titanz
/
matrix-docker-ansible-deploy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ed159cc742'
${ noResults }
matrix-docker-ansible-deploy/roles/matrix-base/defaults/main.yml

124 lines
5.3 KiB
Raw Normal View History Unescape

Rename some variables
6 years ago
# The bare domain name which represents your Matrix identity.
# Matrix user ids for your server will be of the form (`@user:<matrix-domain>`).
#
Split playbook into multiple roles As suggested in #63 (Github issue), splitting the playbook's logic into multiple roles will be beneficial for maintainability. This patch realizes this split. Still, some components affect others, so the roles are not really independent of one another. For example: - disabling mxisd (`matrix_mxisd_enabled: false`), causes Synapse and riot-web to reconfigure themselves with other (public) Identity servers. - enabling matrix-corporal (`matrix_corporal_enabled: true`) affects how reverse-proxying (by `matrix-nginx-proxy`) is done, in order to put matrix-corporal's gateway server in front of Synapse We may be able to move away from such dependencies in the future, at the expense of a more complicated manual configuration, but it's probably not worth sacrificing the convenience we have now. As part of this work, the way we do "start components" has been redone now to use a loop, as suggested in #65 (Github issue). This should make restarting faster and more reliable.
6 years ago
# Note: this playbook does not touch the server referenced here.
Rename some variables
6 years ago
# Installation happens on another server ("matrix.<matrix-domain>", see `matrix_server_fqn_matrix`).
#
# Example value: example.com
matrix_domain: ~
Split playbook into multiple roles As suggested in #63 (Github issue), splitting the playbook's logic into multiple roles will be beneficial for maintainability. This patch realizes this split. Still, some components affect others, so the roles are not really independent of one another. For example: - disabling mxisd (`matrix_mxisd_enabled: false`), causes Synapse and riot-web to reconfigure themselves with other (public) Identity servers. - enabling matrix-corporal (`matrix_corporal_enabled: true`) affects how reverse-proxying (by `matrix-nginx-proxy`) is done, in order to put matrix-corporal's gateway server in front of Synapse We may be able to move away from such dependencies in the future, at the expense of a more complicated manual configuration, but it's probably not worth sacrificing the convenience we have now. As part of this work, the way we do "start components" has been redone now to use a loop, as suggested in #65 (Github issue). This should make restarting faster and more reliable.
6 years ago
Rename some variables
6 years ago
# This is where your data lives and what we set up.
Riot is now Element Fixes #586 (Github Issue)
4 years ago
# This and the Element FQN (see below) are expected to be on the same server.
Rename some variables
6 years ago
matrix_server_fqn_matrix: "matrix.{{ matrix_domain }}"
Split playbook into multiple roles As suggested in #63 (Github issue), splitting the playbook's logic into multiple roles will be beneficial for maintainability. This patch realizes this split. Still, some components affect others, so the roles are not really independent of one another. For example: - disabling mxisd (`matrix_mxisd_enabled: false`), causes Synapse and riot-web to reconfigure themselves with other (public) Identity servers. - enabling matrix-corporal (`matrix_corporal_enabled: true`) affects how reverse-proxying (by `matrix-nginx-proxy`) is done, in order to put matrix-corporal's gateway server in front of Synapse We may be able to move away from such dependencies in the future, at the expense of a more complicated manual configuration, but it's probably not worth sacrificing the convenience we have now. As part of this work, the way we do "start components" has been redone now to use a loop, as suggested in #65 (Github issue). This should make restarting faster and more reliable.
6 years ago
Riot is now Element Fixes #586 (Github Issue)
4 years ago
# This is where you access the Element web UI from (if enabled via matrix_client_element_enabled; enabled by default).
Rename some variables
6 years ago
# This and the Matrix FQN (see above) are expected to be on the same server.
Riot is now Element Fixes #586 (Github Issue)
4 years ago
matrix_server_fqn_element: "element.{{ matrix_domain }}"
Split playbook into multiple roles As suggested in #63 (Github issue), splitting the playbook's logic into multiple roles will be beneficial for maintainability. This patch realizes this split. Still, some components affect others, so the roles are not really independent of one another. For example: - disabling mxisd (`matrix_mxisd_enabled: false`), causes Synapse and riot-web to reconfigure themselves with other (public) Identity servers. - enabling matrix-corporal (`matrix_corporal_enabled: true`) affects how reverse-proxying (by `matrix-nginx-proxy`) is done, in order to put matrix-corporal's gateway server in front of Synapse We may be able to move away from such dependencies in the future, at the expense of a more complicated manual configuration, but it's probably not worth sacrificing the convenience we have now. As part of this work, the way we do "start components" has been redone now to use a loop, as suggested in #65 (Github issue). This should make restarting faster and more reliable.
6 years ago
Implement self-hosted Dimension server
6 years ago
# This is where you access the Dimension.
matrix_server_fqn_dimension: "dimension.{{ matrix_domain }}"
Add Jitsi support
5 years ago
# This is where you access Jitsi.
matrix_server_fqn_jitsi: "jitsi.{{ matrix_domain }}"
Make Matrix federation port configurable Fixes #523 (Github Issue).
5 years ago
matrix_federation_public_port: 8448
Move matrix_architecture to matrix-base We were only defining this in `group_vars/matrix_servers`, which is inconsistent with how we normally do things.
4 years ago
# The architecture that your server runs.
# Recognized values by us are 'amd64', 'arm32' and 'arm64'.
# Not all architectures support all services, so your experience (on non-amd64) may vary.
# See docs/alternative-architectures.md
matrix_architecture: amd64
Split playbook into multiple roles As suggested in #63 (Github issue), splitting the playbook's logic into multiple roles will be beneficial for maintainability. This patch realizes this split. Still, some components affect others, so the roles are not really independent of one another. For example: - disabling mxisd (`matrix_mxisd_enabled: false`), causes Synapse and riot-web to reconfigure themselves with other (public) Identity servers. - enabling matrix-corporal (`matrix_corporal_enabled: true`) affects how reverse-proxying (by `matrix-nginx-proxy`) is done, in order to put matrix-corporal's gateway server in front of Synapse We may be able to move away from such dependencies in the future, at the expense of a more complicated manual configuration, but it's probably not worth sacrificing the convenience we have now. As part of this work, the way we do "start components" has been redone now to use a loop, as suggested in #65 (Github issue). This should make restarting faster and more reliable.
6 years ago
matrix_user_username: "matrix"
Allow the matrix user username and groupname to be configured separately No migration steps should be required.
5 years ago
matrix_user_groupname: "matrix"
Split playbook into multiple roles As suggested in #63 (Github issue), splitting the playbook's logic into multiple roles will be beneficial for maintainability. This patch realizes this split. Still, some components affect others, so the roles are not really independent of one another. For example: - disabling mxisd (`matrix_mxisd_enabled: false`), causes Synapse and riot-web to reconfigure themselves with other (public) Identity servers. - enabling matrix-corporal (`matrix_corporal_enabled: true`) affects how reverse-proxying (by `matrix-nginx-proxy`) is done, in order to put matrix-corporal's gateway server in front of Synapse We may be able to move away from such dependencies in the future, at the expense of a more complicated manual configuration, but it's probably not worth sacrificing the convenience we have now. As part of this work, the way we do "start components" has been redone now to use a loop, as suggested in #65 (Github issue). This should make restarting faster and more reliable.
6 years ago
Allow matrix_user_uid/matrix_user_gid to be specified manually
4 years ago
# By default, the playbook creates the user (`matrix_user_username`)
# and group (`matrix_user_groupname`) with a random id.
# To use a specific user/group id, override these variables.
matrix_user_uid: ~
matrix_user_gid: ~
Split playbook into multiple roles As suggested in #63 (Github issue), splitting the playbook's logic into multiple roles will be beneficial for maintainability. This patch realizes this split. Still, some components affect others, so the roles are not really independent of one another. For example: - disabling mxisd (`matrix_mxisd_enabled: false`), causes Synapse and riot-web to reconfigure themselves with other (public) Identity servers. - enabling matrix-corporal (`matrix_corporal_enabled: true`) affects how reverse-proxying (by `matrix-nginx-proxy`) is done, in order to put matrix-corporal's gateway server in front of Synapse We may be able to move away from such dependencies in the future, at the expense of a more complicated manual configuration, but it's probably not worth sacrificing the convenience we have now. As part of this work, the way we do "start components" has been redone now to use a loop, as suggested in #65 (Github issue). This should make restarting faster and more reliable.
6 years ago
matrix_base_data_path: "/matrix"
Make the mode of the base path configurable
6 years ago
matrix_base_data_path_mode: "750"
Split playbook into multiple roles As suggested in #63 (Github issue), splitting the playbook's logic into multiple roles will be beneficial for maintainability. This patch realizes this split. Still, some components affect others, so the roles are not really independent of one another. For example: - disabling mxisd (`matrix_mxisd_enabled: false`), causes Synapse and riot-web to reconfigure themselves with other (public) Identity servers. - enabling matrix-corporal (`matrix_corporal_enabled: true`) affects how reverse-proxying (by `matrix-nginx-proxy`) is done, in order to put matrix-corporal's gateway server in front of Synapse We may be able to move away from such dependencies in the future, at the expense of a more complicated manual configuration, but it's probably not worth sacrificing the convenience we have now. As part of this work, the way we do "start components" has been redone now to use a loop, as suggested in #65 (Github issue). This should make restarting faster and more reliable.
6 years ago
matrix_static_files_base_path: "{{ matrix_base_data_path }}/static-files"
Made directory variables for /etc/systemd/system , /etc/cron.d , /usr/local/bin
5 years ago
matrix_systemd_path: "/etc/systemd/system"
matrix_cron_path: "/etc/cron.d"
matrix_local_bin_path: "/usr/local/bin"
Split playbook into multiple roles As suggested in #63 (Github issue), splitting the playbook's logic into multiple roles will be beneficial for maintainability. This patch realizes this split. Still, some components affect others, so the roles are not really independent of one another. For example: - disabling mxisd (`matrix_mxisd_enabled: false`), causes Synapse and riot-web to reconfigure themselves with other (public) Identity servers. - enabling matrix-corporal (`matrix_corporal_enabled: true`) affects how reverse-proxying (by `matrix-nginx-proxy`) is done, in order to put matrix-corporal's gateway server in front of Synapse We may be able to move away from such dependencies in the future, at the expense of a more complicated manual configuration, but it's probably not worth sacrificing the convenience we have now. As part of this work, the way we do "start components" has been redone now to use a loop, as suggested in #65 (Github issue). This should make restarting faster and more reliable.
6 years ago
Remove hardcoded command paths in systemd unit files Depending on the distro, common commands like sleep and chown may either be located in /bin or /usr/bin. Systemd added path lookup to ExecStart in v239, allowing only the command name to be put in unit files and not the full path as historically required. At least Ubuntu 18.04 LTS is however still on v237 so we should maintain portability for a while longer.
5 years ago
matrix_host_command_docker: "/usr/bin/env docker"
matrix_host_command_sleep: "/usr/bin/env sleep"
matrix_host_command_chown: "/usr/bin/env chown"
matrix_host_command_fusermount: "/usr/bin/env fusermount"
Remove hardcoded command paths in playbook shell usage
5 years ago
matrix_host_command_openssl: "/usr/bin/env openssl"
Remove hardcoded command paths in playbook cron usage
5 years ago
matrix_host_command_systemctl: "/usr/bin/env systemctl"
Remove hardcoded command paths in systemd unit files Depending on the distro, common commands like sleep and chown may either be located in /bin or /usr/bin. Systemd added path lookup to ExecStart in v239, allowing only the command name to be put in unit files and not the full path as historically required. At least Ubuntu 18.04 LTS is however still on v237 so we should maintain portability for a while longer.
5 years ago
add ntpd defaults
5 years ago
matrix_ntpd_package: "ntp"
matrix_ntpd_service: "{{ 'ntpd' if ansible_os_family == 'RedHat' or ansible_distribution == 'Archlinux' else 'ntp' }}"
Rename some variables
6 years ago
matrix_homeserver_url: "https://{{ matrix_server_fqn_matrix }}"
Make roles more independent of one another With this change, the following roles are now only dependent on the minimal `matrix-base` role: - `matrix-corporal` - `matrix-coturn` - `matrix-mailer` - `matrix-mxisd` - `matrix-postgres` - `matrix-riot-web` - `matrix-synapse` The `matrix-nginx-proxy` role still does too much and remains dependent on the others. Wiring up the various (now-independent) roles happens via a glue variables file (`group_vars/matrix-servers`). It's triggered for all hosts in the `matrix-servers` group. According to Ansible's rules of priority, we have the following chain of inclusion/overriding now: - role defaults (mostly empty or good for independent usage) - playbook glue variables (`group_vars/matrix-servers`) - inventory host variables (`inventory/host_vars/matrix.<your-domain>`) All roles default to enabling their main component (e.g. `matrix_mxisd_enabled: true`, `matrix_riot_web_enabled: true`). Reasoning: if a role is included in a playbook (especially separately, in another playbook), it should "work" by default. Our playbook disables some of those if they are not generally useful (e.g. `matrix_corporal_enabled: false`).
6 years ago
matrix_identity_server_url: ~
Split playbook into multiple roles As suggested in #63 (Github issue), splitting the playbook's logic into multiple roles will be beneficial for maintainability. This patch realizes this split. Still, some components affect others, so the roles are not really independent of one another. For example: - disabling mxisd (`matrix_mxisd_enabled: false`), causes Synapse and riot-web to reconfigure themselves with other (public) Identity servers. - enabling matrix-corporal (`matrix_corporal_enabled: true`) affects how reverse-proxying (by `matrix-nginx-proxy`) is done, in order to put matrix-corporal's gateway server in front of Synapse We may be able to move away from such dependencies in the future, at the expense of a more complicated manual configuration, but it's probably not worth sacrificing the convenience we have now. As part of this work, the way we do "start components" has been redone now to use a loop, as suggested in #65 (Github issue). This should make restarting faster and more reliable.
6 years ago
Don't make it Dimension specific
5 years ago
matrix_integration_manager_rest_url: ~
matrix_integration_manager_ui_url: ~
Add support for Jitsi discovery for Riot via /.well-known/matrix/client This will not work yet, as no version of Riot currently supports it. It's expected to land in riot-web v1.5.16 via matrix-org/matrix-react-sdk#4348.
5 years ago
# The domain name where a Jitsi server is self-hosted.
Riot is now Element Fixes #586 (Github Issue)
4 years ago
# If set, `/.well-known/matrix/client` will suggest Element clients to use that Jitsi server.
Rename matrix_riot_jitsi_preferredDomain and matrix_riot_e2ee_default to Element
4 years ago
# See: https://github.com/vector-im/element-web/blob/develop/docs/jitsi.md#configuring-element-to-use-your-self-hosted-jitsi-server
matrix_client_element_jitsi_preferredDomain: ''
Add support for Jitsi discovery for Riot via /.well-known/matrix/client This will not work yet, as no version of Riot currently supports it. It's expected to land in riot-web v1.5.16 via matrix-org/matrix-react-sdk#4348.
5 years ago
Riot is now Element Fixes #586 (Github Issue)
4 years ago
# Controls whether Element should use End-to-End Encryption by default.
# Setting this to false will update `/.well-known/matrix/client` and tell Element clients to avoid E2EE.
Rename matrix_riot_jitsi_preferredDomain and matrix_riot_e2ee_default to Element
4 years ago
# See: https://github.com/vector-im/element-web/blob/develop/docs/e2ee.md
matrix_client_element_e2ee_default: true
Add support for telling Riot to not default to E2EE Related to https://github.com/vector-im/riot-web/pull/13914
4 years ago
add variables for secure_backup_required and secure_backup_setup_methods
4 years ago
# Controls whether Element should require a secure backup set up before Element can be used.
# Setting this to true will update `/.well-known/matrix/client` and tell Element require a secure backup.
# See: https://github.com/vector-im/element-web/blob/develop/docs/e2ee.md
e2ee_backup: rename variables to be consistent with naming scheme
4 years ago
matrix_client_element_e2ee_secure_backup_required: false
add variables for secure_backup_required and secure_backup_setup_methods
4 years ago
# Controls which backup methods from ["key", "passphrase"] should be used, both is the default.
# Setting this to other then empty will update `/.well-known/matrix/client` and tell Element which method to use
# See: https://github.com/vector-im/element-web/blob/develop/docs/e2ee.md
e2ee_backup: rename variables to be consistent with naming scheme
4 years ago
matrix_client_element_e2ee_secure_backup_setup_methods: []
add variables for secure_backup_required and secure_backup_setup_methods
4 years ago
Split playbook into multiple roles As suggested in #63 (Github issue), splitting the playbook's logic into multiple roles will be beneficial for maintainability. This patch realizes this split. Still, some components affect others, so the roles are not really independent of one another. For example: - disabling mxisd (`matrix_mxisd_enabled: false`), causes Synapse and riot-web to reconfigure themselves with other (public) Identity servers. - enabling matrix-corporal (`matrix_corporal_enabled: true`) affects how reverse-proxying (by `matrix-nginx-proxy`) is done, in order to put matrix-corporal's gateway server in front of Synapse We may be able to move away from such dependencies in the future, at the expense of a more complicated manual configuration, but it's probably not worth sacrificing the convenience we have now. As part of this work, the way we do "start components" has been redone now to use a loop, as suggested in #65 (Github issue). This should make restarting faster and more reliable.
6 years ago
# The Docker network that all services would be put into
matrix_docker_network: "matrix"
Make vars.yml snapshotting optional and more configurable Certain people organize their inventory in a different way and we'd like to accommodate them. Related to #542 (Github Issue).
5 years ago
# Controls whether we'll preserve the vars.yml file on the Matrix server.
# If you have a differently organized inventory, you may wish to disable this feature,
# or to repoint `matrix_vars_yml_snapshotting_src` to the file you'd like to preserve.
matrix_vars_yml_snapshotting_enabled: true
matrix_vars_yml_snapshotting_src: "{{ inventory_dir }}/host_vars/{{ inventory_hostname }}/vars.yml"
Make /.well-known/matrix/server optional People who wish to rely on SRV records can prevent the `/.well-known/matrix/server` file from being generated (and thus, served.. which causes trouble).
6 years ago
# Controls whether a `/.well-known/matrix/server` file is generated and used at all.
#
# If you wish to rely on DNS SRV records only, you can disable this.
Upgrade Synapse (0.99.0 -> 0.99.1) and sync config `matrix_synapse_no_tls` is now implicit, so we've gotten rid of it. The `homeserver.yaml.j2` template has been synchronized with the configuration generated by Synapse v0.99.1 (some new options are present, etc.)
6 years ago
# Using DNS SRV records implies that you'll be handling Matrix Federation API traffic (tcp/8448)
Rename some variables
6 years ago
# using certificates for the base domain (`matrix_domain`) and not for the
# matrix domain (`matrix_server_fqn_matrix`).
Make /.well-known/matrix/server optional People who wish to rely on SRV records can prevent the `/.well-known/matrix/server` file from being generated (and thus, served.. which causes trouble).
6 years ago
matrix_well_known_matrix_server_enabled: true
Add matrix_docker_package_name
5 years ago
# Controls whether Docker is automatically installed.
Add note about installing 'docker' Python package if Docker installation is disabled
4 years ago
# If you change this to false you must install and update Docker manually. You also need to install the docker (https://pypi.org/project/docker/) Python package.
Add matrix_docker_installation_enabled
5 years ago
matrix_docker_installation_enabled: true
Add matrix_docker_package_name
5 years ago
# Controls the Docker package that is installed.
# Possible values are "docker-ce" (default) and "docker.io" (Debian).
matrix_docker_package_name: docker-ce
Split playbook into multiple roles As suggested in #63 (Github issue), splitting the playbook's logic into multiple roles will be beneficial for maintainability. This patch realizes this split. Still, some components affect others, so the roles are not really independent of one another. For example: - disabling mxisd (`matrix_mxisd_enabled: false`), causes Synapse and riot-web to reconfigure themselves with other (public) Identity servers. - enabling matrix-corporal (`matrix_corporal_enabled: true`) affects how reverse-proxying (by `matrix-nginx-proxy`) is done, in order to put matrix-corporal's gateway server in front of Synapse We may be able to move away from such dependencies in the future, at the expense of a more complicated manual configuration, but it's probably not worth sacrificing the convenience we have now. As part of this work, the way we do "start components" has been redone now to use a loop, as suggested in #65 (Github issue). This should make restarting faster and more reliable.
6 years ago
# Variables to Control which parts of our roles run.
Rename run control variables for consistency
5 years ago
run_postgres_import: true
run_postgres_upgrade: true
run_postgres_import_sqlite_db: true
Add Synapse Maintenance docs and synapse-janitor integration
5 years ago
run_postgres_vacuum: true
Rename run control variables for consistency
5 years ago
run_synapse_register_user: true
run_synapse_update_user_password: true
run_synapse_import_media_store: true
Add support for rust-synapse-compress-state
4 years ago
run_synapse_rust_synapse_compress_state: true
Split playbook into multiple roles As suggested in #63 (Github issue), splitting the playbook's logic into multiple roles will be beneficial for maintainability. This patch realizes this split. Still, some components affect others, so the roles are not really independent of one another. For example: - disabling mxisd (`matrix_mxisd_enabled: false`), causes Synapse and riot-web to reconfigure themselves with other (public) Identity servers. - enabling matrix-corporal (`matrix_corporal_enabled: true`) affects how reverse-proxying (by `matrix-nginx-proxy`) is done, in order to put matrix-corporal's gateway server in front of Synapse We may be able to move away from such dependencies in the future, at the expense of a more complicated manual configuration, but it's probably not worth sacrificing the convenience we have now. As part of this work, the way we do "start components" has been redone now to use a loop, as suggested in #65 (Github issue). This should make restarting faster and more reliable.
6 years ago
run_setup: true
Rename run control variables for consistency
5 years ago
run_self_check: true
Split playbook into multiple roles As suggested in #63 (Github issue), splitting the playbook's logic into multiple roles will be beneficial for maintainability. This patch realizes this split. Still, some components affect others, so the roles are not really independent of one another. For example: - disabling mxisd (`matrix_mxisd_enabled: false`), causes Synapse and riot-web to reconfigure themselves with other (public) Identity servers. - enabling matrix-corporal (`matrix_corporal_enabled: true`) affects how reverse-proxying (by `matrix-nginx-proxy`) is done, in order to put matrix-corporal's gateway server in front of Synapse We may be able to move away from such dependencies in the future, at the expense of a more complicated manual configuration, but it's probably not worth sacrificing the convenience we have now. As part of this work, the way we do "start components" has been redone now to use a loop, as suggested in #65 (Github issue). This should make restarting faster and more reliable.
6 years ago
run_start: true
Add a variable to control the stop tasks
6 years ago
run_stop: true