WIP synapse
This commit is contained in:
parent
a7992930ad
commit
dad77e6d3a
7 changed files with 91 additions and 46 deletions
|
@ -132,6 +132,9 @@ sites:
|
|||
- slug: synapse_test # Shorthand name to use as directory/file name
|
||||
# The site URL (without www)
|
||||
url: test.zinz.dev
|
||||
# Wanna display custom HTML as landing page? Fill this with its path.
|
||||
# To keep the defaults, comment line
|
||||
custom_landing: /vault/www/riot
|
||||
# What kind of site is that?
|
||||
type: synapse
|
||||
# Subnet addresses
|
||||
|
@ -139,9 +142,9 @@ sites:
|
|||
subnet_gateway_ip: 172.27.7.1
|
||||
subnet_site_ip: 172.27.7.2
|
||||
# PostgreSQL
|
||||
psql_database: synapse_test
|
||||
psql_username: synapse_test
|
||||
psql_password: "{{ vault_synapse_test_psql_password }}"
|
||||
postgres_database: synapse_test
|
||||
postgres_username: synapse_test
|
||||
postgres_password: "{{ vault_synapse_test_psql_password }}"
|
||||
# SMTP
|
||||
contact_email: contact@zinz.dev
|
||||
smtp_host: mail.gandi.net
|
||||
|
|
|
@ -32,7 +32,7 @@
|
|||
become: yes
|
||||
when: site_data_path is defined
|
||||
|
||||
- name: "Database backups"
|
||||
- name: "MySQL Database backups"
|
||||
block:
|
||||
# You need your root MySQL password stored in /root/.my.cnf to avoid
|
||||
# putting the password in the crontab
|
||||
|
@ -60,3 +60,8 @@
|
|||
}
|
||||
become: yes
|
||||
when: site.mysql_database is defined
|
||||
|
||||
- name: "PostgreSQL Database backups"
|
||||
block:
|
||||
debug: msg="TODO PUTAIN BOSSE LÀ"
|
||||
when: site.postgres_database is defined
|
31
deployer/roles/build/tasks/postgres.yml
Normal file
31
deployer/roles/build/tasks/postgres.yml
Normal file
|
@ -0,0 +1,31 @@
|
|||
---
|
||||
# Needs variables:
|
||||
# - site: dict describing the site install (cf group_vars/all/vars.yml)
|
||||
|
||||
- name: "Create database {{ site.mysql_database }} if inexistent"
|
||||
# mysql_db:
|
||||
# name: "{{ site.mysql_database }}"
|
||||
# state: present
|
||||
# # Credentials to log in MySQL
|
||||
# login_host: localhost
|
||||
# login_user: root
|
||||
# login_password: "{{ mysql_root_password }}"
|
||||
|
||||
|
||||
# MySQL equivalent:
|
||||
# TODO: PostgreSQL?
|
||||
# create user <user>@<ip> identified by <pass>;
|
||||
# grant all on <db>.* to <user>@<ip>;
|
||||
- name: "Add database user {{ site.mysql_username }}@{{ site.subnet_site_ip }} and grant all privileges on {{ site.mysql_database }}"
|
||||
# mysql_user:
|
||||
# # Credentials to log in MySQL
|
||||
# login_host: localhost
|
||||
# login_user: root
|
||||
# login_password: "{{ mysql_root_password }}"
|
||||
# # Credentials of the new db user
|
||||
# host: "{{ site.subnet_site_ip }}"
|
||||
# name: "{{ site.mysql_username }}"
|
||||
# password: "{{ site.mysql_password }}"
|
||||
# # Grants
|
||||
# priv: "{{ site.mysql_database }}.*:all"
|
||||
# state: present
|
|
@ -10,3 +10,19 @@
|
|||
- name: "Render templates"
|
||||
import_tasks: render.yml
|
||||
tags: render
|
||||
|
||||
############################
|
||||
# PostgreSQL configuration #
|
||||
############################
|
||||
|
||||
- name: "Setup PostgreSQL"
|
||||
import_tasks: postgres.yml
|
||||
tags: postgres
|
||||
|
||||
#################
|
||||
# Setup backups #
|
||||
#################
|
||||
|
||||
- name: "Setup backups"
|
||||
import_tasks: backup.yml
|
||||
tags: backup
|
|
@ -8,29 +8,30 @@ services:
|
|||
site:
|
||||
# build: site
|
||||
image: matrixdotorg/synapse:{{ gitea.version }}
|
||||
restart: always
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
APP_NAME: "Gitea: git with a cup of coffee"
|
||||
DOMAIN: "{{ site.url }}"
|
||||
SSH_DOMAIN: "{{ site.url }}"
|
||||
ROOL_URL: "https://{{ site.url }}/"
|
||||
USER_UID: "{{ site.user_uid }}"
|
||||
USER_GID: "{{ site.user_gid }}"
|
||||
DB_TYPE: mysql
|
||||
DB_HOST: "{{ site.subnet_gateway_ip }}"
|
||||
DB_USER: "{{ site.mysql_username }}"
|
||||
DB_PASSWD: "{{ site.mysql_password }}"
|
||||
DB_NAME: "{{ site.mysql_database }}"
|
||||
- SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
|
||||
# APP_NAME: "Gitea: git with a cup of coffee"
|
||||
# DOMAIN: "{{ site.url }}"
|
||||
# SSH_DOMAIN: "{{ site.url }}"
|
||||
# ROOL_URL: "https://{{ site.url }}/"
|
||||
# USER_UID: "{{ site.user_uid }}"
|
||||
# USER_GID: "{{ site.user_gid }}"
|
||||
# DB_TYPE: mysql
|
||||
# DB_HOST: "{{ site.subnet_gateway_ip }}"
|
||||
# DB_USER: "{{ site.mysql_username }}"
|
||||
# DB_PASSWD: "{{ site.mysql_password }}"
|
||||
# DB_NAME: "{{ site.mysql_database }}"
|
||||
volumes:
|
||||
- "{{ site_data_path }}:/data"
|
||||
- "/home/git/.ssh:/data/git/.ssh"
|
||||
- "/etc/timezone:/etc/timezone:ro"
|
||||
- "/etc/localtime:/etc/localtime:ro"
|
||||
# - "/home/git/.ssh:/data/git/.ssh"
|
||||
# - "/etc/timezone:/etc/timezone:ro"
|
||||
# - "/etc/localtime:/etc/localtime:ro"
|
||||
networks:
|
||||
net:
|
||||
ipv4_address: "{{ site.subnet_site_ip }}"
|
||||
ports:
|
||||
- "127.0.0.1:2222:22" # SSH Passthrough
|
||||
# - "127.0.0.1:2222:22" # SSH Passthrough
|
||||
|
||||
networks:
|
||||
net:
|
||||
|
|
|
@ -630,9 +630,9 @@ acme:
|
|||
database:
|
||||
name: psycopg2
|
||||
args:
|
||||
user: "{{ site.psql_username }}"
|
||||
password: "{{ site.psql_password }}"
|
||||
database: "{{ site.psql_database }}"
|
||||
user: "{{ site.postgres_username }}"
|
||||
password: "{{ site.postgres_password }}"
|
||||
database: "{{ site.postgres_database }}"
|
||||
host: "{{ site.subnet_gateway_ip }}"
|
||||
cp_min: 5
|
||||
cp_max: 10
|
||||
|
|
|
@ -10,35 +10,18 @@ server {
|
|||
include snippets/letsencrypt.conf;
|
||||
|
||||
location / {
|
||||
{# Does this work as intended when redirect_to_ww is undefined? #}
|
||||
{% if site.redirect_to_www %}
|
||||
return 301 https://www.{{ site.url }}$request_uri;
|
||||
{% else %}
|
||||
return 301 https://{{ site.url }}$request_uri;
|
||||
{% endif %}
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name {{ site.url }} www.{{ site.url }};
|
||||
server_name {{ site.url }};
|
||||
|
||||
access_log /var/log/nginx/{{ site.slug }}-access.log;
|
||||
error_log /var/log/nginx/{{ site.slug }}-error.log;
|
||||
|
||||
{% if site.redirect_to_www %}
|
||||
# Redirect non-www to www
|
||||
if ($host = {{ site.url }}) {
|
||||
rewrite ^ https://www.{{ site.url }}$request_uri permanent;
|
||||
}
|
||||
{% else %}
|
||||
# Redirect www to non-www
|
||||
if ($host = www.{{ site.url }}) {
|
||||
rewrite ^ https://{{ site.url }}$request_uri permanent;
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
# Let's Encrypt
|
||||
include snippets/letsencrypt.conf;
|
||||
|
||||
|
@ -46,10 +29,16 @@ server {
|
|||
ssl_certificate /etc/letsencrypt/live/{{ site.url }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ site.url }}/privkey.pem;
|
||||
|
||||
include snippets/header-params_server.conf;
|
||||
{% if site.custom_landing %}
|
||||
location / {
|
||||
root {{ site.custom_landing }};
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
include snippets/header-params_server.conf;
|
||||
location /_matrix {
|
||||
include snippets/header-params_location.conf;
|
||||
|
||||
proxy_pass http://{{ site.subnet_site_ip }}:3000;
|
||||
proxy_pass http://{{ site.subnet_site_ip }}:8008;
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue