parent
76e904eb70
commit
5398d80f01
@ -0,0 +1,37 @@
|
||||
# Setting up Matrix Corporal
|
||||
|
||||
The playbook can install and configure [matrix-corporal](https://github.com/devture/matrix-corporal) for you.
|
||||
|
||||
See that project's documentation to learn what it does and why it might be useful to you.
|
||||
|
||||
If you decide that you'd like to let this playbook install it for you, you'd need to also [set up the Shared Secret Auth password provider module](configuring-playbook-shared-secret-auth.md).
|
||||
|
||||
You would then need some configuration like this:
|
||||
|
||||
```yaml
|
||||
matrix_corporal_enabled: true
|
||||
|
||||
matrix_corporal_policy_provider_config: |
|
||||
{
|
||||
"Type": "http",
|
||||
"Uri": "https://intranet.example.com/matrix/policy",
|
||||
"AuthorizationBearerToken": "SOME_SECRET",
|
||||
"CachePath": "/var/cache/matrix-corporal/last-policy.json",
|
||||
"ReloadIntervalSeconds": 1800
|
||||
}
|
||||
|
||||
# If you also want to enable Matrix Corporal's HTTP API..
|
||||
matrix_corporal_http_api_enabled: true
|
||||
matrix_corporal_http_api_auth_token: "AUTH_TOKEN_HERE"
|
||||
|
||||
# If you need to change the reconciliator user's id from the default (matrix-corporal)..
|
||||
matrix_corporal_reconciliation_user_id_local_part: "matrix-corporal"
|
||||
```
|
||||
|
||||
The following local filesystem paths are mounted in the `matrix-corporal` container and can be used in your configuration (or policy):
|
||||
|
||||
- `/matrix/corporal/config` is mounted at `/etc/matrix-corporal` (read-only)
|
||||
|
||||
- `/matrix/corporal/var` is mounted at `/var/matrix-corporal` (read and write)
|
||||
|
||||
- `/matrix/corporal/cache` is mounted at `/var/cache/matrix-corporal` (read and write)
|
@ -0,0 +1,68 @@
|
||||
---
|
||||
|
||||
#
|
||||
# Tasks related to setting up matrix-corporal
|
||||
#
|
||||
|
||||
- name: Fail if Shared Secret Auth extension not enabled
|
||||
fail:
|
||||
msg: "To use matrix-corporal, you need to enable the Shared Secret Auth module for Synapse (see matrix_synapse_ext_password_provider_shared_secret_auth_enabled)"
|
||||
when: "matrix_corporal_enabled and not matrix_synapse_ext_password_provider_shared_secret_auth_enabled"
|
||||
|
||||
- name: Fail if HTTP API enabled, but no token set
|
||||
fail:
|
||||
msg: "The Matrix Corporal HTTP API is enabled, but no auth token has been set in matrix_corporal_http_api_auth_token"
|
||||
when: "matrix_corporal_enabled and matrix_corporal_http_api_enabled and matrix_corporal_http_api_auth_token == ''"
|
||||
|
||||
- name: Fail if policy provider configuration not set
|
||||
fail:
|
||||
msg: "The Matrix Corporal policy provider configuration has not been set in matrix_corporal_policy_provider_config"
|
||||
when: "matrix_corporal_enabled and matrix_corporal_policy_provider_config == ''"
|
||||
|
||||
- name: Override configuration specifying where the Matrix Client API is
|
||||
set_fact:
|
||||
matrix_nginx_proxy_matrix_client_api_addr_with_proxy_container: "matrix-corporal:41080"
|
||||
matrix_nginx_proxy_matrix_client_api_addr_sans_proxy_container: "localhost:41080"
|
||||
when: "matrix_corporal_enabled"
|
||||
|
||||
- name: Ensure Matrix Corporal paths exist
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_username }}"
|
||||
with_items:
|
||||
- "{{ matrix_corporal_config_dir_path }}"
|
||||
- "{{ matrix_corporal_cache_dir_path }}"
|
||||
- "{{ matrix_corporal_var_dir_path }}"
|
||||
when: "matrix_corporal_enabled"
|
||||
|
||||
- name: Ensure Matrix Corporal Docker image is pulled
|
||||
docker_image:
|
||||
name: "{{ matrix_corporal_docker_image }}"
|
||||
when: "matrix_corporal_enabled"
|
||||
|
||||
- name: Ensure Matrix Corporal config installed
|
||||
template:
|
||||
src: "{{ role_path }}/templates/corporal/config.json.j2"
|
||||
dest: "{{ matrix_corporal_config_dir_path }}/config.json"
|
||||
mode: 0644
|
||||
when: "matrix_corporal_enabled"
|
||||
|
||||
- name: Ensure matrix-corporal.service installed
|
||||
template:
|
||||
src: "{{ role_path }}/templates/systemd/matrix-corporal.service.j2"
|
||||
dest: "/etc/systemd/system/matrix-corporal.service"
|
||||
mode: 0644
|
||||
when: "matrix_corporal_enabled"
|
||||
|
||||
#
|
||||
# Tasks related to getting rid of matrix-corporal (if it was previously enabled)
|
||||
#
|
||||
|
||||
- name: Ensure matrix-corporal.service doesn't exist
|
||||
file:
|
||||
path: "{{ role_path }}/templates/systemd/matrix-corporal.service.j2"
|
||||
state: absent
|
||||
when: "not matrix_corporal_enabled"
|
@ -0,0 +1,30 @@
|
||||
{
|
||||
"Matrix": {
|
||||
"HomeserverDomainName": "{{ hostname_identity }}",
|
||||
"HomeserverApiEndpoint": "http://matrix-synapse:8008",
|
||||
"AuthSharedSecret": "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret }}",
|
||||
"RegistrationSharedSecret": "{{ matrix_synapse_registration_shared_secret }}",
|
||||
"TimeoutMilliseconds": {{ matrix_corporal_matrix_timeout_milliseconds }}
|
||||
},
|
||||
|
||||
"Reconciliation": {
|
||||
"UserId": "@{{ matrix_corporal_reconciliation_user_id_local_part }}:{{ hostname_identity }}",
|
||||
"RetryIntervalMilliseconds": {{ matrix_corporal_reconciliation_retry_interval_milliseconds }}
|
||||
},
|
||||
|
||||
"HttpGateway": {
|
||||
"ListenAddress": "0.0.0.0:41080"
|
||||
},
|
||||
|
||||
"HttpApi": {
|
||||
"Enabled": {{ 'true' if matrix_corporal_http_api_enabled else 'false' }},
|
||||
"ListenAddress": "0.0.0.0:41081",
|
||||
"AuthorizationBearerToken": "{{ matrix_corporal_http_api_auth_token }}"
|
||||
},
|
||||
|
||||
"PolicyProvider": {{ matrix_corporal_policy_provider_config }},
|
||||
|
||||
"Misc": {
|
||||
"Debug": {{ 'true' if matrix_corporal_debug else 'false' }}
|
||||
}
|
||||
}
|
@ -0,0 +1,30 @@
|
||||
[Unit]
|
||||
Description=Matrix Corporal
|
||||
After=docker.service
|
||||
Requires=docker.service
|
||||
Requires=matrix-synapse.service
|
||||
After=matrix-synapse.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStartPre=-/usr/bin/docker kill matrix-corporal
|
||||
ExecStartPre=-/usr/bin/docker rm matrix-corporal
|
||||
ExecStart=/usr/bin/docker run --rm --name matrix-corporal \
|
||||
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||
--network={{ matrix_docker_network }} \
|
||||
{% if not matrix_nginx_proxy_enabled %}
|
||||
-p 127.0.0.1:41080:41080 \
|
||||
-p 127.0.0.1:41081:41081 \
|
||||
{% endif %}
|
||||
-v {{ matrix_corporal_config_dir_path }}:/etc/matrix-corporal:ro \
|
||||
-v {{ matrix_corporal_cache_dir_path }}:/var/cache/matrix-corporal:rw \
|
||||
-v {{ matrix_corporal_var_dir_path }}:/var/matrix-corporal:rw \
|
||||
{{ matrix_corporal_docker_image }} \
|
||||
/matrix-corporal -config=/etc/matrix-corporal/config.json
|
||||
ExecStop=-/usr/bin/docker kill matrix-corporal
|
||||
ExecStop=-/usr/bin/docker rm matrix-corporal
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Loading…
Reference in new issue