working on synapse

deployer/group_vars/all/vars.yml

@@ -12,6 +12,8 @@ wordpress:
   checksum: sha1:d5f1e6d7cadd72c11d086a2e1ede0a72f23d993e
 gitea:
   version: 1.11.4
+synapse:
+  version: v1.13.0-py3
 
 sites:
   # - slug: rdb # Shorthand name to use as directory/file name
@@ -126,3 +128,25 @@ sites:
     mysql_database: gitea
     mysql_username: gitea
     mysql_password: "{{ vault_gitea_mysql_password }}"
+
+  - slug: synapse_test # Shorthand name to use as directory/file name
+    # The site URL (without www)
+    url: test.zinz.dev
+    # What kind of site is that?
+    type: synapse
+    # Subnet addresses
+    subnet_cidr_address: 172.27.7.0/24
+    subnet_gateway_ip: 172.27.7.1
+    subnet_site_ip: 172.27.7.2
+    # PostgreSQL
+    psql_database: synapse_test
+    psql_username: synapse_test
+    psql_password: "{{ vault_synapse_test_psql_password }}"
+    # SMTP
+    contact_email: contact@zinz.dev 
+    smtp_host: mail.gandi.net
+    smtp_port: 465 # Clear: 25, SSL: 465, STARTTLS: 587
+    smtp_username: contact@zinz.dev 
+    smtp_password: "{{ vault_synapse_test_smtp_password }}"
+    # Secrets
+    registration_shared_secret: "{{ vault_synapse_test_registration_shared_secret }}"

deployer/group_vars/all/vault.yml

@@ -1,41 +1,54 @@
 $ANSIBLE_VAULT;1.1;AES256
-37643162316436636531313764666364353461376363343862326162326434343231643938373537
-6436343861663038356133386636346466376532643337340a333965323034373833356364633039
-39663261343836653266306339376463356333313231386562633730376365656139343633343530
-3534376233373134300a313130323038613062386238303334386637333239363036363531643066
-30613937363661343866383835393235343235383731626361356633353735313336396336313233
-65396332626238306230323636363130636337333464643666636632393662643064363837633036
-66336536303663343734326335663333343663633338393263366661323461333866336264376166
-63646662356135663839353165666636393362393833313633346638613966366535333561383261
-33633863313736666339333037643764323839366530316237323061396432336333646431336231
-39623262323062656565313235393366636334663336636438613761303032613830623035643933
-32663661393337313733393733303230383135303138393362363263333861356438616333626635
-62646365303936363130616236326363663130633630343734656239663763613637326231306334
-33323436653834366664643836346130616263616633363164633366316263653837333431373764
-37326261616234633830656134636434653832393966393639613466333337303039333831666366
-63333733346238386564643235616631613331366432373134336361663166616133666463623835
-61346138306463663034396339393234343236346538396631303737316139393632633033653030
-33613530393466636664306264623732623133383537656538643631366130326261393764616635
-39316335656463323231396165336630366533373637396366363231373564336461663831646263
-30373735376532323361616337613933333961313837313235383366383363363537313635316566
-38653164623866376465333534346666356562633434303038666535376535383466623634396630
-31633238613765306635663934633830353430366538313033643339333438303633646534303163
-31636261386562393035656135393134323530336633656333353865363363633238336431613232
-38633832663431653463373938346538656562393137313664313864613062383134383161616262
-65383762633461633933326338326432666339633863383162356364656165333365633936656131
-30333636326535663133303261393261353032386261396132373761376238333331383239656636
-35623736616430653737316266346133626361323238383465383538356337363566396562653735
-37396331336161373731326438623831363162393365353136343134353738396533626365316266
-61613337613033653234343865363530353163643137623934366534393664323463633832376537
-33616163613336376635383635303663613738353361656532646663653334616166373366643461
-33613533623337323535613135643032393739393531383139333962356436646163633962303963
-37383666613437333334306266343965393663396439633863356239333230333263636235333862
-33663037366636653031666230346631333161633136363230396561616462363338313362356466
-30333833386130306634633463336165373865663837303033616137373264346666343962626432
-64333566366166323763316333323336643538623135643235666234323831393336393664646139
-62326136323466633761336230313764393863343638383938643466323939666264376463383537
-32623534336138653434613031396635383537663530653561366165346438616633326464363035
-39306233326539656639346632386262323864333032326631303237306465666665663232313830
-65353535613338313239343430353930313866653733376631616130383762623662323338396637
-66383236616236386538396166643132303636363764353131633635373236353061353032353930
-39383830326463343062
+62393231653262323865663935373462313835373835323133303036326239316162323536656635
+3063343563316464376665346334376133636233373430300a336363346635323133623634383838
+35323966653764393932636662653533643632656139626239376466393865306538663432636534
+3263363762356461360a633634643938326433393534343238303465313637393364326462643237
+66383731316334313363363465343830393639626461303135623963376439343261653362393361
+30636633616262373533353362646137396531376664383539653435313233356664633133323935
+38646432613562643938336637613362396634373939656535306634303033623832653637636539
+35656237376439633336346235646332323234353237633535643961343638303136383631343266
+34386566383363333435626233633563366139626636666232623633393538363837303661346565
+64613365396237626364316265363935353931326463663134306462633533623232343634613666
+30633666643865396235623865613662396664303137386539373237643738383465393238346164
+36656330383935343231626630663635386335313165343263623666333937333638653732366566
+63376530623130333331353939626535346338343332613562323739663738313765656434613639
+39353531633538626362623765663337306235313130653964366266666362613338356233306239
+36646261643262336430323931393133653464346533393766326438386134613637646439316638
+38373232643134326566393432383466643936653431363166626633393733393565356561393965
+34613265363938313333396534653662353732316665336533346265656635393331653265363665
+63646431613235353832623130326664613561386265346235653962633832326435313364396439
+35363136613433663734363839623431643630633932366134623831616233393636346337383730
+37363936636163306231623232646238666632313761353731626334626538383635326535633038
+61313036343031626137633938663031643332366361343532316266313130316537326633333962
+35326564313461623064383139373437363131656538326330363766666231613536356261363635
+37376137326362646434636236376530353936663630653965333439633736653165353735653434
+37663463646562303466363936333266653063646339306533656337623439393165663163323031
+39643132626563383563396232393331386334323933316433373562343932646236626263633064
+61653030346464303234326234623737386565326639653965613834343565383038623335626163
+38336364346239663062376638626466303438613163346236326530376166383537643532613861
+62343661663831363764393765306138356166656331643264303163313439613537313766316330
+38373835633932653231613130393139353661303166373539353733393835306136386233643765
+38383334323961623963613361663863386161623333636639336266383063663438376162383931
+39643938316133383066383136323339613530323865653037636431626238343866623963613733
+66356562343063303261383232343138373265306132396232343364316164313535316639623636
+34626237666466303461623530343939306131303261303963653264623237336433376261303563
+65353162663532303432613434396131366331323237633035346436333463643233643333633866
+39623039383961393563353132316166393366333533333338623362656532356234636562326265
+30343165346464623439376163613033623933306262623233656437353238366131336335613562
+33613633646266343335303132396536393930636131613036656235346537653530356165303230
+38626330626266363235383235313865313437343834633034386534623064386463313764373961
+37313636323434623032383365393261393336333964383132633336393965653966343634653031
+39633236306338306133383033623363653934666664663365366364666362663831356162306437
+35653162333732386335626336663335336131626132326636643962356532626334313066653633
+38643038666535636536303338306463353233363364643164386431393536653464653836333831
+63643632386533393562633331306139343531613661326464396161353166613539333339313336
+35396332643261616333323163353931393263363138303565363864346365613061306439313931
+63333334643938643237306463653536303962653265373863333336373264656435663630613432
+35653631656336616665356266663830623134646337663532616232326462363630333939316435
+36393937623837326631316430653531656361366265303762653566333138343635626562333435
+31633433333363663964346565623831616362343964646462303261643939666335336439646433
+31316238376664616166633762623333636330306332636365303935666137653238303966323436
+62613030393063353465663664323230626533623361643466303035346465303735666662306134
+39326431386364386663313431356230666339623962393132636238613738643339343763313636
+39346432623830323565363832373238323832373138613336656464626437353433623533343433
+6131

deployer/roles/build/tasks/main.yml

@@ -24,10 +24,10 @@
   when: site.type == "gitea"
   tags: gitea
 
-# build an image
-  # do the msmtp bullshit
-# docker compose
-# nginx
-# let's encrypt
-
-# in another role: deploy the stuff
+- name: Build Synapse sites
+  include_tasks: synapse.yml  
+  loop: "{{ sites }}"
+  loop_control:
+    loop_var: site
+  when: site.type == "synapse"
+  tags: synapse

deployer/roles/build/tasks/synapse.yml

@@ -0,0 +1,12 @@
+---
+- name: "Set site_data_path to {{ www_path }}/{{ site.slug }}"
+  set_fact: site_data_path="{{ www_path }}/{{ site.slug }}"
+  tags: always
+
+####################
+# Render templates #
+####################
+
+- name: "Render templates"
+  import_tasks: render.yml
+  tags: render

deployer/roles/build/templates/synapse/docker-compose.yml.j2

@@ -0,0 +1,40 @@
+version: '3'
+
+# Generated by ansible for site {{ site.url }} 
+# On network {{ site.subnet_cidr_address }}:
+# - site (synapse) at {{ site.subnet_site_ip }}
+
+services:
+  site:
+    # build: site
+    image: matrixdotorg/synapse:{{ gitea.version }}
+    restart: always
+    environment:
+      APP_NAME: "Gitea: git with a cup of coffee"
+      DOMAIN: "{{ site.url }}"
+      SSH_DOMAIN: "{{ site.url }}"
+      ROOL_URL: "https://{{ site.url }}/"
+      USER_UID: "{{ site.user_uid }}"
+      USER_GID: "{{ site.user_gid }}"
+      DB_TYPE: mysql
+      DB_HOST: "{{ site.subnet_gateway_ip }}"
+      DB_USER: "{{ site.mysql_username }}"
+      DB_PASSWD: "{{ site.mysql_password }}"
+      DB_NAME: "{{ site.mysql_database }}"
+    volumes: 
+      - "{{ site_data_path }}:/data"
+      - "/home/git/.ssh:/data/git/.ssh"
+      - "/etc/timezone:/etc/timezone:ro"
+      - "/etc/localtime:/etc/localtime:ro"
+    networks:
+      net:
+        ipv4_address: "{{ site.subnet_site_ip }}"
+    ports:
+      - "127.0.0.1:2222:22" # SSH Passthrough
+
+networks:
+  net:
+    ipam:
+      driver: default
+      config:
+        - subnet: "{{ site.subnet_cidr_address }}"

deployer/roles/build/templates/synapse/nginx.host.j2

@@ -0,0 +1,55 @@
+# Generated by ansible for site {{ site.url }} 
+# At {{ site.subnet_site_ip }} on {{ site.subnet_cidr_address }}
+
+server {
+  listen 80;
+  listen [::]:80;
+  server_name {{ site.url }} www.{{ site.url }};
+
+  # Let's Encrypt
+  include snippets/letsencrypt.conf;
+
+  location / {
+{# Does this work as intended when redirect_to_ww is undefined? #}
+{% if site.redirect_to_www %}
+    return 301 https://www.{{ site.url }}$request_uri;
+{% else %}
+    return 301 https://{{ site.url }}$request_uri;
+{% endif %}
+  }
+}
+
+server {
+  listen 443 ssl;
+  listen [::]:443 ssl;
+  server_name {{ site.url }} www.{{ site.url }};
+
+  access_log  /var/log/nginx/{{ site.slug }}-access.log;
+  error_log   /var/log/nginx/{{ site.slug }}-error.log;
+
+{% if site.redirect_to_www %}
+  # Redirect non-www to www
+  if ($host = {{ site.url }}) {
+    rewrite ^ https://www.{{ site.url }}$request_uri permanent;
+  }
+{% else %}
+  # Redirect www to non-www
+  if ($host = www.{{ site.url }}) {
+    rewrite ^ https://{{ site.url }}$request_uri permanent;
+  }
+{% endif %}
+
+  # Let's Encrypt
+  include snippets/letsencrypt.conf;
+
+  include snippets/ssl-params.conf;
+  ssl_certificate /etc/letsencrypt/live/{{ site.url }}/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/{{ site.url }}/privkey.pem;
+  
+  include snippets/header-params_server.conf;
+  location / {
+    include snippets/header-params_location.conf;
+  
+    proxy_pass http://{{ site.subnet_site_ip }}:3000;
+  }
+}