basic installation

This commit is contained in:
olli 2023-08-07 11:47:26 +02:00
parent 29b147b6ff
commit 8daf9e8f1e

View File

@ -11,8 +11,16 @@
state: directory state: directory
mode: '0550' mode: '0550'
- name: Create /home/docker/matrix.{{inventory_hostname}}/data dir
ansible.builtin.file:
path: /home/docker/matrix.{{inventory_hostname}}/data
owner: 3000
group: 3000
state: directory
mode: '0750'
- name: Gen initial passwords if not exists - name: Gen initial passwords if not exists
ansible.builtin.shell: docker run --rm -v ./data:/data -e SYNAPSE_SERVER_NAME=matrix.{{inventory_hostname}} -e SYNAPSE_HTTP_PORT=8008 -e SYNAPSE_REPORT_STATS=no matrixdotorg/synapse:latest generate ansible.builtin.shell: docker run --rm -v ./data:/data -e SYNAPSE_SERVER_NAME=matrix.{{inventory_hostname}} -e SYNAPSE_HTTP_PORT=8008 -e SYNAPSE_REPORT_STATS=no -e UID=3000 -e GUID=3000 matrixdotorg/synapse:latest generate
args: args:
chdir: /home/docker/matrix.{{inventory_hostname}} chdir: /home/docker/matrix.{{inventory_hostname}}
creates: /home/docker/matrix.{{inventory_hostname}}/data/homeserver.yaml creates: /home/docker/matrix.{{inventory_hostname}}/data/homeserver.yaml
@ -26,7 +34,7 @@
group: docker group: docker
marker: "# {mark} ANSIBLE MANAGED BLOCK" marker: "# {mark} ANSIBLE MANAGED BLOCK"
block: | block: |
public_baseurl: https://matrix.{{inventory_hostname}}/ public_baseurl: https://matrix-synapse.{{inventory_hostname}}/
enable_registration: false enable_registration: false
max_upload_size: 2048M max_upload_size: 2048M
retention: retention:
@ -119,6 +127,61 @@
chdir: /home/docker/matrix.{{inventory_hostname}} chdir: /home/docker/matrix.{{inventory_hostname}}
creates: /home/docker/matrix.{{inventory_hostname}}/env creates: /home/docker/matrix.{{inventory_hostname}}/env
- name: /home/docker/matrix.{{inventory_hostname}}/nginx-matrix.conf
blockinfile:
path: /home/docker/matrix.{{inventory_hostname}}/nginx-matrix.conf
mode: "0444"
owner: root
group: root
create: yes
marker: "# {mark} ANSIBLE MANAGED BLOCK"
block: |
# Needed for federation while not using Port 8448
server {
listen 80 default_server;
server_name matrix.{{inventory_hostname}};
location / {
proxy_pass http://matrix.{{inventory_hostname}}--synapse:8008;
proxy_set_header X-Forwarded-For $remote_addr;
client_max_body_size 2048m;
}
location /.well-known/matrix/ {
root /var/www/;
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
}
backup: yes
notify: Restart matrix
- name: /home/docker/matrix.{{inventory_hostname}}/well-known/client
copy:
dest: /home/docker/matrix.{{inventory_hostname}}/well-known/client
mode: "0444"
owner: root
group: root
content: |
{
"m.homeserver": {
"base_url": "https://matrix.{{inventory_hostname}}"
}
}
backup: yes
- name: /home/docker/matrix.{{inventory_hostname}}/well-known/server
copy:
dest: /home/docker/matrix.{{inventory_hostname}}/well-known/server
mode: "0444"
owner: root
group: root
content: |
{
"m.server": "matrix-synapse.defiant.dedyn.io:443"
}
backup: yes
- name: /home/docker/matrix.{{inventory_hostname}}/turnserver.conf - name: /home/docker/matrix.{{inventory_hostname}}/turnserver.conf
blockinfile: blockinfile:
path: /home/docker/matrix.{{inventory_hostname}}/turnserver.conf path: /home/docker/matrix.{{inventory_hostname}}/turnserver.conf
@ -140,6 +203,7 @@
no-multicast-peers no-multicast-peers
backup: yes backup: yes
- name: Element Web configuration - name: Element Web configuration
copy: copy:
dest: /home/docker/matrix.{{inventory_hostname}}/element-web-config.json dest: /home/docker/matrix.{{inventory_hostname}}/element-web-config.json
@ -211,6 +275,33 @@
version: '3.6' version: '3.6'
services: services:
matrix.{{inventory_hostname}}: matrix.{{inventory_hostname}}:
image: "nginx:latest"
restart: unless-stopped
volumes:
- ./nginx-matrix.conf:/etc/nginx/conf.d/matrix.conf:ro
- ./well-known:/var/www/.well-known/matrix
depends_on:
- matrix.{{inventory_hostname}}--synapse
networks:
- matrix.{{inventory_hostname}}--network
- traefik
labels:
- traefik.enable=true
# HTTPS
- traefik.http.routers.matrix-{{ ansible_facts['hostname'] }}.rule=Host(`matrix.{{ ansible_facts['nodename'] }}`)
- traefik.http.routers.matrix-{{ ansible_facts['hostname'] }}.entrypoints=https
- traefik.http.routers.matrix-{{ ansible_facts['hostname'] }}.tls=true
# Proxy to service-port
- traefik.http.services.matrix-{{ ansible_facts['hostname'] }}.loadbalancer.server.port=80
- traefik.http.routers.matrix-{{ ansible_facts['hostname'] }}.service=matrix-{{ ansible_facts['hostname'] }}
# cert via letsencrypt
- traefik.http.routers.matrix-{{ ansible_facts['hostname'] }}.tls.certresolver=letsencrypt
# Traefik network
- traefik.docker.network=traefik
# activate secHeaders@file and .well.known
- traefik.http.routers.matrix-{{ ansible_facts['hostname'] }}.middlewares=secHeaders@file
matrix.{{inventory_hostname}}--synapse:
image: docker.io/matrixdotorg/synapse:latest image: docker.io/matrixdotorg/synapse:latest
restart: unless-stopped restart: unless-stopped
user: 3000:3000 user: 3000:3000
@ -229,18 +320,18 @@
labels: labels:
- traefik.enable=true - traefik.enable=true
# HTTPS # HTTPS
- traefik.http.routers.matrix-{{ ansible_facts['hostname'] }}.rule=Host(`matrix.{{ ansible_facts['nodename'] }}`) - traefik.http.routers.matrix-{{ ansible_facts['hostname'] }}-synapse.rule=Host(`matrix-synapse.{{ ansible_facts['nodename'] }}`)
- traefik.http.routers.matrix-{{ ansible_facts['hostname'] }}.entrypoints=https - traefik.http.routers.matrix-{{ ansible_facts['hostname'] }}-synapse.entrypoints=https
- traefik.http.routers.matrix-{{ ansible_facts['hostname'] }}.tls=true - traefik.http.routers.matrix-{{ ansible_facts['hostname'] }}-synapse.tls=true
# Proxy to service-port # Proxy to service-port
- traefik.http.services.matrix-{{ ansible_facts['hostname'] }}.loadbalancer.server.port=8008 - traefik.http.services.matrix-{{ ansible_facts['hostname'] }}-synapse.loadbalancer.server.port=8008
- traefik.http.routers.matrix-{{ ansible_facts['hostname'] }}.service=matrix-{{ ansible_facts['hostname'] }} - traefik.http.routers.matrix-{{ ansible_facts['hostname'] }}-synapse.service=matrix-{{ ansible_facts['hostname'] }}-synapse
# cert via letsencrypt # cert via letsencrypt
- traefik.http.routers.matrix-{{ ansible_facts['hostname'] }}.tls.certresolver=letsencrypt - traefik.http.routers.matrix-{{ ansible_facts['hostname'] }}-synapse.tls.certresolver=letsencrypt
# Traefik network # Traefik network
- traefik.docker.network=traefik - traefik.docker.network=traefik
# activate secHeaders@file and .well.known # activate secHeaders@file and .well.known
- traefik.http.routers.matrix-{{ ansible_facts['hostname'] }}.middlewares=secHeaders@file - traefik.http.routers.matrix-{{ ansible_facts['hostname'] }}-synapse.middlewares=secHeaders@file
matrix.{{inventory_hostname}}--db: matrix.{{inventory_hostname}}--db:
image: docker.io/postgres:latest image: docker.io/postgres:latest
@ -283,7 +374,7 @@
- matrix.{{inventory_hostname}}--network - matrix.{{inventory_hostname}}--network
- traefik - traefik
environment: environment:
- REACT_APP_SERVER=https://matrix.defiant.dedyn.io - REACT_APP_SERVER=https://{{inventory_hostname}}
labels: labels:
- traefik.enable=true - traefik.enable=true
# HTTPS # HTTPS
@ -408,13 +499,6 @@
port: '3479' port: '3479'
proto: udp proto: udp
- name: Port 8448 needed by matrix federation
community.general.ufw:
rule: allow
port: '8448'
proto: tcp
handlers: handlers:
- name: run genpw.sh - name: run genpw.sh