: '{{ ldap_tls_server_ca }}' dest: '/etc/ldap/server_ca.crt' - name: 'LDAP | configure client' copy: src: 'ldap.conf' dest: '/etc/ldap/ldap.conf' - name: 'get turn shared secret' slurp: path: '/etc/coturn_rest.secret' register: coturn_secret when: synapse_coturn_integration delegate_to: '{{ coturn_host }}' - name: 'upload synapse conf' template: src: 'homeserver.yaml.j2' dest: '/etc/matrix-synapse/homeserver.yaml' notify: 'reload matrix-synapse' tags: - 'service_password' - name: 'MONITORING | add HTTP service' block: - name: 'MONITORING | add service to monitoring entry' set_fact: monitoring_entry: > {{ monitoring_entry | default({}) | combine({ 'address': ansible_host, 'vhosts_uri': { synapse_nginx_fqdn: {'/_matrix/client/versions': '{"versions":'} }, }, recursive=true) }} - name: 'MONITORING | update monitoring facts' set_fact: monitoring_facts: > {{ hostvars[monitoring_host]['monitoring_facts'] | default({}) | combine({host_fqdn: monitoring_entry}) }} delegate_facts: true delegate_to: '{{ monitoring_host }}' tags: - 'monitoring' ...