Slavi Pantaleev
8 lat temu
6 zmienionych plików z 49 dodań i 4 usunięć
-
+3 -1README.md
-
+42 -2roles/matrix-server/tasks/setup_base.yml
-
+1 -0roles/matrix-server/tasks/setup_nginx_proxy.yml
-
+1 -0roles/matrix-server/tasks/setup_ssl.yml
-
+1 -0roles/matrix-server/tasks/setup_synapse.yml
-
+1 -1roles/matrix-server/templates/systemd/matrix-synapse.service.j2
+ 3
- 1
README.md
Wyświetl plik
| @@ -31,6 +31,8 @@ This is similar to the [EMnify/matrix-synapse-auto-deploy](https://github.com/EM | |||||
| - this one **can be re-ran many times** without causing trouble | - this one **can be re-ran many times** without causing trouble | ||||
| - works on both **CentOS** (7.0+) and Debian-based distributions (**Debian** 9/Stretch+, **Ubuntu** 16.04+) | |||||
| - this one **runs everything in Docker containers** (like [silviof/docker-matrix](https://hub.docker.com/r/silviof/docker-matrix/) and [silviof/matrix-riot-docker](https://hub.docker.com/r/silviof/matrix-riot-docker/)), so it's likely more predictable | - this one **runs everything in Docker containers** (like [silviof/docker-matrix](https://hub.docker.com/r/silviof/docker-matrix/) and [silviof/matrix-riot-docker](https://hub.docker.com/r/silviof/matrix-riot-docker/)), so it's likely more predictable | ||||
| - this one retrieves and automatically renews free [Let's Encrypt](https://letsencrypt.org/) **SSL certificates** for you | - this one retrieves and automatically renews free [Let's Encrypt](https://letsencrypt.org/) **SSL certificates** for you | ||||
| @@ -50,7 +52,7 @@ Special thanks goes to: | |||||
| ## Prerequisites | ## Prerequisites | ||||
| - **CentOS server** with no services running on port 80/443 (making this run on non-CentOS servers should be possible in the future) | |||||
| - **CentOS** (7.0+), **Debian** (9/Stretch+) or **Ubuntu** (16.04+) server with no services running on port 80/443 | |||||
| - the [Ansible](http://ansible.com/) program, which is used to run this playbook and configures everything for you | - the [Ansible](http://ansible.com/) program, which is used to run this playbook and configures everything for you | ||||
+ 42
- 2
roles/matrix-server/tasks/setup_base.yml
Wyświetl plik
| @@ -17,7 +17,7 @@ | |||||
| key: https://download.docker.com/linux/centos/gpg | key: https://download.docker.com/linux/centos/gpg | ||||
| when: ansible_distribution == 'CentOS' | when: ansible_distribution == 'CentOS' | ||||
| - name: Ensure yum packages are installed (base) | |||||
| - name: Ensure yum packages are installed (CentOS) | |||||
| yum: name="{{ item }}" state=latest update_cache=yes | yum: name="{{ item }}" state=latest update_cache=yes | ||||
| with_items: | with_items: | ||||
| - bash-completion | - bash-completion | ||||
| @@ -27,14 +27,54 @@ | |||||
| - ntp | - ntp | ||||
| when: ansible_distribution == 'CentOS' | when: ansible_distribution == 'CentOS' | ||||
| - name: Ensure APT usage dependencies are installed (Debian) | |||||
| apt: | |||||
| name: "{{ item }}" | |||||
| state: present | |||||
| update_cache: yes | |||||
| with_items: | |||||
| - apt-transport-https | |||||
| - ca-certificates | |||||
| when: ansible_os_family == 'Debian' | |||||
| - name: Ensure Docker's APT key is trusted (Debian) | |||||
| apt_key: | |||||
| url: https://download.docker.com/linux/ubuntu/gpg | |||||
| id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 | |||||
| state: present | |||||
| register: add_repository_key | |||||
| ignore_errors: true | |||||
| when: ansible_os_family == 'Debian' | |||||
| - name: Ensure Docker repository is enabled (Debian) | |||||
| apt_repository: | |||||
| repo: "deb https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable" | |||||
| state: present | |||||
| update_cache: yes | |||||
| when: ansible_os_family == 'Debian' | |||||
| - name: Ensure APT packages are installed (Debian) | |||||
| apt: name="{{ item }}" state=latest update_cache=yes | |||||
| with_items: | |||||
| - bash-completion | |||||
| - docker-ce | |||||
| - python-docker | |||||
| - ntp | |||||
| when: ansible_os_family == 'Debian' | |||||
| - name: Ensure firewalld is started and autoruns | - name: Ensure firewalld is started and autoruns | ||||
| service: name=firewalld state=started enabled=yes | service: name=firewalld state=started enabled=yes | ||||
| when: ansible_os_family == 'RedHat' | |||||
| - name: Ensure Docker is started and autoruns | - name: Ensure Docker is started and autoruns | ||||
| service: name=docker state=started enabled=yes | service: name=docker state=started enabled=yes | ||||
| - name: Ensure ntpd is started and autoruns | - name: Ensure ntpd is started and autoruns | ||||
| service: name=ntpd state=started enabled=yes | |||||
| service: | |||||
| name: "{{ 'ntpd' if ansible_os_family == 'RedHat' else 'ntp' }}" | |||||
| state: started | |||||
| enabled: yes | |||||
| - name: Ensure SELinux disabled | - name: Ensure SELinux disabled | ||||
| selinux: state=disabled | selinux: state=disabled | ||||
| when: ansible_os_family == 'RedHat' | |||||
+ 1
- 0
roles/matrix-server/tasks/setup_nginx_proxy.yml
Wyświetl plik
| @@ -33,6 +33,7 @@ | |||||
| with_items: | with_items: | ||||
| - "http" | - "http" | ||||
| - "https" | - "https" | ||||
| when: ansible_os_family == 'RedHat' | |||||
| - name: Ensure matrix-nginx-proxy.service installed | - name: Ensure matrix-nginx-proxy.service installed | ||||
| template: | template: | ||||
+ 1
- 0
roles/matrix-server/tasks/setup_ssl.yml
Wyświetl plik
| @@ -9,6 +9,7 @@ | |||||
| with_items: | with_items: | ||||
| - http | - http | ||||
| - https | - https | ||||
| when: ansible_os_family == 'RedHat' | |||||
| - name: Ensure acmetool Docker image is pulled | - name: Ensure acmetool Docker image is pulled | ||||
| docker_image: | docker_image: | ||||
+ 1
- 0
roles/matrix-server/tasks/setup_synapse.yml
Wyświetl plik
| @@ -136,6 +136,7 @@ | |||||
| - '3478/tcp' # STUN | - '3478/tcp' # STUN | ||||
| - '3478/udp' # STUN | - '3478/udp' # STUN | ||||
| - "{{ matrix_coturn_turn_udp_min_port }}-{{ matrix_coturn_turn_udp_max_port }}/udp" # TURN | - "{{ matrix_coturn_turn_udp_min_port }}-{{ matrix_coturn_turn_udp_max_port }}/udp" # TURN | ||||
| when: ansible_os_family == 'RedHat' | |||||
| - name: Ensure matrix-synapse.service installed | - name: Ensure matrix-synapse.service installed | ||||
| template: | template: | ||||
+ 1
- 1
roles/matrix-server/templates/systemd/matrix-synapse.service.j2
Wyświetl plik
| @@ -15,7 +15,7 @@ Requires=matrix-s3fs.service | |||||
| Type=simple | Type=simple | ||||
| ExecStartPre=-/usr/bin/docker kill matrix-synapse | ExecStartPre=-/usr/bin/docker kill matrix-synapse | ||||
| ExecStartPre=-/usr/bin/docker rm matrix-synapse | ExecStartPre=-/usr/bin/docker rm matrix-synapse | ||||
| ExecStartPre=-/usr/bin/chown {{ matrix_user_username }}:{{ matrix_user_username }} {{ ssl_certs_path }} -R | |||||
| ExecStartPre=-{{ '/usr/bin/chown' if ansible_os_family == 'RedHat' else '/bin/chown' }} {{ matrix_user_username }}:{{ matrix_user_username }} {{ ssl_certs_path }} -R | |||||
| ExecStart=/usr/bin/docker run --rm --name matrix-synapse \ | ExecStart=/usr/bin/docker run --rm --name matrix-synapse \ | ||||
| {% if not matrix_postgres_use_external %} | {% if not matrix_postgres_use_external %} | ||||
| --link matrix-postgres:{{ matrix_postgres_connection_hostname }} \ | --link matrix-postgres:{{ matrix_postgres_connection_hostname }} \ | ||||