synapse launches as Docker container, huray

deployer/group_vars/all/vars.yml

@@ -13,7 +13,10 @@ wordpress:
 gitea:
   version: 1.11.4
 synapse:
-  version: v1.14.0-py3
+  version: v1.15.1-py3
+
+postgres:
+  pg_hba_path: "/etc/postgresql/9.6/main/pg_hba.conf"
 
 sites:
   # - slug: rdb # Shorthand name to use as directory/file name
@@ -145,7 +148,7 @@ sites:
     subnet_gateway_ip: 172.27.7.1
     subnet_site_ip: 172.27.7.2
     # PostgreSQL
-    postgres_host: /var/run/postgresql
+    #postgres_host: db
     postgres_database: synapse_test
     postgres_username: synapse_test
     postgres_password: "{{ vault_synapse_test_postgres_password }}"

deployer/roles/build/tasks/postgres.yml

@@ -5,11 +5,15 @@
 - name: "Create database {{ site.postgres_database }} if inexistent"
   postgresql_db:
     name: "{{ site.postgres_database }}"
+    encoding: "UTF-8"
+    lc_collate: "C"
+    lc_ctype: "C"
+    template: template0
     state: present
   become: yes
   become_user: postgres
 
-- name: "Add database user {{ site.postgres_username }}@{{ site.subnet_site_ip }} and grant all privileges on {{ site.postgres_database }}"
+- name: "Add database user {{ site.postgres_username }} and grant all privileges on {{ site.postgres_database }}"
   postgresql_user:
     # Credentials of the new db user
     name: "{{ site.postgres_username }}"
@@ -18,4 +22,16 @@
     priv: ALL
     # host: "{{ site.subnet_site_ip }}"
   become: yes
+  become_user: postgres
+
+- name: "Authorize {{ site.subnet_site_ip }} to login to Postres as user {{ site.postgres_username }}"
+  postgresql_pg_hba:
+    dest: "{{ postgres.pg_hba_path }}"
+    contype: host 
+    users: "{{ site.postgres_username }}"
+    source: "{{ site.subnet_site_ip }}"
+    databases: "{{ site.postgres_database }}"
+    method: md5
+    state: present
+  become: yes
   become_user: postgres

deployer/roles/build/tasks/synapse.yml

@@ -17,23 +17,16 @@
 
 - name: "Create folder {{ site_data_path }}"
   file: 
-    path: "{{ site_data_path }}"
+    path: "{{ site_data_path }}/site"
     state: directory
     mode: "770"
     group: "www-data"
   tags: config
-# - name: "Set {{ site_data_path }} permissions"
-#   file:
-#     path: "{{ site_data_path }}"
-#     mode: '770'
-#     group: "www-data"
-#   become: true
-#   tags: config
 
-- name: "Copy homeserver.yaml to {{ site_data_path }}"
+- name: "Copy homeserver.yaml to {{ site_data_path }}/site"
   copy:
     src: "{{ sites_path }}/{{ site.slug }}/homeserver.yaml"
-    dest: "{{ site_data_path }}/homeserver.yaml"
+    dest: "{{ site_data_path }}/site/homeserver.yaml"
     remote_src: yes
   tags: config
 
@@ -43,7 +36,7 @@
     image: "matrixdotorg/synapse:{{ synapse.version }}"
     command: "generate"
     volumes:
-      - "{{ site_data_path }}:/data"
+      - "{{ site_data_path }}/site:/data"
     env: 
       SYNAPSE_SERVER_NAME: "{{ site.url }}"
       SYNAPSE_REPORT_STATS: "no"

deployer/roles/build/templates/synapse/docker-compose.yml.j2

@@ -15,11 +15,20 @@ services:
       - UID={{ site.user_uid }}
       - GID={{ site.user_gid }}
     volumes: 
-      - "{{ site_data_path }}:/data"
-      - "/var/run/postgresql:/var/run/postgresql"
+      - "{{ site_data_path }}/site:/data"
     networks:
       net:
         ipv4_address: "{{ site.subnet_site_ip }}"
+  # db:
+  #   image: postgres:latest
+  #   environment:
+  #     - POSTGRES_USER="{{ site.postgres_username }}"
+  #     - POSTGRES_PASSWORD="{{ site.postgres_password }}"
+  #     # ensure the database gets created correctly
+  #     # https://github.com/matrix-org/synapse/blob/master/docs/postgres.md#set-up-database
+  #     - POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C
+  #   volumes:
+  #     - "{{ site_data_path }}/db:/var/lib/postgresql/data"
 
 networks:
   net:

deployer/roles/build/templates/synapse/homeserver.yaml.j2

@@ -219,10 +219,16 @@ listeners:
     tls: false
     type: http
     x_forwarded: true
-    bind_address: ['127.0.0.1', '{{ site.subnet_gateway_ip }}']
+    bind_addresses: ['::']
 
     resources:
-      - names: [client, federation]
+      ## No compression
+      # - names: [client, federation]
+      #   compress: false
+      ## Client compression
+      - names: [client]
+        compress: true
+      - names: [federation]
         compress: false
 
     # example additional_resources:
@@ -633,8 +639,7 @@ database:
    user: "{{ site.postgres_username }}"
    password: "{{ site.postgres_password }}"
    database: "{{ site.postgres_database }}"
-   #host: "{{ site.postgres_host }}"
-   host: "/var/run/postgresql"
+   host: "{{ site.subnet_gateway_ip }}"
    cp_min: 5
    cp_max: 10
 

deployer/roles/host/tasks/main.yml

@@ -1,5 +1,7 @@
 ---
 
+# TODO: Ensure anacron is installed
+
 - name: Configure logrotate 
   include_tasks: logrotate.yml
   tags: logrotate