parent
617712000e
commit
74093dfb15
@ -0,0 +1,33 @@
|
|||||||
|
# Adjusting mxisd Identity Server configuration (optional)
|
||||||
|
|
||||||
|
By default, this playbook configures an [mxisd](https://github.com/kamax-io/mxisd) Identity Server for you.
|
||||||
|
|
||||||
|
This server is private by default, potentially at the expense of user discoverability.
|
||||||
|
|
||||||
|
|
||||||
|
## Matrix.org lookup forwarding
|
||||||
|
|
||||||
|
To ensure maximum discovery, you can make your identity server also forward lookups to the central matrix.org Identity server (at the cost of potentially leaking all your contacts information).
|
||||||
|
|
||||||
|
Enabling this is discouraged and you'd better [learn more](https://github.com/kamax-io/mxisd/blob/master/docs/features/identity.md#lookups) before proceeding.
|
||||||
|
|
||||||
|
Enabling matrix.org forwarding can happen with the following configuration:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
matrix_mxisd_matrixorg_forwarding_enabled: true
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
## Additional features
|
||||||
|
|
||||||
|
What this playbook configures for your is some bare minimum Identity Server functionality, so that you won't need to rely on external 3rd party services.
|
||||||
|
|
||||||
|
Still, mxisd can do much more.
|
||||||
|
You can refer to the [mxisd website](https://github.com/kamax-io/mxisd) for more details.
|
||||||
|
|
||||||
|
You can override the `matrix_mxisd_template_config` variable and use your own custom configuration template.
|
||||||
|
|
||||||
|
|
||||||
|
## Troubleshooting
|
||||||
|
|
||||||
|
If email address validation emails sent by mxisd are not reaching you, you should look into [Adjusting email-sending settings](configuring-playbook-email.md).
|
@ -0,0 +1,74 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
#
|
||||||
|
# Tasks related to setting up mxisd
|
||||||
|
#
|
||||||
|
|
||||||
|
- name: Fail if mailer is not enabled
|
||||||
|
fail:
|
||||||
|
msg: "You need to enable the mailer service (matrix_mailer_enabled) to install mxisd"
|
||||||
|
when: "matrix_mxisd_enabled and not matrix_mailer_enabled"
|
||||||
|
|
||||||
|
- name: Ensure mxisd paths exist
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
mode: 0750
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_username }}"
|
||||||
|
with_items:
|
||||||
|
- "{{ matrix_mxisd_config_path }}"
|
||||||
|
- "{{ matrix_mxisd_data_path }}"
|
||||||
|
when: matrix_mxisd_enabled
|
||||||
|
|
||||||
|
- name: Ensure mxisd image is pulled
|
||||||
|
docker_image:
|
||||||
|
name: "{{ matrix_docker_image_mxisd }}"
|
||||||
|
when: matrix_mxisd_enabled
|
||||||
|
|
||||||
|
- name: Ensure mxisd config installed
|
||||||
|
template:
|
||||||
|
src: "{{ matrix_mxisd_template_config }}"
|
||||||
|
dest: "{{ matrix_mxisd_config_path }}/mxisd.yaml"
|
||||||
|
mode: 0644
|
||||||
|
owner: "{{ matrix_user_username }}"
|
||||||
|
group: "{{ matrix_user_username }}"
|
||||||
|
when: matrix_mxisd_enabled
|
||||||
|
|
||||||
|
- name: Ensure matrix-mxisd.service installed
|
||||||
|
template:
|
||||||
|
src: "{{ role_path }}/templates/systemd/matrix-mxisd.service.j2"
|
||||||
|
dest: "/etc/systemd/system/matrix-mxisd.service"
|
||||||
|
mode: 0644
|
||||||
|
when: matrix_mxisd_enabled
|
||||||
|
|
||||||
|
#
|
||||||
|
# Tasks related to getting rid of mxisd (if it was previously enabled)
|
||||||
|
#
|
||||||
|
|
||||||
|
- name: Check existence of matrix-mxisd service
|
||||||
|
stat: path="/etc/systemd/system/matrix-mxisd.service"
|
||||||
|
register: matrix_mxisd_service_stat
|
||||||
|
|
||||||
|
- name: Ensure matrix-mxisd is stopped
|
||||||
|
service: name=matrix-mxisd state=stopped daemon_reload=yes
|
||||||
|
register: stopping_result
|
||||||
|
when: "not matrix_mxisd_enabled and matrix_mxisd_service_stat.stat.exists"
|
||||||
|
|
||||||
|
- name: Ensure matrix-mxisd.service doesn't exist
|
||||||
|
file:
|
||||||
|
path: "/etc/systemd/system/matrix-mxisd.service"
|
||||||
|
state: absent
|
||||||
|
when: "not matrix_mxisd_enabled and matrix_mxisd_service_stat.stat.exists"
|
||||||
|
|
||||||
|
- name: Ensure Matrix mxisd paths don't exist
|
||||||
|
file:
|
||||||
|
path: "{{ matrix_mxisd_base_path }}"
|
||||||
|
state: absent
|
||||||
|
when: "not matrix_mxisd_enabled"
|
||||||
|
|
||||||
|
- name: Ensure mxisd Docker image doesn't exist
|
||||||
|
docker_image:
|
||||||
|
name: "{{ matrix_docker_image_mxisd }}"
|
||||||
|
state: absent
|
||||||
|
when: "not matrix_mxisd_enabled"
|
@ -0,0 +1,19 @@
|
|||||||
|
matrix.domain: {{ hostname_identity }}
|
||||||
|
server.name: {{ hostname_matrix }}
|
||||||
|
|
||||||
|
key.path: /var/mxisd/sign.key
|
||||||
|
|
||||||
|
storage.provider.sqlite.database: /var/mxisd/mxisd.db
|
||||||
|
|
||||||
|
threepid.medium.email.identity.from: {{ matrix_mailer_sender_address }}
|
||||||
|
threepid.medium.email.connectors.smtp.host: matrix-mailer
|
||||||
|
threepid.medium.email.connectors.smtp.port: 587
|
||||||
|
threepid.medium.email.connectors.smtp.tls: 0
|
||||||
|
|
||||||
|
synapseSql.enabled: true
|
||||||
|
synapseSql.type: postgresql
|
||||||
|
synapseSql.connection: //{{ matrix_postgres_connection_hostname }}/{{ matrix_postgres_db_name }}?user={{ matrix_postgres_connection_username }}&password={{ matrix_postgres_connection_password }}
|
||||||
|
|
||||||
|
{% if matrix_mxisd_matrixorg_forwarding_enabled %}
|
||||||
|
forward.servers: ['matrix-org']
|
||||||
|
{% endif %}
|
@ -0,0 +1,29 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Matrix mxisd identity server
|
||||||
|
After=docker.service
|
||||||
|
Requires=docker.service
|
||||||
|
{% if not matrix_postgres_use_external %}
|
||||||
|
Requires=matrix-postgres.service
|
||||||
|
After=matrix-postgres.service
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
ExecStartPre=-/usr/bin/docker kill matrix-mxisd
|
||||||
|
ExecStartPre=-/usr/bin/docker rm matrix-mxisd
|
||||||
|
ExecStart=/usr/bin/docker run --rm --name matrix-mxisd \
|
||||||
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
||||||
|
--network={{ matrix_docker_network }} \
|
||||||
|
{% if not matrix_nginx_proxy_enabled %}
|
||||||
|
-p 127.0.0.1:8090:8090 \
|
||||||
|
{% endif %}
|
||||||
|
-v {{ matrix_mxisd_config_path }}:/etc/mxisd:ro \
|
||||||
|
-v {{ matrix_mxisd_data_path }}:/var/mxisd \
|
||||||
|
{{ matrix_docker_image_mxisd }}
|
||||||
|
ExecStop=-/usr/bin/docker kill matrix-mxisd
|
||||||
|
ExecStop=-/usr/bin/docker rm matrix-mxisd
|
||||||
|
Restart=always
|
||||||
|
RestartSec=30
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
Loading…
Reference in new issue