From dad77e6d3ad81ab2978f979418f4269aabaf9d71 Mon Sep 17 00:00:00 2001 From: Adrien Luxey Date: Mon, 1 Jun 2020 08:21:27 +0200 Subject: [PATCH] WIP synapse --- deployer/group_vars/all/vars.yml | 9 +++-- deployer/roles/build/tasks/backup.yml | 7 +++- deployer/roles/build/tasks/postgres.yml | 31 +++++++++++++++++ deployer/roles/build/tasks/synapse.yml | 18 +++++++++- .../templates/synapse/docker-compose.yml.j2 | 33 ++++++++++--------- .../templates/synapse/homeserver.yaml.j2 | 6 ++-- .../build/templates/synapse/nginx.host.j2 | 33 +++++++------------ 7 files changed, 91 insertions(+), 46 deletions(-) create mode 100644 deployer/roles/build/tasks/postgres.yml diff --git a/deployer/group_vars/all/vars.yml b/deployer/group_vars/all/vars.yml index 1036bc6..616a3dc 100644 --- a/deployer/group_vars/all/vars.yml +++ b/deployer/group_vars/all/vars.yml @@ -132,6 +132,9 @@ sites: - slug: synapse_test # Shorthand name to use as directory/file name # The site URL (without www) url: test.zinz.dev + # Wanna display custom HTML as landing page? Fill this with its path. + # To keep the defaults, comment line + custom_landing: /vault/www/riot # What kind of site is that? type: synapse # Subnet addresses @@ -139,9 +142,9 @@ sites: subnet_gateway_ip: 172.27.7.1 subnet_site_ip: 172.27.7.2 # PostgreSQL - psql_database: synapse_test - psql_username: synapse_test - psql_password: "{{ vault_synapse_test_psql_password }}" + postgres_database: synapse_test + postgres_username: synapse_test + postgres_password: "{{ vault_synapse_test_psql_password }}" # SMTP contact_email: contact@zinz.dev smtp_host: mail.gandi.net diff --git a/deployer/roles/build/tasks/backup.yml b/deployer/roles/build/tasks/backup.yml index 501abcf..7adf120 100644 --- a/deployer/roles/build/tasks/backup.yml +++ b/deployer/roles/build/tasks/backup.yml @@ -32,7 +32,7 @@ become: yes when: site_data_path is defined -- name: "Database backups" +- name: "MySQL Database backups" block: # You need your root MySQL password stored in /root/.my.cnf to avoid # putting the password in the crontab @@ -60,3 +60,8 @@ } become: yes when: site.mysql_database is defined + +- name: "PostgreSQL Database backups" + block: + debug: msg="TODO PUTAIN BOSSE LÀ" + when: site.postgres_database is defined \ No newline at end of file diff --git a/deployer/roles/build/tasks/postgres.yml b/deployer/roles/build/tasks/postgres.yml new file mode 100644 index 0000000..c758de1 --- /dev/null +++ b/deployer/roles/build/tasks/postgres.yml @@ -0,0 +1,31 @@ +--- +# Needs variables: +# - site: dict describing the site install (cf group_vars/all/vars.yml) + +- name: "Create database {{ site.mysql_database }} if inexistent" + # mysql_db: + # name: "{{ site.mysql_database }}" + # state: present + # # Credentials to log in MySQL + # login_host: localhost + # login_user: root + # login_password: "{{ mysql_root_password }}" + + +# MySQL equivalent: +# TODO: PostgreSQL? +# create user @ identified by ; +# grant all on .* to @; +- name: "Add database user {{ site.mysql_username }}@{{ site.subnet_site_ip }} and grant all privileges on {{ site.mysql_database }}" + # mysql_user: + # # Credentials to log in MySQL + # login_host: localhost + # login_user: root + # login_password: "{{ mysql_root_password }}" + # # Credentials of the new db user + # host: "{{ site.subnet_site_ip }}" + # name: "{{ site.mysql_username }}" + # password: "{{ site.mysql_password }}" + # # Grants + # priv: "{{ site.mysql_database }}.*:all" + # state: present \ No newline at end of file diff --git a/deployer/roles/build/tasks/synapse.yml b/deployer/roles/build/tasks/synapse.yml index 1a1391d..f5e8518 100644 --- a/deployer/roles/build/tasks/synapse.yml +++ b/deployer/roles/build/tasks/synapse.yml @@ -9,4 +9,20 @@ - name: "Render templates" import_tasks: render.yml - tags: render \ No newline at end of file + tags: render + +############################ +# PostgreSQL configuration # +############################ + +- name: "Setup PostgreSQL" + import_tasks: postgres.yml + tags: postgres + +################# +# Setup backups # +################# + +- name: "Setup backups" + import_tasks: backup.yml + tags: backup \ No newline at end of file diff --git a/deployer/roles/build/templates/synapse/docker-compose.yml.j2 b/deployer/roles/build/templates/synapse/docker-compose.yml.j2 index 6479993..af36c92 100644 --- a/deployer/roles/build/templates/synapse/docker-compose.yml.j2 +++ b/deployer/roles/build/templates/synapse/docker-compose.yml.j2 @@ -8,29 +8,30 @@ services: site: # build: site image: matrixdotorg/synapse:{{ gitea.version }} - restart: always + restart: unless-stopped environment: - APP_NAME: "Gitea: git with a cup of coffee" - DOMAIN: "{{ site.url }}" - SSH_DOMAIN: "{{ site.url }}" - ROOL_URL: "https://{{ site.url }}/" - USER_UID: "{{ site.user_uid }}" - USER_GID: "{{ site.user_gid }}" - DB_TYPE: mysql - DB_HOST: "{{ site.subnet_gateway_ip }}" - DB_USER: "{{ site.mysql_username }}" - DB_PASSWD: "{{ site.mysql_password }}" - DB_NAME: "{{ site.mysql_database }}" + - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml + # APP_NAME: "Gitea: git with a cup of coffee" + # DOMAIN: "{{ site.url }}" + # SSH_DOMAIN: "{{ site.url }}" + # ROOL_URL: "https://{{ site.url }}/" + # USER_UID: "{{ site.user_uid }}" + # USER_GID: "{{ site.user_gid }}" + # DB_TYPE: mysql + # DB_HOST: "{{ site.subnet_gateway_ip }}" + # DB_USER: "{{ site.mysql_username }}" + # DB_PASSWD: "{{ site.mysql_password }}" + # DB_NAME: "{{ site.mysql_database }}" volumes: - "{{ site_data_path }}:/data" - - "/home/git/.ssh:/data/git/.ssh" - - "/etc/timezone:/etc/timezone:ro" - - "/etc/localtime:/etc/localtime:ro" + # - "/home/git/.ssh:/data/git/.ssh" + # - "/etc/timezone:/etc/timezone:ro" + # - "/etc/localtime:/etc/localtime:ro" networks: net: ipv4_address: "{{ site.subnet_site_ip }}" ports: - - "127.0.0.1:2222:22" # SSH Passthrough + # - "127.0.0.1:2222:22" # SSH Passthrough networks: net: diff --git a/deployer/roles/build/templates/synapse/homeserver.yaml.j2 b/deployer/roles/build/templates/synapse/homeserver.yaml.j2 index 464dd9f..dea29ce 100644 --- a/deployer/roles/build/templates/synapse/homeserver.yaml.j2 +++ b/deployer/roles/build/templates/synapse/homeserver.yaml.j2 @@ -630,9 +630,9 @@ acme: database: name: psycopg2 args: - user: "{{ site.psql_username }}" - password: "{{ site.psql_password }}" - database: "{{ site.psql_database }}" + user: "{{ site.postgres_username }}" + password: "{{ site.postgres_password }}" + database: "{{ site.postgres_database }}" host: "{{ site.subnet_gateway_ip }}" cp_min: 5 cp_max: 10 diff --git a/deployer/roles/build/templates/synapse/nginx.host.j2 b/deployer/roles/build/templates/synapse/nginx.host.j2 index f73b3d7..cfc2378 100644 --- a/deployer/roles/build/templates/synapse/nginx.host.j2 +++ b/deployer/roles/build/templates/synapse/nginx.host.j2 @@ -10,46 +10,35 @@ server { include snippets/letsencrypt.conf; location / { -{# Does this work as intended when redirect_to_ww is undefined? #} -{% if site.redirect_to_www %} - return 301 https://www.{{ site.url }}$request_uri; -{% else %} return 301 https://{{ site.url }}$request_uri; -{% endif %} } } server { listen 443 ssl; listen [::]:443 ssl; - server_name {{ site.url }} www.{{ site.url }}; + server_name {{ site.url }}; access_log /var/log/nginx/{{ site.slug }}-access.log; error_log /var/log/nginx/{{ site.slug }}-error.log; -{% if site.redirect_to_www %} - # Redirect non-www to www - if ($host = {{ site.url }}) { - rewrite ^ https://www.{{ site.url }}$request_uri permanent; - } -{% else %} - # Redirect www to non-www - if ($host = www.{{ site.url }}) { - rewrite ^ https://{{ site.url }}$request_uri permanent; - } -{% endif %} - # Let's Encrypt include snippets/letsencrypt.conf; include snippets/ssl-params.conf; ssl_certificate /etc/letsencrypt/live/{{ site.url }}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/{{ site.url }}/privkey.pem; - - include snippets/header-params_server.conf; + +{% if site.custom_landing %} location / { + root {{ site.custom_landing }}; + } +{% endif %} + + include snippets/header-params_server.conf; + location /_matrix { include snippets/header-params_location.conf; - - proxy_pass http://{{ site.subnet_site_ip }}:3000; + + proxy_pass http://{{ site.subnet_site_ip }}:8008; } }