Add synapse role

For all the hipster kids.
2024-06-25 09:45:53 +02:00 · 2024-06-25 09:45:53 +02:00 · e101493889
commit e101493889
parent 74cb31e243
6 changed files with 201 additions and 0 deletions
--- a/roles/synapse/tasks/main.yml
+++ b/roles/synapse/tasks/main.yml
@ -0,0 +1,64 @@
+- set_fact:
+    password: '{{ lookup("passwordstore", "vm/"~inventory_hostname, returnall=true) | from_yaml }}'
+
+- name: Install packages
+  package:
+    name: synapse
+
+- name: Get existing config
+  slurp:
+    path: '/etc/synapse/{{ password.server_name }}.yaml'
+  register: config
+  failed_when: false
+
+- name: Parse config
+  set_fact:
+    config: '{{ config.content | b64decode | from_yaml }}'
+  when: '"content" in config'
+
+- name: Configure homeserver
+  template:
+    dest: '/etc/synapse/{{ password.server_name }}.yaml'
+    src: homeserver.yaml.j2
+  notify: restart synapse
+
+- name: Configure logging
+  template:
+    dest: '/etc/synapse/{{ password.server_name }}.log.config'
+    src: log.config.j2
+  notify: restart synapse
+
+- name: Generate keys
+  become: yes
+  become_user: synapse
+  command:
+    cmd: |
+      python3 -m synapse.app.homeserver --generate-keys --config-path /etc/synapse/{{ password.server_name }}.yaml
+    creates: '/etc/synapse/{{ password.server_name }}.signing.key'
+  notify: restart synapse
+
+- name: Secure keys
+  file:
+    path: '/etc/synapse/{{ password.server_name }}.signing.key'
+    mode: 0600
+
+- name: Set config path
+  lineinfile:
+    path: /etc/conf.d/synapse
+    regexp: '^config='
+    line: 'config="/etc/synapse/{{ password.server_name }}.yaml"'
+  notify: restart synapse
+
+- name: Create socket directory
+  file:
+    path: /var/lib/synapse/socket
+    state: directory
+    mode: 0750
+    owner: synapse
+    group: nginx
+
+- name: Set up nginx site
+  template:
+    dest: '/etc/nginx/http.d/synapse.conf'
+    src: 'nginx.conf.j2'
+  notify: reload nginx