olli/debian.ansible.matrix.server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

basic installation

Browse Source
This commit is contained in:
olli 2023-08-24 09:29:26 +02:00
parent 43a0c203af
commit cde80d270c
2 changed files with 13 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
README.md
View File

@ -4,24 +4,25 @@
- debian.ansible.traefik.server - debian.ansible.traefik.server
# Installation # Installation
´´´ ```
ansible-playbook --connection=local --inventory $(hostname), --limit $(hostname) matrix.yml ansible-playbook --connection=local --inventory $(hostname), --limit $(hostname) matrix.yml
´´´ ```
# User Administration # User Administration
Admin User is created while installation. Admin User is created while installation.
Username: mx-admin Username: mx-admin
Password can be found with Password can be found with
´´´ ```
cat /home/docker/matrix.$(hostname)/env cat /home/docker/matrix.$(hostname)/env
´´´ ```
Create a new user with Create a new user with
´´´ ```
docker compose -f /home/docker/matrix.$(hostname)/docker-compose.yml exec -ti matrix.defiant.dedyn.io register_new_matrix_user -c /data/homeserver.yaml --no-admin http://localhost:8008 docker compose -f /home/docker/matrix.$(hostname)/docker-compose.yml exec -ti matrix.defiant.dedyn.io register_new_matrix_user -c /data/homeserver.yaml --no-admin http://localhost:8008
´´´ ```
List users List users
. /home/docker/matrix.$(hostname)/env ; docker compose -f /home/docker/matrix.$(hostname)/docker-compose.yml exec -ti matrix.defiant.dedyn.io--db psql -U $POSTGRES_USER -d synapse -c "SELECT name from users" . /home/docker/matrix.$(hostname)/env ; docker compose -f /home/docker/matrix.$(hostname)/docker-compose.yml exec -ti matrix.defiant.dedyn.io--db psql -U $POSTGRES_USER -d synapse -c "SELECT name from users"
# Debugging # Debugging
https://federationtester.matrix.org https://federationtester.matrix.org

66
matrix.yml
View File

@ -61,10 +61,13 @@
enabled: true enabled: true
host: matrix.{{inventory_hostname}}--redis host: matrix.{{inventory_hostname}}--redis
port: 6379 port: 6379
media_retention:
local_media_lifetime: 28d
remote_media_lifetime: 14d
backup: yes backup: yes
notify: Restart matrix notify: Restart matrix
- name: /home/docker/matrix.{{inventory_hostname}}/genpw.sh (generate Random PW for Nextcloud and DB) - name: /home/docker/matrix.{{inventory_hostname}}/genpw.sh (generate Random PW for Matrix and DB)
blockinfile: blockinfile:
path: /home/docker/matrix.{{inventory_hostname}}/genpw.sh path: /home/docker/matrix.{{inventory_hostname}}/genpw.sh
create: yes create: yes
@ -83,7 +86,6 @@
MATRIX_ADMIN_PASSWORD=!MATRIX_ADMIN_PASSWORD! MATRIX_ADMIN_PASSWORD=!MATRIX_ADMIN_PASSWORD!
" >env " >env
[ -f env.db ] || echo "POSTGRES_USER=!POSTGRESUSER! [ -f env.db ] || echo "POSTGRES_USER=!POSTGRESUSER!
POSTGRES_PASSWORD=!POSTGRESPASSWORD! POSTGRES_PASSWORD=!POSTGRESPASSWORD!
" >env.db " >env.db
@ -190,27 +192,6 @@
} }
backup: yes backup: yes
- name: /home/docker/matrix.{{inventory_hostname}}/turnserver.conf
blockinfile:
path: /home/docker/matrix.{{inventory_hostname}}/turnserver.conf
mode: "0400"
owner: root
group: root
create: yes
marker: "# {mark} ANSIBLE MANAGED BLOCK"
block: |
syslog
listening-port=3478
fingerprint
use-auth-secret
static-auth-secret=
realm=matrix.{{inventory_hostname}}
total-quota=100
bps-capacity=0
stale-nonce
no-multicast-peers
backup: yes
- name: Element Web configuration - name: Element Web configuration
copy: copy:
@ -344,6 +325,7 @@
matrix.{{inventory_hostname}}--db: matrix.{{inventory_hostname}}--db:
image: docker.io/postgres:latest image: docker.io/postgres:latest
restart: unless-stopped restart: unless-stopped
command: postgres -c wal_level=minimal -c max_wal_size=100MB -c max_wal_senders=0
volumes: volumes:
- ./matrixdb-data:/var/lib/postgresql/data - ./matrixdb-data:/var/lib/postgresql/data
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
@ -354,19 +336,6 @@
networks: networks:
- matrix.{{inventory_hostname}}--network - matrix.{{inventory_hostname}}--network
matrix.{{inventory_hostname}}--coturn:
image: coturn/coturn:latest
restart: unless-stopped
volumes:
- /etc/localtime:/etc/localtime:ro
- ./turnserver.conf:/etc/coturn/turnserver.conf
networks:
- matrix.{{inventory_hostname}}--network
- traefik
ports:
- 3479:3478
- 3479:3478/udp
matrix.{{inventory_hostname}}--redis: matrix.{{inventory_hostname}}--redis:
image: redis:latest image: redis:latest
restart: unless-stopped restart: unless-stopped
@ -479,34 +448,11 @@
# create: yes # create: yes
# marker: "# {mark} ANSIBLE MANAGED BLOCK" # marker: "# {mark} ANSIBLE MANAGED BLOCK"
# block: | # block: |
# # Nextcloud maintenance and app-update
# cd /home/docker/matrix.{{inventory_hostname}} || continue
# docker-compose exec -T -u www-data matrix.{{inventory_hostname}} ./occ db:add-missing-columns
# docker-compose exec -T -u www-data matrix.{{inventory_hostname}} ./occ db:add-missing-indices
# docker-compose exec -T -u www-data matrix.{{inventory_hostname}} ./occ db:add-missing-primary-keys
# docker-compose exec -T -u www-data matrix.{{inventory_hostname}} ./occ app:update --all
# docker-compose exec -T -u www-data matrix.{{inventory_hostname}} ./occ dav:sync-birthday-calendar
# docker-compose exec -T -u www-data matrix.{{inventory_hostname}} ./occ trashbin:cleanup --all-users
# docker-compose exec -T -u www-data matrix.{{inventory_hostname}} ./occ files:cleanup
# docker-compose exec -T -u www-data matrix.{{inventory_hostname}} ./occ files:scan --all
# docker-compose exec -T -u www-data matrix.{{inventory_hostname}} ./occ maps:scan-photos
# docker-compose exec -T -u www-data matrix.{{inventory_hostname}} ./occ db:convert-filecache-bigint -n
# backup: yes # backup: yes
# validate: /bin/bash -n %s # validate: /bin/bash -n %s
# notify: run matrix.update # notify: run matrix.update
- name: Allow turn for audio/video tcp
community.general.ufw:
rule: allow
port: '3479'
proto: tcp
- name: Allow turn for audio/video udp
community.general.ufw:
rule: allow
port: '3479'
proto: udp
handlers: handlers:
- name: run genpw.sh - name: run genpw.sh