synapse launches as Docker container, huray

2020-06-29 18:33:37 +02:00 · 2020-06-29 18:33:37 +02:00 · 28e51ec012
parent 6c254b9db0
commit 28e51ec012
6 changed files with 48 additions and 20 deletions
--- a/deployer/group_vars/all/vars.yml
+++ b/deployer/group_vars/all/vars.yml
@ -13,7 +13,10 @@ wordpress:
 gitea:
  version: 1.11.4
 synapse:
-  version: v1.14.0-py3
+  version: v1.15.1-py3
+
+postgres:
+  pg_hba_path: "/etc/postgresql/9.6/main/pg_hba.conf"

 sites:
  # - slug: rdb # Shorthand name to use as directory/file name
@ -145,7 +148,7 @@ sites:
    subnet_gateway_ip: 172.27.7.1
    subnet_site_ip: 172.27.7.2
    # PostgreSQL
-    postgres_host: /var/run/postgresql
+    #postgres_host: db
    postgres_database: synapse_test
    postgres_username: synapse_test
    postgres_password: "{{ vault_synapse_test_postgres_password }}"
--- a/deployer/roles/build/tasks/postgres.yml
+++ b/deployer/roles/build/tasks/postgres.yml
@ -5,11 +5,15 @@
 - name: "Create database {{ site.postgres_database }} if inexistent"
  postgresql_db:
    name: "{{ site.postgres_database }}"
+    encoding: "UTF-8"
+    lc_collate: "C"
+    lc_ctype: "C"
+    template: template0
    state: present
  become: yes
  become_user: postgres

- name: "Add database user {{ site.postgres_username }}@{{ site.subnet_site_ip }} and grant all privileges on {{ site.postgres_database }}"
+- name: "Add database user {{ site.postgres_username }} and grant all privileges on {{ site.postgres_database }}"
  postgresql_user:
    # Credentials of the new db user
    name: "{{ site.postgres_username }}"
@ -18,4 +22,16 @@
    priv: ALL
    # host: "{{ site.subnet_site_ip }}"
  become: yes
+  become_user: postgres
+
+- name: "Authorize {{ site.subnet_site_ip }} to login to Postres as user {{ site.postgres_username }}"
+  postgresql_pg_hba:
+    dest: "{{ postgres.pg_hba_path }}"
+    contype: host 
+    users: "{{ site.postgres_username }}"
+    source: "{{ site.subnet_site_ip }}"
+    databases: "{{ site.postgres_database }}"
+    method: md5
+    state: present
+  become: yes
  become_user: postgres
--- a/deployer/roles/build/tasks/synapse.yml
+++ b/deployer/roles/build/tasks/synapse.yml
@ -17,23 +17,16 @@

 - name: "Create folder {{ site_data_path }}"
  file: 
-    path: "{{ site_data_path }}"
+    path: "{{ site_data_path }}/site"
    state: directory
    mode: "770"
    group: "www-data"
  tags: config
-# - name: "Set {{ site_data_path }} permissions"
-#   file:
-#     path: "{{ site_data_path }}"
-#     mode: '770'
-#     group: "www-data"
-#   become: true
-#   tags: config

- name: "Copy homeserver.yaml to {{ site_data_path }}"
+- name: "Copy homeserver.yaml to {{ site_data_path }}/site"
  copy:
    src: "{{ sites_path }}/{{ site.slug }}/homeserver.yaml"
-    dest: "{{ site_data_path }}/homeserver.yaml"
+    dest: "{{ site_data_path }}/site/homeserver.yaml"
    remote_src: yes
  tags: config

@ -43,7 +36,7 @@
    image: "matrixdotorg/synapse:{{ synapse.version }}"
    command: "generate"
    volumes:
-      - "{{ site_data_path }}:/data"
+      - "{{ site_data_path }}/site:/data"
    env: 
      SYNAPSE_SERVER_NAME: "{{ site.url }}"
      SYNAPSE_REPORT_STATS: "no"
--- a/deployer/roles/build/templates/synapse/docker-compose.yml.j2
+++ b/deployer/roles/build/templates/synapse/docker-compose.yml.j2
@ -15,11 +15,20 @@ services:
      - UID={{ site.user_uid }}
      - GID={{ site.user_gid }}
    volumes: 
-      - "{{ site_data_path }}:/data"
-      - "/var/run/postgresql:/var/run/postgresql"
+      - "{{ site_data_path }}/site:/data"
    networks:
      net:
        ipv4_address: "{{ site.subnet_site_ip }}"
+  # db:
+  #   image: postgres:latest
+  #   environment:
+  #     - POSTGRES_USER="{{ site.postgres_username }}"
+  #     - POSTGRES_PASSWORD="{{ site.postgres_password }}"
+  #     # ensure the database gets created correctly
+  #     # https://github.com/matrix-org/synapse/blob/master/docs/postgres.md#set-up-database
+  #     - POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C
+  #   volumes:
+  #     - "{{ site_data_path }}/db:/var/lib/postgresql/data"

 networks:
  net:
--- a/deployer/roles/build/templates/synapse/homeserver.yaml.j2
+++ b/deployer/roles/build/templates/synapse/homeserver.yaml.j2
@ -219,10 +219,16 @@ listeners:
    tls: false
    type: http
    x_forwarded: true
-    bind_address: ['127.0.0.1', '{{ site.subnet_gateway_ip }}']
+    bind_addresses: ['::']

    resources:
-      - names: [client, federation]
+      ## No compression
+      # - names: [client, federation]
+      #   compress: false
+      ## Client compression
+      - names: [client]
+        compress: true
+      - names: [federation]
        compress: false

    # example additional_resources:
@ -633,8 +639,7 @@ database:
   user: "{{ site.postgres_username }}"
   password: "{{ site.postgres_password }}"
   database: "{{ site.postgres_database }}"
-   #host: "{{ site.postgres_host }}"
-   host: "/var/run/postgresql"
+   host: "{{ site.subnet_gateway_ip }}"
   cp_min: 5
   cp_max: 10

--- a/deployer/roles/host/tasks/main.yml
+++ b/deployer/roles/host/tasks/main.yml
@ -1,5 +1,7 @@
 ---

+# TODO: Ensure anacron is installed
+
 - name: Configure logrotate 
  include_tasks: logrotate.yml
  tags: logrotate