WIP synapse

This commit is contained in:
Adrien Luxey 2020-06-01 08:21:27 +02:00
parent a7992930ad
commit dad77e6d3a
7 changed files with 91 additions and 46 deletions

View file

@ -132,6 +132,9 @@ sites:
- slug: synapse_test # Shorthand name to use as directory/file name - slug: synapse_test # Shorthand name to use as directory/file name
# The site URL (without www) # The site URL (without www)
url: test.zinz.dev url: test.zinz.dev
# Wanna display custom HTML as landing page? Fill this with its path.
# To keep the defaults, comment line
custom_landing: /vault/www/riot
# What kind of site is that? # What kind of site is that?
type: synapse type: synapse
# Subnet addresses # Subnet addresses
@ -139,9 +142,9 @@ sites:
subnet_gateway_ip: 172.27.7.1 subnet_gateway_ip: 172.27.7.1
subnet_site_ip: 172.27.7.2 subnet_site_ip: 172.27.7.2
# PostgreSQL # PostgreSQL
psql_database: synapse_test postgres_database: synapse_test
psql_username: synapse_test postgres_username: synapse_test
psql_password: "{{ vault_synapse_test_psql_password }}" postgres_password: "{{ vault_synapse_test_psql_password }}"
# SMTP # SMTP
contact_email: contact@zinz.dev contact_email: contact@zinz.dev
smtp_host: mail.gandi.net smtp_host: mail.gandi.net

View file

@ -32,7 +32,7 @@
become: yes become: yes
when: site_data_path is defined when: site_data_path is defined
- name: "Database backups" - name: "MySQL Database backups"
block: block:
# You need your root MySQL password stored in /root/.my.cnf to avoid # You need your root MySQL password stored in /root/.my.cnf to avoid
# putting the password in the crontab # putting the password in the crontab
@ -60,3 +60,8 @@
} }
become: yes become: yes
when: site.mysql_database is defined when: site.mysql_database is defined
- name: "PostgreSQL Database backups"
block:
debug: msg="TODO PUTAIN BOSSE LÀ"
when: site.postgres_database is defined

View file

@ -0,0 +1,31 @@
---
# Needs variables:
# - site: dict describing the site install (cf group_vars/all/vars.yml)
- name: "Create database {{ site.mysql_database }} if inexistent"
# mysql_db:
# name: "{{ site.mysql_database }}"
# state: present
# # Credentials to log in MySQL
# login_host: localhost
# login_user: root
# login_password: "{{ mysql_root_password }}"
# MySQL equivalent:
# TODO: PostgreSQL?
# create user <user>@<ip> identified by <pass>;
# grant all on <db>.* to <user>@<ip>;
- name: "Add database user {{ site.mysql_username }}@{{ site.subnet_site_ip }} and grant all privileges on {{ site.mysql_database }}"
# mysql_user:
# # Credentials to log in MySQL
# login_host: localhost
# login_user: root
# login_password: "{{ mysql_root_password }}"
# # Credentials of the new db user
# host: "{{ site.subnet_site_ip }}"
# name: "{{ site.mysql_username }}"
# password: "{{ site.mysql_password }}"
# # Grants
# priv: "{{ site.mysql_database }}.*:all"
# state: present

View file

@ -9,4 +9,20 @@
- name: "Render templates" - name: "Render templates"
import_tasks: render.yml import_tasks: render.yml
tags: render tags: render
############################
# PostgreSQL configuration #
############################
- name: "Setup PostgreSQL"
import_tasks: postgres.yml
tags: postgres
#################
# Setup backups #
#################
- name: "Setup backups"
import_tasks: backup.yml
tags: backup

View file

@ -8,29 +8,30 @@ services:
site: site:
# build: site # build: site
image: matrixdotorg/synapse:{{ gitea.version }} image: matrixdotorg/synapse:{{ gitea.version }}
restart: always restart: unless-stopped
environment: environment:
APP_NAME: "Gitea: git with a cup of coffee" - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
DOMAIN: "{{ site.url }}" # APP_NAME: "Gitea: git with a cup of coffee"
SSH_DOMAIN: "{{ site.url }}" # DOMAIN: "{{ site.url }}"
ROOL_URL: "https://{{ site.url }}/" # SSH_DOMAIN: "{{ site.url }}"
USER_UID: "{{ site.user_uid }}" # ROOL_URL: "https://{{ site.url }}/"
USER_GID: "{{ site.user_gid }}" # USER_UID: "{{ site.user_uid }}"
DB_TYPE: mysql # USER_GID: "{{ site.user_gid }}"
DB_HOST: "{{ site.subnet_gateway_ip }}" # DB_TYPE: mysql
DB_USER: "{{ site.mysql_username }}" # DB_HOST: "{{ site.subnet_gateway_ip }}"
DB_PASSWD: "{{ site.mysql_password }}" # DB_USER: "{{ site.mysql_username }}"
DB_NAME: "{{ site.mysql_database }}" # DB_PASSWD: "{{ site.mysql_password }}"
# DB_NAME: "{{ site.mysql_database }}"
volumes: volumes:
- "{{ site_data_path }}:/data" - "{{ site_data_path }}:/data"
- "/home/git/.ssh:/data/git/.ssh" # - "/home/git/.ssh:/data/git/.ssh"
- "/etc/timezone:/etc/timezone:ro" # - "/etc/timezone:/etc/timezone:ro"
- "/etc/localtime:/etc/localtime:ro" # - "/etc/localtime:/etc/localtime:ro"
networks: networks:
net: net:
ipv4_address: "{{ site.subnet_site_ip }}" ipv4_address: "{{ site.subnet_site_ip }}"
ports: ports:
- "127.0.0.1:2222:22" # SSH Passthrough # - "127.0.0.1:2222:22" # SSH Passthrough
networks: networks:
net: net:

View file

@ -630,9 +630,9 @@ acme:
database: database:
name: psycopg2 name: psycopg2
args: args:
user: "{{ site.psql_username }}" user: "{{ site.postgres_username }}"
password: "{{ site.psql_password }}" password: "{{ site.postgres_password }}"
database: "{{ site.psql_database }}" database: "{{ site.postgres_database }}"
host: "{{ site.subnet_gateway_ip }}" host: "{{ site.subnet_gateway_ip }}"
cp_min: 5 cp_min: 5
cp_max: 10 cp_max: 10

View file

@ -10,46 +10,35 @@ server {
include snippets/letsencrypt.conf; include snippets/letsencrypt.conf;
location / { location / {
{# Does this work as intended when redirect_to_ww is undefined? #}
{% if site.redirect_to_www %}
return 301 https://www.{{ site.url }}$request_uri;
{% else %}
return 301 https://{{ site.url }}$request_uri; return 301 https://{{ site.url }}$request_uri;
{% endif %}
} }
} }
server { server {
listen 443 ssl; listen 443 ssl;
listen [::]:443 ssl; listen [::]:443 ssl;
server_name {{ site.url }} www.{{ site.url }}; server_name {{ site.url }};
access_log /var/log/nginx/{{ site.slug }}-access.log; access_log /var/log/nginx/{{ site.slug }}-access.log;
error_log /var/log/nginx/{{ site.slug }}-error.log; error_log /var/log/nginx/{{ site.slug }}-error.log;
{% if site.redirect_to_www %}
# Redirect non-www to www
if ($host = {{ site.url }}) {
rewrite ^ https://www.{{ site.url }}$request_uri permanent;
}
{% else %}
# Redirect www to non-www
if ($host = www.{{ site.url }}) {
rewrite ^ https://{{ site.url }}$request_uri permanent;
}
{% endif %}
# Let's Encrypt # Let's Encrypt
include snippets/letsencrypt.conf; include snippets/letsencrypt.conf;
include snippets/ssl-params.conf; include snippets/ssl-params.conf;
ssl_certificate /etc/letsencrypt/live/{{ site.url }}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/{{ site.url }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ site.url }}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/{{ site.url }}/privkey.pem;
include snippets/header-params_server.conf; {% if site.custom_landing %}
location / { location / {
root {{ site.custom_landing }};
}
{% endif %}
include snippets/header-params_server.conf;
location /_matrix {
include snippets/header-params_location.conf; include snippets/header-params_location.conf;
proxy_pass http://{{ site.subnet_site_ip }}:3000; proxy_pass http://{{ site.subnet_site_ip }}:8008;
} }
} }