mirror of
				https://github.com/spantaleev/matrix-docker-ansible-deploy.git
				synced 2025-10-26 04:50:40 +01:00 
			
		
		
		
	sync with previous repo
This commit is contained in:
		
							
								
								
									
										99
									
								
								roles/matrix-awx/tasks/backup_server.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										99
									
								
								roles/matrix-awx/tasks/backup_server.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,99 @@ | ||||
|  | ||||
| - name: Record Backup Server variables locally on AWX | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' | ||||
|     regexp: "^#? *{{ item.key | regex_escape() }}:" | ||||
|     line: "{{ item.key }}: {{ item.value }}" | ||||
|     insertafter: '# AWX Settings Start' | ||||
|   with_dict: | ||||
|     'matrix_awx_backup_enabled': '{{ matrix_awx_backup_enabled }}' | ||||
|   tags: use-survey | ||||
|  | ||||
| - name: Save new 'Backup Server' survey.json to the AWX tower, template | ||||
|   delegate_to: 127.0.0.1 | ||||
|   template: | ||||
|     src: 'roles/matrix-awx/surveys/backup_server.json.j2' | ||||
|     dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json' | ||||
|   tags: use-survey | ||||
|  | ||||
| - name: Copy new 'Backup Server' survey.json to target machine | ||||
|   copy: | ||||
|     src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json' | ||||
|     dest: '/matrix/awx/backup_server.json' | ||||
|     mode: '0660' | ||||
|   tags: use-survey | ||||
|  | ||||
| - name: Collect AWX admin token the hard way! | ||||
|   delegate_to: 127.0.0.1 | ||||
|   shell: | | ||||
|       curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' | ||||
|   register: tower_token | ||||
|   no_log: True | ||||
|   tags: use-survey | ||||
|  | ||||
| - name: Recreate 'Backup Server' job template | ||||
|   delegate_to: 127.0.0.1 | ||||
|   awx.awx.tower_job_template: | ||||
|     name: "{{ matrix_domain }} - 0 - Backup Server" | ||||
|     description: "Performs a backup of the entire service to a remote location." | ||||
|     extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" | ||||
|     job_type: run | ||||
|     job_tags: "backup-server,use-survey" | ||||
|     inventory: "{{ member_id }}" | ||||
|     project: "{{ member_id }} - Matrix Docker Ansible Deploy" | ||||
|     playbook: setup.yml | ||||
|     credential: "{{ member_id }} - AWX SSH Key" | ||||
|     survey_enabled: true | ||||
|     survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json') }}" | ||||
|     become_enabled: yes | ||||
|     state: present | ||||
|     verbosity: 1 | ||||
|     tower_host: "https://{{ tower_host }}" | ||||
|     tower_oauthtoken: "{{ tower_token.stdout }}" | ||||
|     validate_certs: yes | ||||
|   tags: use-survey | ||||
|  | ||||
| - name: Include vars in matrix_vars.yml | ||||
|   include_vars: | ||||
|     file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' | ||||
|   no_log: True | ||||
|  | ||||
| - name: Copy new 'matrix_vars.yml' to target machine | ||||
|   copy: | ||||
|     src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' | ||||
|     dest: '/matrix/awx/matrix_vars.yml' | ||||
|     mode: '0660' | ||||
|   tags: use-survey | ||||
|  | ||||
| - name: Run initial backup of /matrix/ and snapshot the database simultaneously  | ||||
|   command: "{{ item }}"  | ||||
|   with_items: | ||||
|     - borgmatic -c /root/.config/borgmatic/config_1.yaml | ||||
|     - /bin/sh /usr/local/bin/awx-export-service.sh 1 0 | ||||
|   register: _create_instances | ||||
|   async: 3600  # Maximum runtime in seconds. | ||||
|   poll: 0  # Fire and continue (never poll) | ||||
|   when: matrix_awx_backup_enabled|bool | ||||
|  | ||||
| - name: Wait for both of these jobs to finish | ||||
|   async_status: | ||||
|     jid: "{{ item.ansible_job_id }}" | ||||
|   register: _jobs | ||||
|   until: _jobs.finished | ||||
|   delay: 5  # Check every 5 seconds. | ||||
|   retries: 720  # Retry for a full hour. | ||||
|   with_items: "{{ _create_instances.results }}" | ||||
|   when: matrix_awx_backup_enabled|bool | ||||
|  | ||||
| - name: Perform borg backup of postgres dump | ||||
|   command: borgmatic -c /root/.config/borgmatic/config_2.yaml | ||||
|   when: matrix_awx_backup_enabled|bool | ||||
|  | ||||
| - name: Set boolean value to exit playbook | ||||
|   set_fact: | ||||
|     end_playbook: true | ||||
|  | ||||
| - name: End playbook if this task list is called. | ||||
|   meta: end_play | ||||
|   when: end_playbook is defined and end_playbook|bool | ||||
							
								
								
									
										12
									
								
								roles/matrix-awx/tasks/cache_matrix_variables.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										12
									
								
								roles/matrix-awx/tasks/cache_matrix_variables.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,12 @@ | ||||
|  | ||||
| - name: Collect current datetime | ||||
|   set_fact: | ||||
|     awx_datetime: "{{ lookup('pipe', 'date +%Y-%m-%d_%H:%M') }}" | ||||
|  | ||||
| - name: Create cached matrix_vars.yml file location | ||||
|   set_fact: | ||||
|     awx_cached_matrix_vars: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars_{{ awx_datetime }}.yml' | ||||
|  | ||||
| - name: Create cached matrix_vars.yml | ||||
|   delegate_to: 127.0.0.1 | ||||
|   shell: "cp /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml {{ awx_cached_matrix_vars }}" | ||||
							
								
								
									
										31
									
								
								roles/matrix-awx/tasks/create_user.yml
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										31
									
								
								roles/matrix-awx/tasks/create_user.yml
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,31 @@ | ||||
| # | ||||
| # Create user and define if they are admin | ||||
| # | ||||
| # /usr/local/bin/matrix-synapse-register-user <your_username> <your_password> <admin access: 0 or 1> | ||||
| # | ||||
|  | ||||
| - name: Set admin bool to zero | ||||
|   set_fact: | ||||
|     admin_bool: 0 | ||||
|   when: admin_access == 'false' | ||||
|  | ||||
| - name: Examine if server admin set | ||||
|   set_fact: | ||||
|     admin_bool: 1 | ||||
|   when: admin_access == 'true' | ||||
|  | ||||
| - name: Set boolean value to exit playbook | ||||
|   set_fact: | ||||
|     end_playbook: true | ||||
|  | ||||
| - name: Create user account | ||||
|   command: | | ||||
|     /usr/local/bin/matrix-synapse-register-user {{ new_username | quote }} {{ new_password | quote }} {{ admin_bool }} | ||||
|   register: cmd | ||||
|  | ||||
| - name: Result | ||||
|   debug: msg="{{ cmd.stdout }}" | ||||
|  | ||||
| - name: End playbook if this task list is called. | ||||
|   meta: end_play | ||||
|   when: end_playbook is defined and end_playbook|bool | ||||
							
								
								
									
										273
									
								
								roles/matrix-awx/tasks/customise_website_access_export.yml
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										273
									
								
								roles/matrix-awx/tasks/customise_website_access_export.yml
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,273 @@ | ||||
|  | ||||
| - name: Enable index.html creation if user doesn't wish to customise base domain | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: "^#? *{{ item.key | regex_escape() }}:" | ||||
|     line: "{{ item.key }}: {{ item.value }}" | ||||
|     insertafter: '# Base Domain Settings Start' | ||||
|   with_dict: | ||||
|     'matrix_nginx_proxy_base_domain_homepage_enabled': 'true' | ||||
|   when: (customise_base_domain_website is defined) and not customise_base_domain_website|bool | ||||
|  | ||||
| - name: Disable index.html creation to allow multi-file site if user does wish to customise base domain | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: "^#? *{{ item.key | regex_escape() }}:" | ||||
|     line: "{{ item.key }}: {{ item.value }}" | ||||
|     insertafter: '# Base Domain Settings Start' | ||||
|   with_dict: | ||||
|     'matrix_nginx_proxy_base_domain_homepage_enabled': 'false' | ||||
|   when: (customise_base_domain_website is defined) and customise_base_domain_website|bool | ||||
|  | ||||
| - name: Record custom 'Customise Website + Access Export' variables locally on AWX | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: "^#? *{{ item.key | regex_escape() }}:" | ||||
|     line: "{{ item.key }}: {{ item.value }}" | ||||
|     insertafter: '# Custom Settings Start' | ||||
|   with_dict: | ||||
|     'sftp_auth_method': '"{{ sftp_auth_method }}"' | ||||
|     'sftp_password': '"{{ sftp_password }}"' | ||||
|     'sftp_public_key': '"{{ sftp_public_key }}"' | ||||
|  | ||||
| - name: Record custom 'Customise Website + Access Export' variables locally on AWX | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: "^#? *{{ item.key | regex_escape() }}:" | ||||
|     line: "{{ item.key }}: {{ item.value }}" | ||||
|     insertafter: '# Custom Settings Start' | ||||
|   with_dict: | ||||
|     'customise_base_domain_website': '{{ customise_base_domain_website }}' | ||||
|   when: customise_base_domain_website is defined | ||||
|  | ||||
| - name: Reload vars in matrix_vars.yml | ||||
|   include_vars: | ||||
|     file: '{{ awx_cached_matrix_vars }}' | ||||
|   no_log: True | ||||
|  | ||||
| - name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template | ||||
|   delegate_to: 127.0.0.1 | ||||
|   template: | ||||
|     src: './roles/matrix-awx/surveys/configure_website_access_export.json.j2' | ||||
|     dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json' | ||||
|   when: customise_base_domain_website is defined | ||||
|  | ||||
| - name: Copy new 'Customise Website + Access Export' survey.json to target machine | ||||
|   copy: | ||||
|     src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json' | ||||
|     dest:  '/matrix/awx/configure_website_access_export.json' | ||||
|     mode: '0660' | ||||
|   when: customise_base_domain_website is defined | ||||
|  | ||||
| - name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template | ||||
|   delegate_to: 127.0.0.1 | ||||
|   template: | ||||
|     src: './roles/matrix-awx/surveys/access_export.json.j2' | ||||
|     dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json' | ||||
|   when: customise_base_domain_website is undefined | ||||
|  | ||||
| - name: Copy new 'Customise Website + Access Export' survey.json to target machine | ||||
|   copy: | ||||
|     src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json' | ||||
|     dest:  '/matrix/awx/access_export.json' | ||||
|     mode: '0660' | ||||
|   when: customise_base_domain_website is undefined | ||||
|  | ||||
| - name: Collect AWX admin token the hard way! | ||||
|   delegate_to: 127.0.0.1 | ||||
|   shell: | | ||||
|       curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' | ||||
|   register: tower_token | ||||
|   no_log: True | ||||
|  | ||||
| - name: Recreate 'Configure Website + Access Export' job template | ||||
|   delegate_to: 127.0.0.1 | ||||
|   awx.awx.tower_job_template: | ||||
|     name: "{{ matrix_domain }} - 1 - Configure Website + Access Export" | ||||
|     description: "Configure base domain website settings and access the servers export." | ||||
|     extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" | ||||
|     job_type: run | ||||
|     job_tags: "start,setup-nginx-proxy" | ||||
|     inventory: "{{ member_id }}" | ||||
|     project: "{{ member_id }} - Matrix Docker Ansible Deploy" | ||||
|     playbook: setup.yml | ||||
|     credential: "{{ member_id }} - AWX SSH Key" | ||||
|     survey_enabled: true | ||||
|     survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json') }}" | ||||
|     become_enabled: yes | ||||
|     state: present | ||||
|     verbosity: 1 | ||||
|     tower_host: "https://{{ tower_host }}" | ||||
|     tower_oauthtoken: "{{ tower_token.stdout }}" | ||||
|     validate_certs: yes | ||||
|   when: customise_base_domain_website is defined | ||||
|  | ||||
| - name: Recreate 'Access Export' job template | ||||
|   delegate_to: 127.0.0.1 | ||||
|   awx.awx.tower_job_template: | ||||
|     name: "{{ matrix_domain }} - 1 - Access Export" | ||||
|     description: "Access the services export." | ||||
|     extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" | ||||
|     job_type: run | ||||
|     job_tags: "start,setup-nginx-proxy" | ||||
|     inventory: "{{ member_id }}" | ||||
|     project: "{{ member_id }} - Matrix Docker Ansible Deploy" | ||||
|     playbook: setup.yml | ||||
|     credential: "{{ member_id }} - AWX SSH Key" | ||||
|     survey_enabled: true | ||||
|     survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json') }}" | ||||
|     become_enabled: yes | ||||
|     state: present | ||||
|     verbosity: 1 | ||||
|     tower_host: "https://{{ tower_host }}" | ||||
|     tower_oauthtoken: "{{ tower_token.stdout }}" | ||||
|     validate_certs: yes | ||||
|   when: customise_base_domain_website is undefined | ||||
|  | ||||
| - name: If user doesn't define a sftp_password, create a disabled 'sftp' account | ||||
|   user: | ||||
|     name: sftp | ||||
|     comment: SFTP user to set custom web files and access servers export | ||||
|     shell: /bin/false | ||||
|     home: /home/sftp | ||||
|     group: matrix | ||||
|     password: '*' | ||||
|     update_password: always | ||||
|   when: sftp_password|length == 0 | ||||
|  | ||||
| - name: If user defines sftp_password, enable account and set password on 'stfp' account | ||||
|   user: | ||||
|     name: sftp | ||||
|     comment: SFTP user to set custom web files and access servers export | ||||
|     shell: /bin/false | ||||
|     home: /home/sftp | ||||
|     group: matrix | ||||
|     password: "{{ sftp_password | password_hash('sha512') }}" | ||||
|     update_password: always | ||||
|   when: sftp_password|length > 0 | ||||
|  | ||||
| - name: Ensure group "sftp" exists | ||||
|   group: | ||||
|     name: sftp | ||||
|     state: present | ||||
|  | ||||
| - name: adding existing user 'sftp' to group matrix | ||||
|   user: | ||||
|     name: sftp | ||||
|     groups: sftp | ||||
|     append: yes | ||||
|   when: customise_base_domain_website is defined | ||||
|  | ||||
| - name: Create the ro /chroot directory with sticky bit if it doesn't exist. (/chroot/website has matrix:matrix permissions and is mounted to nginx container) | ||||
|   file: | ||||
|     path: /chroot | ||||
|     state: directory | ||||
|     owner: root | ||||
|     group: root | ||||
|     mode: '1755' | ||||
|  | ||||
| - name: Ensure /chroot/website location exists. | ||||
|   file: | ||||
|     path: /chroot/website | ||||
|     state: directory | ||||
|     owner: matrix | ||||
|     group: matrix | ||||
|     mode: '0770' | ||||
|   when: customise_base_domain_website is defined | ||||
|  | ||||
| - name: Ensure /chroot/export location exists | ||||
|   file: | ||||
|     path: /chroot/export | ||||
|     state: directory | ||||
|     owner: sftp | ||||
|     group: sftp | ||||
|     mode: '0700' | ||||
|  | ||||
| - name: Ensure /home/sftp/.ssh location exists | ||||
|   file: | ||||
|     path: /home/sftp/.ssh | ||||
|     state: directory | ||||
|     owner: sftp | ||||
|     group: sftp | ||||
|     mode: '0700' | ||||
|  | ||||
| - name: Ensure /home/sftp/authorized_keys exists | ||||
|   file: | ||||
|     path: /home/sftp/.ssh/authorized_keys | ||||
|     state: touch | ||||
|     owner: sftp | ||||
|     group: sftp | ||||
|     mode: '0644' | ||||
|  | ||||
| - name: Clear authorized_keys file | ||||
|   shell: echo "" > /home/sftp/.ssh/authorized_keys | ||||
|  | ||||
| - name: Insert public SSH key into authorized_keys file | ||||
|   lineinfile: | ||||
|     path: /home/sftp/.ssh/authorized_keys | ||||
|     line: "{{ sftp_public_key }}" | ||||
|     owner: sftp | ||||
|     group: sftp | ||||
|     mode: '0644' | ||||
|   when: (sftp_public_key | length > 0) and (sftp_auth_method == "SSH Key") | ||||
|      | ||||
| - name: Remove any existing Subsystem lines | ||||
|   lineinfile: | ||||
|     path: /etc/ssh/sshd_config | ||||
|     state: absent | ||||
|     regexp: '^Subsystem' | ||||
|  | ||||
| - name: Set SSH Subsystem State | ||||
|   lineinfile: | ||||
|     path: /etc/ssh/sshd_config | ||||
|     insertafter: "^# override default of no subsystems" | ||||
|     line: "Subsystem sftp internal-sftp" | ||||
|  | ||||
| - name: Add SSH Match User section for disabled auth | ||||
|   blockinfile: | ||||
|     path: /etc/ssh/sshd_config | ||||
|     state: absent | ||||
|     block: | | ||||
|       Match User sftp | ||||
|           ChrootDirectory /chroot | ||||
|           PermitTunnel no | ||||
|           X11Forwarding no | ||||
|           AllowTcpForwarding no | ||||
|           PasswordAuthentication yes | ||||
|           AuthorizedKeysFile /home/sftp/.ssh/authorized_keys | ||||
|   when: sftp_auth_method == "Disabled" | ||||
|  | ||||
| - name: Add SSH Match User section for password auth | ||||
|   blockinfile: | ||||
|     path: /etc/ssh/sshd_config | ||||
|     state: present | ||||
|     block: | | ||||
|       Match User sftp | ||||
|           ChrootDirectory /chroot | ||||
|           PermitTunnel no | ||||
|           X11Forwarding no | ||||
|           AllowTcpForwarding no | ||||
|           PasswordAuthentication yes | ||||
|   when: sftp_auth_method == "Password" | ||||
|  | ||||
| - name: Add SSH Match User section for publickey auth | ||||
|   blockinfile: | ||||
|     path: /etc/ssh/sshd_config | ||||
|     state: present | ||||
|     block: | | ||||
|       Match User sftp | ||||
|           ChrootDirectory /chroot | ||||
|           PermitTunnel no | ||||
|           X11Forwarding no | ||||
|           AllowTcpForwarding no | ||||
|           AuthorizedKeysFile /home/sftp/.ssh/authorized_keys | ||||
|   when: sftp_auth_method == "SSH Key" | ||||
|  | ||||
| - name: Restart service ssh.service | ||||
|   service: | ||||
|     name: ssh.service | ||||
|     state: restarted | ||||
							
								
								
									
										33
									
								
								roles/matrix-awx/tasks/export_server.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										33
									
								
								roles/matrix-awx/tasks/export_server.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,33 @@ | ||||
|  | ||||
| - name: Run export of /matrix/ and snapshot the database simultaneously  | ||||
|   command: "{{ item }}"  | ||||
|   with_items: | ||||
|     - /bin/sh /usr/local/bin/awx-export-service.sh 1 0 | ||||
|     - /bin/sh /usr/local/bin/awx-export-service.sh 0 1 | ||||
|   register: _create_instances | ||||
|   async: 3600  # Maximum runtime in seconds. | ||||
|   poll: 0  # Fire and continue (never poll) | ||||
|  | ||||
| - name: Wait for both of these jobs to finish | ||||
|   async_status: | ||||
|     jid: "{{ item.ansible_job_id }}" | ||||
|   register: _jobs | ||||
|   until: _jobs.finished | ||||
|   delay: 5  # Check every 5 seconds. | ||||
|   retries: 720  # Retry for a full hour. | ||||
|   with_items: "{{ _create_instances.results }}" | ||||
|  | ||||
| - name: Schedule deletion of the export in 24 hours | ||||
|   at: | ||||
|     command: rm /chroot/export/matrix* | ||||
|     count: 1 | ||||
|     units: days | ||||
|     unique: yes | ||||
|  | ||||
| - name: Set boolean value to exit playbook | ||||
|   set_fact: | ||||
|     end_playbook: true | ||||
|  | ||||
| - name: End playbook if this task list is called. | ||||
|   meta: end_play | ||||
|   when: end_playbook is defined and end_playbook|bool | ||||
							
								
								
									
										7
									
								
								roles/matrix-awx/tasks/import_awx.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								roles/matrix-awx/tasks/import_awx.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,7 @@ | ||||
|  | ||||
| - name: Ensure correct ownership of /matrix/awx | ||||
|   shell: chown -R matrix:matrix /matrix/awx | ||||
|  | ||||
| - name: Ensure correct ownership of /matrix/synapse | ||||
|   shell: chown -R matrix:matrix /matrix/synapse | ||||
|  | ||||
							
								
								
									
										11
									
								
								roles/matrix-awx/tasks/load_hosting_and_org_variables.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										11
									
								
								roles/matrix-awx/tasks/load_hosting_and_org_variables.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,11 @@ | ||||
|  | ||||
| - name: Include vars in organisation.yml | ||||
|   include_vars: | ||||
|     file: '/var/lib/awx/projects/clients/{{ member_id }}/organisation.yml' | ||||
|   no_log: True | ||||
|  | ||||
| - name: Include vars in hosting_vars.yml | ||||
|   include_vars: | ||||
|     file: '/var/lib/awx/projects/hosting/hosting_vars.yml' | ||||
|   no_log: True | ||||
|  | ||||
							
								
								
									
										15
									
								
								roles/matrix-awx/tasks/load_matrix_variables.yml
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										15
									
								
								roles/matrix-awx/tasks/load_matrix_variables.yml
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,15 @@ | ||||
|  | ||||
| - name: Include new vars in matrix_vars.yml | ||||
|   include_vars: | ||||
|     file: '{{ awx_cached_matrix_vars }}' | ||||
|   no_log: True | ||||
|  | ||||
| - name: If include_vars succeeds overwrite the old matrix_vars.yml  | ||||
|   delegate_to: 127.0.0.1 | ||||
|   shell: "cp {{ awx_cached_matrix_vars }} /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml && rm {{ awx_cached_matrix_vars }}" | ||||
|  | ||||
| - name: Copy new 'matrix_vars.yml' to target machine | ||||
|   copy: | ||||
|     src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' | ||||
|     dest: '/matrix/awx/matrix_vars.yml' | ||||
|     mode: '0660' | ||||
							
								
								
									
										189
									
								
								roles/matrix-awx/tasks/main.yml
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										189
									
								
								roles/matrix-awx/tasks/main.yml
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,189 @@ | ||||
|  | ||||
| # Load initial hosting and organisation variables from AWX volume | ||||
| - include_tasks:  | ||||
|     file: "load_hosting_and_org_variables.yml" | ||||
|     apply: | ||||
|       tags: always | ||||
|   when: run_setup|bool and matrix_awx_enabled|bool | ||||
|   tags: | ||||
|     - always | ||||
|  | ||||
| # Renames the variables if needed | ||||
| - include_tasks:  | ||||
|     file: "rename_variables.yml" | ||||
|     apply: | ||||
|       tags: always | ||||
|   when: run_setup|bool and matrix_awx_enabled|bool | ||||
|   tags: | ||||
|     - always | ||||
|  | ||||
| # Perform a backup of the server | ||||
| - include_tasks:  | ||||
|     file: "backup_server.yml" | ||||
|     apply: | ||||
|       tags: backup-server | ||||
|   when: run_setup|bool and matrix_awx_enabled|bool | ||||
|   tags: | ||||
|     - backup-server | ||||
|      | ||||
| # Perform a export of the server | ||||
| - include_tasks:  | ||||
|     file: "export_server.yml" | ||||
|     apply: | ||||
|       tags: export-server | ||||
|   when: run_setup|bool and matrix_awx_enabled|bool | ||||
|   tags: | ||||
|     - export-server | ||||
|  | ||||
| # Create a user account if called | ||||
| - include_tasks:  | ||||
|     file: "create_user.yml" | ||||
|     apply: | ||||
|       tags: create-user | ||||
|   when: run_setup|bool and matrix_awx_enabled|bool | ||||
|   tags: | ||||
|     - create-user | ||||
|  | ||||
| # Purge local/remote media if called | ||||
| - include_tasks:  | ||||
|     file: "purge_media_main.yml" | ||||
|     apply: | ||||
|       tags: purge-media | ||||
|   when: run_setup|bool and matrix_awx_enabled|bool | ||||
|   tags: | ||||
|     - purge-media | ||||
|  | ||||
| # Purge Synapse database if called | ||||
| - include_tasks:  | ||||
|     file: "purge_database_main.yml" | ||||
|     apply: | ||||
|       tags: purge-database | ||||
|   when: run_setup|bool and matrix_awx_enabled|bool | ||||
|   tags: | ||||
|     - purge-database | ||||
|  | ||||
| # Import configs, media repo from /chroot/backup import | ||||
| - include_tasks:  | ||||
|     file: "import_awx.yml" | ||||
|     apply: | ||||
|       tags: import-awx | ||||
|   when: run_setup|bool and matrix_awx_enabled|bool | ||||
|   tags: | ||||
|     - import-awx | ||||
|      | ||||
| # Perform extra self-check functions | ||||
| - include_tasks:  | ||||
|     file: "self_check.yml" | ||||
|     apply: | ||||
|       tags: self-check | ||||
|   when: run_setup|bool and matrix_awx_enabled|bool | ||||
|   tags: | ||||
|     - self-check | ||||
|  | ||||
| # Create cached matrix_vars.yml file | ||||
| - include_tasks:  | ||||
|     file: "cache_matrix_variables.yml" | ||||
|     apply: | ||||
|       tags: always | ||||
|   when: run_setup|bool and matrix_awx_enabled|bool | ||||
|   tags: | ||||
|     - always | ||||
|  | ||||
| # Configure SFTP so user can upload a static website or access the servers export | ||||
| - include_tasks:  | ||||
|     file: "customise_website_access_export.yml" | ||||
|     apply: | ||||
|       tags: setup-nginx-proxy | ||||
|   when: run_setup|bool and matrix_awx_enabled|bool | ||||
|   tags: | ||||
|     - setup-nginx-proxy | ||||
|  | ||||
| # Additional playbook to set the variable file during Element configuration | ||||
| - include_tasks:  | ||||
|     file: "set_variables_element.yml" | ||||
|     apply: | ||||
|       tags: setup-client-element | ||||
|   when: run_setup|bool and matrix_awx_enabled|bool | ||||
|   tags: | ||||
|     - setup-client-element | ||||
|  | ||||
| # Additional playbook to set the variable file during Mailer configuration | ||||
| - include_tasks:  | ||||
|     file: "set_variables_mailer.yml" | ||||
|     apply: | ||||
|       tags: setup-mailer | ||||
|   when: run_setup|bool and matrix_awx_enabled|bool | ||||
|   tags: | ||||
|     - setup-mailer | ||||
|  | ||||
| # Additional playbook to set the variable file during Element configuration | ||||
| - include_tasks:  | ||||
|     file: "set_variables_element_subdomain.yml" | ||||
|     apply: | ||||
|       tags: setup-client-element-subdomain | ||||
|   when: run_setup|bool and matrix_awx_enabled|bool | ||||
|   tags: | ||||
|     - setup-client-element-subdomain | ||||
|  | ||||
| # Additional playbook to set the variable file during Synapse configuration | ||||
| - include_tasks:  | ||||
|     file: "set_variables_synapse.yml" | ||||
|     apply: | ||||
|       tags: setup-synapse | ||||
|   when: run_setup|bool and matrix_awx_enabled|bool | ||||
|   tags: | ||||
|     - setup-synapse | ||||
|  | ||||
| # Additional playbook to set the variable file during Jitsi configuration | ||||
| - include_tasks:  | ||||
|     file: "set_variables_jitsi.yml" | ||||
|     apply: | ||||
|       tags: setup-jitsi | ||||
|   when: run_setup|bool and matrix_awx_enabled|bool | ||||
|   tags: | ||||
|     - setup-jitsi | ||||
|  | ||||
| # Additional playbook to set the variable file during Ma1sd configuration | ||||
| - include_tasks:  | ||||
|     file: "set_variables_ma1sd.yml" | ||||
|     apply: | ||||
|       tags: setup-ma1sd | ||||
|   when: run_setup|bool and matrix_awx_enabled|bool | ||||
|   tags: | ||||
|     - setup-ma1sd | ||||
|  | ||||
| # Additional playbook to set the variable file during Corporal configuration | ||||
| - include_tasks:  | ||||
|     file: "set_variables_corporal.yml" | ||||
|     apply: | ||||
|       tags: setup-corporal | ||||
|   when: run_setup|bool and matrix_awx_enabled|bool | ||||
|   tags: | ||||
|     - setup-corporal | ||||
|  | ||||
| # Additional playbook to set the variable file during Dimension configuration | ||||
| - include_tasks:  | ||||
|     file: "set_variables_dimension.yml" | ||||
|     apply: | ||||
|       tags: setup-dimension | ||||
|   when: run_setup|bool and matrix_awx_enabled|bool | ||||
|   tags: | ||||
|     - setup-dimension | ||||
|  | ||||
| # Additional playbook to set the variable file during Synapse Admin configuration | ||||
| - include_tasks:  | ||||
|     file: "set_variables_synapse_admin.yml" | ||||
|     apply: | ||||
|       tags: setup-synapse-admin | ||||
|   when: run_setup|bool and matrix_awx_enabled|bool | ||||
|   tags: | ||||
|     - setup-synapse-admin | ||||
|  | ||||
| # Load newly formed matrix variables from AWX volume | ||||
| - include_tasks:  | ||||
|     file: "load_matrix_variables.yml" | ||||
|     apply: | ||||
|       tags: always | ||||
|   when: run_setup|bool and matrix_awx_enabled|bool | ||||
|   tags: | ||||
|     - always | ||||
							
								
								
									
										10
									
								
								roles/matrix-awx/tasks/purge_database_build_list.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										10
									
								
								roles/matrix-awx/tasks/purge_database_build_list.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,10 @@ | ||||
|  | ||||
| - name: Collect entire room list into stdout | ||||
|   shell: | | ||||
|     curl -X GET --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/rooms?from={{ item }}' | ||||
|   register: rooms_output | ||||
|    | ||||
| - name: Print stdout to file | ||||
|   delegate_to: 127.0.0.1 | ||||
|   shell: | | ||||
|     echo '{{ rooms_output.stdout }}' >> /tmp/{{ subscription_id }}_room_list_complete.json | ||||
							
								
								
									
										13
									
								
								roles/matrix-awx/tasks/purge_database_events.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										13
									
								
								roles/matrix-awx/tasks/purge_database_events.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,13 @@ | ||||
|  | ||||
| - name: Purge all rooms with more then N events | ||||
|   shell: | | ||||
|     curl --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ purge_epoche_time.stdout }}000 }' "{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_history/{{ item[1:-1] }}" | ||||
|   register: purge_command | ||||
|  | ||||
| - name: Print output of purge command | ||||
|   debug:  | ||||
|     msg: "{{ purge_command.stdout }}" | ||||
|  | ||||
| - name: Pause for 5 seconds to let Synapse breathe | ||||
|   pause: | ||||
|     seconds: 5 | ||||
							
								
								
									
										317
									
								
								roles/matrix-awx/tasks/purge_database_main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										317
									
								
								roles/matrix-awx/tasks/purge_database_main.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,317 @@ | ||||
|  | ||||
| - name: Ensure dateutils and curl is installed in AWX | ||||
|   delegate_to: 127.0.0.1 | ||||
|   yum: | ||||
|     name: dateutils | ||||
|     state: latest | ||||
|  | ||||
| - name: Ensure dateutils, curl and jq intalled on target machine | ||||
|   apt: | ||||
|     pkg: | ||||
|     - curl | ||||
|     - jq | ||||
|     state: present | ||||
|  | ||||
| - name: Include vars in matrix_vars.yml | ||||
|   include_vars: | ||||
|     file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' | ||||
|   no_log: True | ||||
|  | ||||
| - name: Collect before shrink size of Synapse database | ||||
|   shell: du -sh /matrix/postgres/data | ||||
|   register: db_size_before_stat | ||||
|   when: (purge_mode.find("Perform final shrink") != -1) | ||||
|   no_log: True | ||||
|  | ||||
| - name: Collect the internal IP of the matrix-synapse container | ||||
|   shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse" | ||||
|   when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) | ||||
|   register: synapse_container_ip | ||||
|  | ||||
| - name: Collect access token for janitor user | ||||
|   shell: | | ||||
|     curl -X POST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ matrix_awx_janitor_user_password }}"}' "{{ synapse_container_ip.stdout }}:8008/_matrix/client/r0/login" | jq '.access_token' | ||||
|   when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) | ||||
|   register: janitors_token | ||||
|   no_log: True | ||||
|  | ||||
| - name: Copy build_room_list.py script to target machine | ||||
|   copy: | ||||
|     src: ./roles/matrix-awx/scripts/matrix_build_room_list.py | ||||
|     dest: /usr/local/bin/matrix_build_room_list.py | ||||
|     owner: matrix | ||||
|     group: matrix | ||||
|     mode: '0755' | ||||
|   when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) | ||||
|  | ||||
| - name: Run build_room_list.py script | ||||
|   shell: | | ||||
|     runuser -u matrix -- python3 /usr/local/bin/matrix_build_room_list.py {{ janitors_token.stdout[1:-1] }} {{ synapse_container_ip.stdout }} | ||||
|   register: rooms_total | ||||
|   when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) | ||||
|  | ||||
| - name: Fetch complete room list from target machine | ||||
|   fetch: | ||||
|     src: /tmp/room_list_complete.json | ||||
|     dest: "/tmp/{{ subscription_id }}_room_list_complete.json" | ||||
|     flat: yes | ||||
|   when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) | ||||
|  | ||||
| - name: Remove complete room list from target machine | ||||
|   file: | ||||
|     path: /tmp/room_list_complete.json | ||||
|     state: absent | ||||
|   when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) | ||||
|  | ||||
| - name: Generate list of rooms with no local users | ||||
|   delegate_to: 127.0.0.1 | ||||
|   shell: | | ||||
|     jq 'try .rooms[] | select(.joined_local_members == 0) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_no_local_users.txt | ||||
|   when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) | ||||
|    | ||||
| - name: Count number of rooms with no local users | ||||
|   delegate_to: 127.0.0.1 | ||||
|   shell: | | ||||
|     wc -l /tmp/{{ subscription_id }}_room_list_no_local_users.txt | awk '{ print $1 }' | ||||
|   register: rooms_no_local_total | ||||
|   when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) | ||||
|  | ||||
| - name: Setting host fact room_list_no_local_users | ||||
|   set_fact: | ||||
|     room_list_no_local_users: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_no_local_users.txt') }}" | ||||
|   no_log: True | ||||
|   when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) | ||||
|  | ||||
| - name: Purge all rooms with no local users | ||||
|   include_tasks: purge_database_no_local.yml  | ||||
|   loop: "{{ room_list_no_local_users.splitlines() | flatten(levels=1) }}" | ||||
|   when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) | ||||
|  | ||||
| - name: Collect epoche time from date | ||||
|   delegate_to: 127.0.0.1 | ||||
|   shell: | | ||||
|     date -d '{{ purge_date }}' +"%s" | ||||
|   when: (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) | ||||
|   register: purge_epoche_time | ||||
|  | ||||
| - name: Generate list of rooms with more then N users | ||||
|   delegate_to: 127.0.0.1 | ||||
|   shell: | | ||||
|     jq 'try .rooms[] | select(.joined_members > {{ purge_metric_value }}) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_joined_members.txt | ||||
|   when: purge_mode.find("Number of users [slower]") != -1 | ||||
|  | ||||
| - name: Count number of rooms with more then N users | ||||
|   delegate_to: 127.0.0.1 | ||||
|   shell: | | ||||
|     wc -l /tmp/{{ subscription_id }}_room_list_joined_members.txt | awk '{ print $1 }' | ||||
|   register: rooms_join_members_total | ||||
|   when: purge_mode.find("Number of users [slower]") != -1 | ||||
|  | ||||
| - name: Setting host fact room_list_joined_members | ||||
|   delegate_to: 127.0.0.1 | ||||
|   set_fact: | ||||
|     room_list_joined_members: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_joined_members.txt') }}" | ||||
|   when: purge_mode.find("Number of users [slower]") != -1 | ||||
|   no_log: True | ||||
|  | ||||
| - name: Purge all rooms with more then N users | ||||
|   include_tasks: purge_database_users.yml  | ||||
|   loop: "{{ room_list_joined_members.splitlines() | flatten(levels=1) }}" | ||||
|   when: purge_mode.find("Number of users [slower]") != -1 | ||||
|  | ||||
| - name: Generate list of rooms with more then N events | ||||
|   delegate_to: 127.0.0.1 | ||||
|   shell: | | ||||
|     jq 'try .rooms[] | select(.state_events > {{ purge_metric_value }}) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_state_events.txt | ||||
|   when: purge_mode.find("Number of events [slower]") != -1 | ||||
|  | ||||
| - name: Count number of rooms with more then N events | ||||
|   delegate_to: 127.0.0.1 | ||||
|   shell: | | ||||
|     wc -l /tmp/{{ subscription_id }}_room_list_state_events.txt | awk '{ print $1 }' | ||||
|   register: rooms_state_events_total | ||||
|   when: purge_mode.find("Number of events [slower]") != -1 | ||||
|  | ||||
| - name: Setting host fact room_list_state_events | ||||
|   delegate_to: 127.0.0.1 | ||||
|   set_fact: | ||||
|     room_list_state_events: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_state_events.txt') }}" | ||||
|   when: purge_mode.find("Number of events [slower]") != -1 | ||||
|   no_log: True | ||||
|  | ||||
| - name: Purge all rooms with more then N events | ||||
|   include_tasks: purge_database_events.yml  | ||||
|   loop: "{{ room_list_state_events.splitlines() | flatten(levels=1) }}" | ||||
|   when: purge_mode.find("Number of events [slower]") != -1 | ||||
|  | ||||
| - name: Collect AWX admin token the hard way! | ||||
|   delegate_to: 127.0.0.1 | ||||
|   shell: | | ||||
|       curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' | ||||
|   register: tower_token | ||||
|   no_log: True | ||||
|  | ||||
| - name: Adjust 'Deploy/Update a Server' job template | ||||
|   delegate_to: 127.0.0.1 | ||||
|   awx.awx.tower_job_template: | ||||
|     name: "{{ matrix_domain }} - 0 - Deploy/Update a Server" | ||||
|     description: "Creates a new matrix service with Spantaleev's playbooks" | ||||
|     extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" | ||||
|     job_type: run | ||||
|     job_tags: "rust-synapse-compress-state" | ||||
|     inventory: "{{ member_id }}" | ||||
|     project: "{{ member_id }} - Matrix Docker Ansible Deploy" | ||||
|     playbook: setup.yml | ||||
|     credential: "{{ member_id }} - AWX SSH Key" | ||||
|     state: present | ||||
|     verbosity: 1 | ||||
|     tower_host: "https://{{ tower_host }}" | ||||
|     tower_oauthtoken: "{{ tower_token.stdout }}" | ||||
|     validate_certs: yes | ||||
|   when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) or (purge_mode.find("Skip purging rooms [faster]") != -1) | ||||
|  | ||||
| - name: Execute rust-synapse-compress-state job template | ||||
|   delegate_to: 127.0.0.1 | ||||
|   awx.awx.tower_job_launch: | ||||
|     job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server" | ||||
|     wait: yes | ||||
|     tower_host: "https://{{ tower_host }}" | ||||
|     tower_oauthtoken: "{{ tower_token.stdout }}" | ||||
|     validate_certs: yes  | ||||
|   when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) or (purge_mode.find("Skip purging rooms [faster]") != -1) | ||||
|  | ||||
| - name: Revert 'Deploy/Update a Server' job template | ||||
|   delegate_to: 127.0.0.1 | ||||
|   awx.awx.tower_job_template: | ||||
|     name: "{{ matrix_domain }} - 0 - Deploy/Update a Server" | ||||
|     description: "Creates a new matrix service with Spantaleev's playbooks" | ||||
|     extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" | ||||
|     job_type: run | ||||
|     job_tags: "setup-all,start" | ||||
|     inventory: "{{ member_id }}" | ||||
|     project: "{{ member_id }} - Matrix Docker Ansible Deploy" | ||||
|     playbook: setup.yml | ||||
|     credential: "{{ member_id }} - AWX SSH Key" | ||||
|     state: present | ||||
|     verbosity: 1 | ||||
|     tower_host: "https://{{ tower_host }}" | ||||
|     tower_oauthtoken: "{{ tower_token.stdout }}" | ||||
|     validate_certs: yes | ||||
|   when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) or (purge_mode.find("Skip purging rooms [faster]") != -1) | ||||
|  | ||||
| - name: Ensure matrix-synapse is stopped | ||||
|   service: | ||||
|     name: matrix-synapse | ||||
|     state: stopped | ||||
|     daemon_reload: yes | ||||
|   when: (purge_mode.find("Perform final shrink") != -1) | ||||
|  | ||||
| - name: Re-index Synapse database | ||||
|   shell: docker exec -i matrix-postgres psql "host=127.0.0.1 port=5432 dbname=synapse user=synapse password={{ matrix_synapse_connection_password }}" -c 'REINDEX (VERBOSE) DATABASE synapse' | ||||
|   when: (purge_mode.find("Perform final shrink") != -1) | ||||
|  | ||||
| - name: Ensure matrix-synapse is started | ||||
|   service: | ||||
|     name: matrix-synapse | ||||
|     state: started | ||||
|     daemon_reload: yes | ||||
|   when: (purge_mode.find("Perform final shrink") != -1) | ||||
|  | ||||
| - name: Adjust 'Deploy/Update a Server' job template | ||||
|   delegate_to: 127.0.0.1 | ||||
|   awx.awx.tower_job_template: | ||||
|     name: "{{ matrix_domain }} - 0 - Deploy/Update a Server" | ||||
|     description: "Creates a new matrix service with Spantaleev's playbooks" | ||||
|     extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" | ||||
|     job_type: run | ||||
|     job_tags: "run-postgres-vacuum,start" | ||||
|     inventory: "{{ member_id }}" | ||||
|     project: "{{ member_id }} - Matrix Docker Ansible Deploy" | ||||
|     playbook: setup.yml | ||||
|     credential: "{{ member_id }} - AWX SSH Key" | ||||
|     state: present | ||||
|     verbosity: 1 | ||||
|     tower_host: "https://{{ tower_host }}" | ||||
|     tower_oauthtoken: "{{ tower_token.stdout }}" | ||||
|     validate_certs: yes | ||||
|   when: (purge_mode.find("Perform final shrink") != -1) | ||||
|  | ||||
| - name: Execute run-postgres-vacuum job template | ||||
|   delegate_to: 127.0.0.1 | ||||
|   awx.awx.tower_job_launch: | ||||
|     job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server" | ||||
|     wait: yes | ||||
|     tower_host: "https://{{ tower_host }}" | ||||
|     tower_oauthtoken: "{{ tower_token.stdout }}" | ||||
|     validate_certs: yes  | ||||
|   when: (purge_mode.find("Perform final shrink") != -1) | ||||
|  | ||||
| - name: Revert 'Deploy/Update a Server' job template | ||||
|   delegate_to: 127.0.0.1 | ||||
|   awx.awx.tower_job_template: | ||||
|     name: "{{ matrix_domain }} - 0 - Deploy/Update a Server" | ||||
|     description: "Creates a new matrix service with Spantaleev's playbooks" | ||||
|     extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" | ||||
|     job_type: run | ||||
|     job_tags: "setup-all,start" | ||||
|     inventory: "{{ member_id }}" | ||||
|     project: "{{ member_id }} - Matrix Docker Ansible Deploy" | ||||
|     playbook: setup.yml | ||||
|     credential: "{{ member_id }} - AWX SSH Key" | ||||
|     state: present | ||||
|     verbosity: 1 | ||||
|     tower_host: "https://{{ tower_host }}" | ||||
|     tower_oauthtoken: "{{ tower_token.stdout }}" | ||||
|     validate_certs: yes | ||||
|   when: (purge_mode.find("Perform final shrink") != -1) | ||||
|  | ||||
| - name: Cleanup room_list files | ||||
|   delegate_to: 127.0.0.1 | ||||
|   shell: | | ||||
|     rm /tmp/{{ subscription_id }}_room_list* | ||||
|   when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) | ||||
|   ignore_errors: yes | ||||
|  | ||||
| - name: Collect after shrink size of Synapse database | ||||
|   shell: du -sh /matrix/postgres/data | ||||
|   register: db_size_after_stat | ||||
|   when: (purge_mode.find("Perform final shrink") != -1) | ||||
|   no_log: True | ||||
|  | ||||
| - name: Print total number of rooms processed  | ||||
|   debug: | ||||
|     msg: '{{ rooms_total.stdout }}' | ||||
|   when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) | ||||
|  | ||||
| - name: Print the number of rooms purged with no local users | ||||
|   debug: | ||||
|     msg: '{{ rooms_no_local_total.stdout }}' | ||||
|   when: (purge_mode.find("No local users [recommended]") != -1) or (purge_mode.find("Number of users [slower]") != -1) or (purge_mode.find("Number of events [slower]") != -1) | ||||
|  | ||||
| - name: Print the number of rooms purged with more then N users | ||||
|   debug: | ||||
|     msg: '{{ rooms_join_members_total.stdout }}' | ||||
|   when: purge_mode.find("Number of users") != -1 | ||||
|  | ||||
| - name: Print the number of rooms purged with more then N events | ||||
|   debug: | ||||
|     msg: '{{ rooms_state_events_total.stdout }}' | ||||
|   when: purge_mode.find("Number of events") != -1 | ||||
|  | ||||
| - name: Print before purge size of Synapse database | ||||
|   debug: | ||||
|     msg: "{{ db_size_before_stat.stdout.split('\n') }}" | ||||
|   when: (db_size_before_stat is defined) and (purge_mode.find("Perform final shrink") != -1) | ||||
|  | ||||
| - name: Print after purge size of Synapse database | ||||
|   debug: | ||||
|     msg: "{{ db_size_after_stat.stdout.split('\n') }}" | ||||
|   when: (db_size_after_stat is defined) and (purge_mode.find("Perform final shrink") != -1) | ||||
|  | ||||
| - name: Set boolean value to exit playbook | ||||
|   set_fact: | ||||
|     end_playbook: true | ||||
|  | ||||
| - name: End playbook early if this task is called. | ||||
|   meta: end_play | ||||
|   when: end_playbook is defined and end_playbook|bool | ||||
							
								
								
									
										13
									
								
								roles/matrix-awx/tasks/purge_database_no_local.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										13
									
								
								roles/matrix-awx/tasks/purge_database_no_local.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,13 @@ | ||||
|  | ||||
| - name: Purge all rooms with no local users | ||||
|   shell: | | ||||
|     curl --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "room_id": {{ item }} }' '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_room' | ||||
|   register: purge_command | ||||
|    | ||||
| - name: Print output of purge command | ||||
|   debug:  | ||||
|     msg: "{{ purge_command.stdout }}" | ||||
|  | ||||
| - name: Pause for 5 seconds to let Synapse breathe | ||||
|   pause: | ||||
|     seconds: 5 | ||||
							
								
								
									
										13
									
								
								roles/matrix-awx/tasks/purge_database_users.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										13
									
								
								roles/matrix-awx/tasks/purge_database_users.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,13 @@ | ||||
|  | ||||
| - name: Purge all rooms with more then N users | ||||
|   shell: | | ||||
|     curl --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ purge_epoche_time.stdout }}000 }' "{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_history/{{ item[1:-1] }}" | ||||
|   register: purge_command | ||||
|    | ||||
| - name: Print output of purge command | ||||
|   debug:  | ||||
|     msg: "{{ purge_command.stdout }}" | ||||
|  | ||||
| - name: Pause for 5 seconds to let Synapse breathe | ||||
|   pause: | ||||
|     seconds: 5 | ||||
							
								
								
									
										18
									
								
								roles/matrix-awx/tasks/purge_media_local.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										18
									
								
								roles/matrix-awx/tasks/purge_media_local.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,18 @@ | ||||
|  | ||||
| - name: Collect epoche time from date | ||||
|   shell: | | ||||
|     date -d '{{ item }}' +"%s" | ||||
|   register: epoche_time | ||||
|  | ||||
| - name: Purge local media to specific date | ||||
|   shell: | | ||||
|     curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ epoche_time.stdout }}000' | ||||
|   register: purge_command | ||||
|    | ||||
| - name: Print output of purge command | ||||
|   debug:  | ||||
|     msg: "{{ purge_command.stdout }}" | ||||
|  | ||||
| - name: Pause for 5 seconds to let Synapse breathe | ||||
|   pause: | ||||
|     seconds: 5 | ||||
							
								
								
									
										99
									
								
								roles/matrix-awx/tasks/purge_media_main.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										99
									
								
								roles/matrix-awx/tasks/purge_media_main.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,99 @@ | ||||
|  | ||||
| - name: Ensure dateutils and curl is installed in AWX | ||||
|   delegate_to: 127.0.0.1 | ||||
|   yum: | ||||
|     name: dateutils | ||||
|     state: latest | ||||
|  | ||||
| - name: Include vars in matrix_vars.yml | ||||
|   include_vars: | ||||
|     file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' | ||||
|   no_log: True | ||||
|    | ||||
| - name: Ensure curl and jq intalled on target machine | ||||
|   apt: | ||||
|     pkg: | ||||
|     - curl | ||||
|     - jq | ||||
|     state: present | ||||
|  | ||||
| - name: Collect the internal IP of the matrix-synapse container | ||||
|   shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse" | ||||
|   register: synapse_container_ip | ||||
|  | ||||
| - name: Collect access token for janitor user | ||||
|   shell: | | ||||
|     curl -XPOST -d '{"type":"m.login.password", "user":"janitor", "password":"{{ matrix_awx_janitor_user_password }}"}' "{{ synapse_container_ip.stdout }}:8008/_matrix/client/r0/login" | jq '.access_token' | ||||
|   register: janitors_token | ||||
|   no_log: True | ||||
|  | ||||
| - name: Generate list of dates to purge to | ||||
|   delegate_to: 127.0.0.1 | ||||
|   shell: "dateseq {{ matrix_purge_from_date }} {{ matrix_purge_to_date }}" | ||||
|   register: purge_dates | ||||
|      | ||||
| - name: Calculate initial size of local media repository | ||||
|   shell: du -sh /matrix/synapse/storage/media-store/local* | ||||
|   register: local_media_size_before | ||||
|   when: matrix_purge_media_type == "Local Media" | ||||
|   ignore_errors: yes | ||||
|   no_log: True | ||||
|  | ||||
| - name: Calculate initial size of remote media repository | ||||
|   shell: du -sh /matrix/synapse/storage/media-store/remote* | ||||
|   register: remote_media_size_before | ||||
|   when: matrix_purge_media_type == "Remote Media" | ||||
|   ignore_errors: yes | ||||
|   no_log: True | ||||
|  | ||||
| - name: Purge local media with loop | ||||
|   include_tasks: purge_media_local.yml  | ||||
|   loop: "{{ purge_dates.stdout_lines | flatten(levels=1) }}" | ||||
|   when: matrix_purge_media_type == "Local Media" | ||||
|  | ||||
| - name: Purge remote media with loop | ||||
|   include_tasks: purge_media_remote.yml  | ||||
|   loop: "{{ purge_dates.stdout_lines | flatten(levels=1) }}" | ||||
|   when: matrix_purge_media_type == "Remote Media" | ||||
|  | ||||
| - name: Calculate final size of local media repository | ||||
|   shell: du -sh /matrix/synapse/storage/media-store/local* | ||||
|   register: local_media_size_after | ||||
|   when: matrix_purge_media_type == "Local Media" | ||||
|   ignore_errors: yes | ||||
|   no_log: True | ||||
|  | ||||
| - name: Calculate final size of remote media repository | ||||
|   shell: du -sh /matrix/synapse/storage/media-store/remote* | ||||
|   register: remote_media_size_after | ||||
|   when: matrix_purge_media_type == "Remote Media" | ||||
|   ignore_errors: yes | ||||
|   no_log: True | ||||
|  | ||||
| - name: Print size of local media repository before purge | ||||
|   debug: | ||||
|     msg: "{{ local_media_size_before.stdout.split('\n') }}" | ||||
|   when: matrix_purge_media_type == "Local Media" | ||||
|  | ||||
| - name: Print size of local media repository after purge | ||||
|   debug: | ||||
|     msg: "{{ local_media_size_after.stdout.split('\n') }}" | ||||
|   when: matrix_purge_media_type == "Local Media" | ||||
|  | ||||
| - name: Print size of remote media repository before purge | ||||
|   debug: | ||||
|     msg: "{{ remote_media_size_before.stdout.split('\n') }}" | ||||
|   when: matrix_purge_media_type == "Remote Media" | ||||
|  | ||||
| - name: Print size of remote media repository after purge | ||||
|   debug: | ||||
|     msg: "{{ remote_media_size_after.stdout.split('\n') }}" | ||||
|   when: matrix_purge_media_type == "Remote Media" | ||||
|  | ||||
| - name: Set boolean value to exit playbook | ||||
|   set_fact: | ||||
|     end_playbook: true | ||||
|  | ||||
| - name: End playbook early if this task is called. | ||||
|   meta: end_play | ||||
|   when: end_playbook is defined and end_playbook|bool | ||||
							
								
								
									
										18
									
								
								roles/matrix-awx/tasks/purge_media_remote.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										18
									
								
								roles/matrix-awx/tasks/purge_media_remote.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,18 @@ | ||||
|  | ||||
| - name: Collect epoche time from date | ||||
|   shell: | | ||||
|     date -d '{{ item }}' +"%s" | ||||
|   register: epoche_time | ||||
|  | ||||
| - name: Purge remote media to specific date | ||||
|   shell: | | ||||
|     curl -X POST --header "Authorization: Bearer {{ janitors_token.stdout[1:-1] }}" '{{ synapse_container_ip.stdout }}:8008/_synapse/admin/v1/purge_media_cache?before_ts={{ epoche_time.stdout }}000' | ||||
|   register: purge_command | ||||
|    | ||||
| - name: Print output of purge command | ||||
|   debug:  | ||||
|     msg: "{{ purge_command.stdout }}" | ||||
|  | ||||
| - name: Pause for 5 seconds to let Synapse breathe | ||||
|   pause: | ||||
|     seconds: 5 | ||||
							
								
								
									
										8
									
								
								roles/matrix-awx/tasks/rename_variables.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										8
									
								
								roles/matrix-awx/tasks/rename_variables.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,8 @@ | ||||
|  | ||||
| - name: Rename synapse presence variable | ||||
|   delegate_to: 127.0.0.1 | ||||
|   replace: | ||||
|     path: "/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml" | ||||
|     regexp: 'matrix_synapse_use_presence' | ||||
|     replace: 'matrix_synapse_presence_enabled' | ||||
|  | ||||
							
								
								
									
										105
									
								
								roles/matrix-awx/tasks/self_check.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										105
									
								
								roles/matrix-awx/tasks/self_check.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,105 @@ | ||||
|  | ||||
| - name: Install prerequisite apt packages on target | ||||
|   apt: | ||||
|     name: | ||||
|       - sysstat | ||||
|       - curl | ||||
|     state: present | ||||
|  | ||||
| - name: Install prerequisite yum packages on AWX | ||||
|   delegate_to: 127.0.0.1 | ||||
|   yum: | ||||
|     name: | ||||
|       - bind-utils | ||||
|     state: present | ||||
|  | ||||
| - name: Install prerequisite pip packages on AWX | ||||
|   delegate_to: 127.0.0.1 | ||||
|   pip: | ||||
|     name: | ||||
|       - dnspython | ||||
|     state: present | ||||
|  | ||||
| - name: Calculate MAU value | ||||
|   shell: | | ||||
|     curl -s localhost:9000 | grep "^synapse_admin_mau_current " | ||||
|   register: mau_stat | ||||
|   no_log: True | ||||
|  | ||||
| - name: Print MAU value | ||||
|   debug: | ||||
|     msg: "{{ mau_stat.stdout.split('\n') }}" | ||||
|   when: mau_stat is defined | ||||
|  | ||||
| - name: Calculate CPU usage statistics | ||||
|   shell: iostat -c | ||||
|   register: cpu_usage_stat | ||||
|   no_log: True | ||||
|  | ||||
| - name: Print CPU usage statistics | ||||
|   debug: | ||||
|     msg: "{{ cpu_usage_stat.stdout.split('\n') }}" | ||||
|   when: cpu_usage_stat is defined | ||||
|  | ||||
| - name: Calculate RAM usage statistics | ||||
|   shell: free -mh | ||||
|   register: ram_usage_stat | ||||
|   no_log: True | ||||
|  | ||||
| - name: Print RAM usage statistics | ||||
|   debug: | ||||
|     msg: "{{ ram_usage_stat.stdout.split('\n') }}" | ||||
|   when: ram_usage_stat is defined | ||||
|  | ||||
| - name: Calculate free disk space | ||||
|   shell: df -h | ||||
|   register: disk_space_stat | ||||
|   no_log: True | ||||
|  | ||||
| - name: Print free disk space | ||||
|   debug: | ||||
|     msg: "{{ disk_space_stat.stdout.split('\n') }}" | ||||
|   when: disk_space_stat is defined | ||||
|  | ||||
| - name: Calculate size of Synapse database | ||||
|   shell: du -sh /matrix/postgres/data | ||||
|   register: db_size_stat | ||||
|   no_log: True | ||||
|  | ||||
| - name: Print size of Synapse database | ||||
|   debug: | ||||
|     msg: "{{ db_size_stat.stdout.split('\n') }}" | ||||
|   when: db_size_stat is defined | ||||
|  | ||||
| - name: Calculate size of local media repository | ||||
|   shell: du -sh /matrix/synapse/storage/media-store/local* | ||||
|   register: local_media_size_stat | ||||
|   ignore_errors: yes | ||||
|   no_log: True | ||||
|  | ||||
| - name: Print size of local media repository | ||||
|   debug: | ||||
|     msg: "{{ local_media_size_stat.stdout.split('\n') }}" | ||||
|   when: local_media_size_stat is defined | ||||
|  | ||||
| - name: Calculate size of remote media repository | ||||
|   shell: du -sh /matrix/synapse/storage/media-store/remote* | ||||
|   register: remote_media_size_stat | ||||
|   ignore_errors: yes | ||||
|   no_log: True | ||||
|  | ||||
| - name: Print size of remote media repository | ||||
|   debug: | ||||
|     msg: "{{ remote_media_size_stat.stdout.split('\n') }}" | ||||
|   when: remote_media_size_stat is defined | ||||
|  | ||||
| - name: Calculate docker container statistics | ||||
|   shell: docker stats --all --no-stream | ||||
|   register: docker_stats | ||||
|   ignore_errors: yes | ||||
|   no_log: True | ||||
|  | ||||
| - name: Print docker container statistics | ||||
|   debug: | ||||
|     msg: "{{ docker_stats.stdout.split('\n') }}" | ||||
|   when: docker_stats is defined | ||||
							
								
								
									
										247
									
								
								roles/matrix-awx/tasks/set_variables_corporal.yml
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										247
									
								
								roles/matrix-awx/tasks/set_variables_corporal.yml
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,247 @@ | ||||
|  | ||||
| - name: Record Corporal Enabled/Disabled variable | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: "^#? *{{ item.key | regex_escape() }}:" | ||||
|     line: "{{ item.key }}: {{ item.value }}" | ||||
|     insertafter: '# Corporal Settings Start' | ||||
|   with_dict: | ||||
|     'matrix_corporal_enabled': '{{ matrix_corporal_enabled }}' | ||||
|  | ||||
| - name: Enable Shared Secret Auth if Corporal enabled | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: "^#? *{{ item.key | regex_escape() }}:" | ||||
|     line: "{{ item.key }}: {{ item.value }}" | ||||
|     insertafter: '# Shared Secret Auth Settings Start' | ||||
|   with_dict: | ||||
|     'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'true' | ||||
|   when: matrix_corporal_enabled|bool | ||||
|  | ||||
| - name: Disable Shared Secret Auth if Corporal disabled | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: "^#? *{{ item.key | regex_escape() }}:" | ||||
|     line: "{{ item.key }}: {{ item.value }}" | ||||
|     insertafter: '# Shared Secret Auth Settings Start' | ||||
|   with_dict: | ||||
|     'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'false' | ||||
|   when: not matrix_corporal_enabled|bool | ||||
|  | ||||
| - name: Enable Rest Auth Endpoint if Corporal enabled | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: "^#? *{{ item.key | regex_escape() }}:" | ||||
|     line: "{{ item.key }}: {{ item.value }}" | ||||
|     insertafter: '# Synapse Extension Start' | ||||
|   with_dict: | ||||
|     'matrix_synapse_ext_password_provider_rest_auth_enabled': 'true' | ||||
|   when: matrix_corporal_enabled|bool | ||||
|  | ||||
| - name: Disable Rest Auth Endpoint if Corporal disabled | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: "^#? *{{ item.key | regex_escape() }}:" | ||||
|     line: "{{ item.key }}: {{ item.value }}" | ||||
|     insertafter: '# Synapse Extension Start' | ||||
|   with_dict: | ||||
|     'matrix_synapse_ext_password_provider_rest_auth_enabled': 'false' | ||||
|   when: not matrix_corporal_enabled|bool | ||||
|  | ||||
| - name: Disable Corporal API if Simple Static File mode selected | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: "^#? *{{ item.key | regex_escape() }}:" | ||||
|     line: "{{ item.key }}: {{ item.value }}" | ||||
|     insertafter: '# Corporal Settings Start' | ||||
|   with_dict: | ||||
|     'matrix_corporal_http_api_enabled': 'false' | ||||
|   when: (matrix_corporal_policy_provider_mode == "Simple Static File") or (not matrix_corporal_enabled|bool) | ||||
|  | ||||
| - name: Enable Corporal API if Push/Pull mode delected | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: "^#? *{{ item.key | regex_escape() }}:" | ||||
|     line: "{{ item.key }}: {{ item.value }}" | ||||
|     insertafter: '# Corporal Settings Start' | ||||
|   with_dict: | ||||
|     'matrix_corporal_http_api_enabled': 'true' | ||||
|   when: (matrix_corporal_policy_provider_mode != "Simple Static File") and (matrix_corporal_enabled|bool) | ||||
|  | ||||
| - name: Record Corporal API Access Token if it's defined | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: "^#? *{{ item.key | regex_escape() }}:" | ||||
|     line: "{{ item.key }}: {{ item.value }}" | ||||
|     insertafter: '# Corporal Settings Start' | ||||
|   with_dict: | ||||
|     'matrix_corporal_http_api_auth_token': '{{ matrix_corporal_http_api_auth_token }}' | ||||
|   when: matrix_corporal_http_api_auth_token|length > 0 | ||||
|  | ||||
| - name: Record 'Simple Static File' configuration variables in matrix_vars.yml | ||||
|   delegate_to: 127.0.0.1 | ||||
|   blockinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     insertafter: "# Corporal Policy Provider Settings Start" | ||||
|     block: | | ||||
|       matrix_corporal_policy_provider_config: | | ||||
|         { | ||||
|           "Type": "static_file", | ||||
|           "Path": "/etc/matrix-corporal/corporal-policy.json" | ||||
|         } | ||||
|   when: matrix_corporal_policy_provider_mode == "Simple Static File" | ||||
|  | ||||
| - name: Touch the /matrix/corporal/ directory | ||||
|   file: | ||||
|     path: "/matrix/corporal/" | ||||
|     state: directory | ||||
|     owner: matrix | ||||
|     group: matrix | ||||
|     mode: '750' | ||||
|  | ||||
| - name: Touch the /matrix/corporal/config/ directory | ||||
|   file: | ||||
|     path: "/matrix/corporal/config/" | ||||
|     state: directory | ||||
|     owner: matrix | ||||
|     group: matrix | ||||
|     mode: '750' | ||||
|  | ||||
| - name: Touch the /matrix/corporal/cache/ directory | ||||
|   file: | ||||
|     path: "/matrix/corporal/cache/" | ||||
|     state: directory | ||||
|     owner: matrix | ||||
|     group: matrix | ||||
|     mode: '750' | ||||
|  | ||||
| - name: Touch the corporal-policy.json file to ensure it exists | ||||
|   file: | ||||
|     path: "/matrix/corporal/config/corporal-policy.json" | ||||
|     state: touch | ||||
|     owner: matrix | ||||
|     group: matrix | ||||
|     mode: '660' | ||||
|  | ||||
| - name: Touch the last-policy.json file to ensure it exists | ||||
|   file: | ||||
|     path: "/matrix/corporal/config/last-policy.json" | ||||
|     state: touch | ||||
|     owner: matrix | ||||
|     group: matrix | ||||
|     mode: '660' | ||||
|  | ||||
| - name: Record 'Simple Static File' configuration content in corporal-policy.json | ||||
|   copy: | ||||
|     content: "{{ matrix_corporal_simple_static_config | string  }}" | ||||
|     dest: "/matrix/corporal/config/corporal-policy.json" | ||||
|     owner: matrix | ||||
|     group: matrix | ||||
|     mode: '660' | ||||
|   when: (matrix_corporal_policy_provider_mode == "Simple Static File") and (matrix_corporal_simple_static_config|length > 0) | ||||
|  | ||||
| - name: Record 'HTTP Pull Mode' configuration variables in matrix_vars.yml | ||||
|   delegate_to: 127.0.0.1 | ||||
|   blockinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     insertafter: "# Corporal Policy Provider Settings Start" | ||||
|     block: | | ||||
|       matrix_corporal_policy_provider_config: | | ||||
|         { | ||||
|           "Type": "http", | ||||
|           "Uri": "{{ matrix_corporal_pull_mode_uri }}", | ||||
|           "AuthorizationBearerToken": "{{ matrix_corporal_pull_mode_token }}", | ||||
|           "CachePath": "/var/cache/matrix-corporal/last-policy.json", | ||||
|           "ReloadIntervalSeconds": 1800, | ||||
|           "TimeoutMilliseconds": 30000 | ||||
|         } | ||||
|   when: (matrix_corporal_policy_provider_mode == "HTTP Pull Mode (API Enabled)") and (matrix_corporal_pull_mode_uri|length > 0) and (matrix_corporal_pull_mode_token|length > 0) | ||||
|  | ||||
| - name: Record 'HTTP Push Mode' configuration variables in matrix_vars.yml | ||||
|   delegate_to: 127.0.0.1 | ||||
|   blockinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     insertafter: "# Corporal Policy Provider Settings Start" | ||||
|     block: | | ||||
|       matrix_corporal_policy_provider_config: | | ||||
|         { | ||||
|           "Type": "last_seen_store_policy", | ||||
|           "CachePath": "/var/cache/matrix-corporal/last-policy.json" | ||||
|         } | ||||
|   when: (matrix_corporal_policy_provider_mode == "HTTP Push Mode (API Enabled)") | ||||
|  | ||||
| - name: Lower RateLimit if set to 'Normal' | ||||
|   delegate_to: 127.0.0.1 | ||||
|   replace: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: '    address:\n        per_second: 50\n        burst_count: 300\n    account:\n        per_second: 0.17\n        burst_count: 300' | ||||
|     replace: '    address:\n        per_second: 0.17\n        burst_count: 3\n    account:\n        per_second: 0.17\n        burst_count: 3' | ||||
|   when: matrix_corporal_raise_ratelimits == "Normal" | ||||
|  | ||||
| - name: Raise RateLimit if set to 'Raised' | ||||
|   delegate_to: 127.0.0.1 | ||||
|   replace: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: '    address:\n        per_second: 0.17\n        burst_count: 3\n    account:\n        per_second: 0.17\n        burst_count: 3' | ||||
|     replace: '    address:\n        per_second: 50\n        burst_count: 300\n    account:\n        per_second: 0.17\n        burst_count: 300' | ||||
|   when: matrix_corporal_raise_ratelimits == "Raised" | ||||
|  | ||||
| - name: Save new 'Configure Corporal' survey.json to the AWX tower | ||||
|   delegate_to: 127.0.0.1 | ||||
|   template: | ||||
|     src: 'roles/matrix-awx/surveys/configure_corporal.json.j2' | ||||
|     dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json' | ||||
|  | ||||
| - name: Copy new 'Configure Corporal' survey.json to target machine | ||||
|   copy: | ||||
|     src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json' | ||||
|     dest: '/matrix/awx/configure_corporal.json' | ||||
|     mode: '0660' | ||||
|  | ||||
| - debug: | ||||
|     msg: "matrix_corporal_matrix_homeserver_api_endpoint: {{ matrix_corporal_matrix_homeserver_api_endpoint }}" | ||||
|  | ||||
| - debug: | ||||
|     msg: "matrix_corporal_matrix_auth_shared_secret: {{ matrix_corporal_matrix_auth_shared_secret }}" | ||||
|  | ||||
| - debug: | ||||
|     msg: "matrix_corporal_http_gateway_internal_rest_auth_enabled: {{ matrix_corporal_http_gateway_internal_rest_auth_enabled }}" | ||||
|  | ||||
| - debug: | ||||
|     msg: "matrix_corporal_matrix_registration_shared_secret: {{ matrix_corporal_matrix_registration_shared_secret }}" | ||||
|  | ||||
| - name: Collect AWX admin token the hard way! | ||||
|   delegate_to: 127.0.0.1 | ||||
|   shell: | | ||||
|       curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' | ||||
|   register: tower_token | ||||
|   no_log: True | ||||
|  | ||||
| - name: Recreate 'Configure Corporal (Advanced)' job template | ||||
|   delegate_to: 127.0.0.1 | ||||
|   awx.awx.tower_job_template: | ||||
|     name: "{{ matrix_domain }} - 1 - Configure Corporal (Advanced)" | ||||
|     description: "Configure Matrix Corporal, a tool that manages your Matrix server according to a configuration policy." | ||||
|     extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" | ||||
|     job_type: run | ||||
|     job_tags: "start,setup-corporal" | ||||
|     inventory: "{{ member_id }}" | ||||
|     project: "{{ member_id }} - Matrix Docker Ansible Deploy" | ||||
|     playbook: setup.yml | ||||
|     credential: "{{ member_id }} - AWX SSH Key" | ||||
|     survey_enabled: true | ||||
|     survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json') }}" | ||||
|     become_enabled: yes | ||||
|     state: present | ||||
|     verbosity: 1 | ||||
|     tower_host: "https://{{ tower_host }}" | ||||
|     tower_oauthtoken: "{{ tower_token.stdout }}" | ||||
|     validate_certs: yes | ||||
							
								
								
									
										111
									
								
								roles/matrix-awx/tasks/set_variables_dimension.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										111
									
								
								roles/matrix-awx/tasks/set_variables_dimension.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,111 @@ | ||||
|  | ||||
| - name: Include vars in matrix_vars.yml | ||||
|   include_vars: | ||||
|     file: '{{ awx_cached_matrix_vars }}' | ||||
|   no_log: True | ||||
|  | ||||
| - name: Install jq and curl on remote machine | ||||
|   apt: | ||||
|     name:  | ||||
|       - jq | ||||
|       - curl | ||||
|     state: present | ||||
|  | ||||
| - name: Collect access token of Dimension user | ||||
|   shell: | | ||||
|     curl -X POST --header 'Content-Type: application/json' -d '{ "identifier": { "type": "m.id.user","user": "dimension" }, "password": "{{ matrix_awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq -c '. | {access_token}' | sed 's/.*\":\"//' | sed 's/\"}//' | ||||
|   register: dimension_user_access_token | ||||
|  | ||||
| - name: Record Synapse variables locally on AWX | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: "^#? *{{ item.key | regex_escape() }}:" | ||||
|     line: "{{ item.key }}: {{ item.value }}" | ||||
|     insertafter: '# Dimension Settings Start' | ||||
|   with_dict: | ||||
|     'matrix_dimension_enabled': '{{ matrix_dimension_enabled }}' | ||||
|     'matrix_dimension_access_token': '"{{ dimension_user_access_token.stdout }}"' | ||||
|    | ||||
| - name: Set final users list if users are defined | ||||
|   set_fact: | ||||
|     ext_dimension_users_raw_final: "{{ ext_dimension_users_raw }}" | ||||
|   when: ext_dimension_users_raw|length > 0 | ||||
|  | ||||
| - name: Set final users list if no users are defined | ||||
|   set_fact: | ||||
|     ext_dimension_users_raw_final: '@dimension:{{ matrix_domain }}' | ||||
|   when: ext_dimension_users_raw|length == 0 | ||||
|  | ||||
| - name: Remove Dimension Users | ||||
|   delegate_to: 127.0.0.1 | ||||
|   replace: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: '^  - .*\n' | ||||
|     after: 'matrix_dimension_admins:' | ||||
|     before: '# Dimension Settings End' | ||||
|  | ||||
| - name: Set Dimension Users Header | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     insertbefore: '# Dimension Settings End' | ||||
|     line: "matrix_dimension_admins:" | ||||
|  | ||||
| - name: Set Dimension Users | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     insertafter: '^matrix_dimension_admins:' | ||||
|     line: '  - "{{ item }}"' | ||||
|   with_items: "{{ ext_dimension_users_raw_final.splitlines() }}" | ||||
|  | ||||
| - name: Record Dimension Custom variables locally on AWX | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: "^#? *{{ item.key | regex_escape() }}:" | ||||
|     line: "{{ item.key }}: {{ item.value }}" | ||||
|     insertafter: '# Custom Settings Start' | ||||
|   with_dict: | ||||
|     'ext_dimension_users_raw': '{{ ext_dimension_users_raw.splitlines() | to_json }}' | ||||
|  | ||||
| - name: Save new 'Configure Dimension' survey.json to the AWX tower, template | ||||
|   delegate_to: 127.0.0.1 | ||||
|   template: | ||||
|     src: 'roles/matrix-awx/surveys/configure_dimension.json.j2' | ||||
|     dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//configure_dimension.json' | ||||
|  | ||||
| - name: Copy new 'Configure Dimension' survey.json to target machine | ||||
|   copy: | ||||
|     src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json' | ||||
|     dest:  '/matrix/awx/configure_dimension.json' | ||||
|     mode: '0660' | ||||
|  | ||||
| - name: Collect AWX admin token the hard way! | ||||
|   delegate_to: 127.0.0.1 | ||||
|   shell: | | ||||
|       curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' | ||||
|   register: tower_token | ||||
|   no_log: True | ||||
|  | ||||
| - name: Recreate 'Configure Dimension' job template | ||||
|   delegate_to: 127.0.0.1 | ||||
|   awx.awx.tower_job_template: | ||||
|     name: "{{ matrix_domain }} - 1 - Configure Dimension" | ||||
|     description: "Configure Dimension, the self-hosted integrations server." | ||||
|     extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" | ||||
|     job_type: run | ||||
|     job_tags: "start,setup-all,setup-dimension" | ||||
|     inventory: "{{ member_id }}" | ||||
|     project: "{{ member_id }} - Matrix Docker Ansible Deploy" | ||||
|     playbook: setup.yml | ||||
|     credential: "{{ member_id }} - AWX SSH Key" | ||||
|     survey_enabled: true | ||||
|     survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json') }}" | ||||
|     become_enabled: yes | ||||
|     state: present | ||||
|     verbosity: 1 | ||||
|     tower_host: "https://{{ tower_host }}" | ||||
|     tower_oauthtoken: "{{ tower_token.stdout }}" | ||||
|     validate_certs: yes | ||||
							
								
								
									
										69
									
								
								roles/matrix-awx/tasks/set_variables_element.yml
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										69
									
								
								roles/matrix-awx/tasks/set_variables_element.yml
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,69 @@ | ||||
|  | ||||
| - name: Record Element-Web variables locally on AWX | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: "^#? *{{ item.key | regex_escape() }}:" | ||||
|     line: "{{ item.key }}: {{ item.value }}" | ||||
|     insertafter: '# Element Settings Start' | ||||
|   with_dict: | ||||
|     'matrix_client_element_enabled': '{{ matrix_client_element_enabled }}' | ||||
|     'matrix_client_element_jitsi_preferredDomain': '{{ matrix_client_element_jitsi_preferredDomain }}' | ||||
|     'matrix_client_element_brand': '{{ matrix_client_element_brand }}' | ||||
|     'matrix_client_element_default_theme': '{{ matrix_client_element_default_theme }}' | ||||
|     'matrix_client_element_registration_enabled': '{{ matrix_client_element_registration_enabled }}' | ||||
|  | ||||
| - name: Set fact for 'https' string | ||||
|   set_fact: | ||||
|     awx_https_string: "https" | ||||
|  | ||||
| - name: Record Element-Web Background variable locally on AWX | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: "^#? *{{ item.key | regex_escape() }}:" | ||||
|     line: "{{ item.key }}: {{ item.value }}" | ||||
|     insertafter: '# Element Settings Start' | ||||
|   with_dict: | ||||
|     'matrix_client_element_branding_welcomeBackgroundUrl': '{{ matrix_client_element_branding_welcomeBackgroundUrl }}' | ||||
|   when: (awx_https_string in matrix_client_element_branding_welcomeBackgroundUrl) and ( matrix_client_element_branding_welcomeBackgroundUrl|length > 0 ) | ||||
|  | ||||
| - name: Save new 'Configure Element' survey.json to the AWX tower, template | ||||
|   delegate_to: 127.0.0.1 | ||||
|   template: | ||||
|     src: 'roles/matrix-awx/surveys/configure_element.json.j2' | ||||
|     dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json' | ||||
|  | ||||
| - name: Copy new 'Configure Element' survey.json to target machine | ||||
|   copy: | ||||
|     src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json' | ||||
|     dest: '/matrix/awx/configure_element.json' | ||||
|     mode: '0660' | ||||
|  | ||||
| - name: Collect AWX admin token the hard way! | ||||
|   delegate_to: 127.0.0.1 | ||||
|   shell: | | ||||
|       curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' | ||||
|   register: tower_token | ||||
|   no_log: True | ||||
|  | ||||
| - name: Recreate 'Configure Element' job template | ||||
|   delegate_to: 127.0.0.1 | ||||
|   awx.awx.tower_job_template: | ||||
|     name: "{{ matrix_domain }} - 1 - Configure Element" | ||||
|     description: "Configure Element client via survey." | ||||
|     extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" | ||||
|     job_type: run | ||||
|     job_tags: "start,setup-client-element" | ||||
|     inventory: "{{ member_id }}" | ||||
|     project: "{{ member_id }} - Matrix Docker Ansible Deploy" | ||||
|     playbook: setup.yml | ||||
|     credential: "{{ member_id }} - AWX SSH Key" | ||||
|     survey_enabled: true | ||||
|     survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json') }}" | ||||
|     become_enabled: yes | ||||
|     state: present | ||||
|     verbosity: 1 | ||||
|     tower_host: "https://{{ tower_host }}" | ||||
|     tower_oauthtoken: "{{ tower_token.stdout }}" | ||||
|     validate_certs: yes | ||||
							
								
								
									
										49
									
								
								roles/matrix-awx/tasks/set_variables_element_subdomain.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										49
									
								
								roles/matrix-awx/tasks/set_variables_element_subdomain.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,49 @@ | ||||
|  | ||||
| - name: Record Element-Web variables locally on AWX | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: "^#? *{{ item.key | regex_escape() }}:" | ||||
|     line: "{{ item.key }}: {{ item.value }}" | ||||
|     insertafter: '# Element Settings Start' | ||||
|   with_dict: | ||||
|     'matrix_server_fqn_element': "{{ element_subdomain }}.{{ matrix_domain }}" | ||||
|      | ||||
| - name: Save new 'Configure Element Subdomain' survey.json to the AWX tower, template | ||||
|   delegate_to: 127.0.0.1 | ||||
|   template: | ||||
|     src: 'roles/matrix-awx/surveys/configure_element_subdomain.json.j2' | ||||
|     dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element_subdomain.json' | ||||
|  | ||||
| - name: Copy new 'Configure Element Subdomain' survey.json to target machine | ||||
|   copy: | ||||
|     src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element_subdomain.json' | ||||
|     dest: '/matrix/awx/configure_element_subdomain.json' | ||||
|     mode: '0660' | ||||
|  | ||||
| - name: Collect AWX admin token the hard way! | ||||
|   delegate_to: 127.0.0.1 | ||||
|   shell: | | ||||
|       curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' | ||||
|   register: tower_token | ||||
|   no_log: True | ||||
|  | ||||
| - name: Recreate 'Configure Element Subdomain' job template | ||||
|   delegate_to: 127.0.0.1 | ||||
|   awx.awx.tower_job_template: | ||||
|     name: "{{ matrix_domain }} - 1 - Configure Element Subdomain" | ||||
|     description: "Configure Element clients subdomain location. (Eg: 'element' for element.example.org)" | ||||
|     extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" | ||||
|     job_type: run | ||||
|     job_tags: "start,setup-all,setup-client-element-subdomain" | ||||
|     inventory: "{{ member_id }}" | ||||
|     project: "{{ member_id }} - Matrix Docker Ansible Deploy" | ||||
|     playbook: setup.yml | ||||
|     credential: "{{ member_id }} - AWX SSH Key" | ||||
|     survey_enabled: true | ||||
|     survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element_subdomain.json') }}" | ||||
|     state: present | ||||
|     verbosity: 1 | ||||
|     tower_host: "https://{{ tower_host }}" | ||||
|     tower_oauthtoken: "{{ tower_token.stdout }}" | ||||
|     validate_certs: yes | ||||
							
								
								
									
										51
									
								
								roles/matrix-awx/tasks/set_variables_jitsi.yml
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										51
									
								
								roles/matrix-awx/tasks/set_variables_jitsi.yml
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,51 @@ | ||||
|  | ||||
| - name: Record Jitsi variables locally on AWX | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: "^#? *{{ item.key | regex_escape() }}:" | ||||
|     line: "{{ item.key }}: {{ item.value }}" | ||||
|     insertafter: '# Jitsi Settings Start' | ||||
|   with_dict: | ||||
|     'matrix_jitsi_enabled': '{{ matrix_jitsi_enabled }}' | ||||
|     'matrix_jitsi_web_config_defaultLanguage': '{{ matrix_jitsi_web_config_defaultLanguage }}' | ||||
|  | ||||
| - name: Save new 'Configure Jitsi' survey.json to the AWX tower, template | ||||
|   delegate_to: 127.0.0.1 | ||||
|   template: | ||||
|     src: 'roles/matrix-awx/surveys/configure_jitsi.json.j2' | ||||
|     dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json' | ||||
|  | ||||
| - name: Copy new 'Configure Jitsi' survey.json to target machine | ||||
|   copy: | ||||
|     src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json' | ||||
|     dest:  '/matrix/awx/configure_jitsi.json' | ||||
|     mode: '0660' | ||||
|  | ||||
| - name: Collect AWX admin token the hard way! | ||||
|   delegate_to: 127.0.0.1 | ||||
|   shell: | | ||||
|       curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' | ||||
|   register: tower_token | ||||
|   no_log: True | ||||
|  | ||||
| - name: Recreate 'Configure Jitsi' job template | ||||
|   delegate_to: 127.0.0.1 | ||||
|   awx.awx.tower_job_template: | ||||
|     name: "{{ matrix_domain }} - 1 - Configure Jitsi" | ||||
|     description: "Configure Jitsi conferencing settings." | ||||
|     extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" | ||||
|     job_type: run | ||||
|     job_tags: "start,setup-jitsi" | ||||
|     inventory: "{{ member_id }}" | ||||
|     project: "{{ member_id }} - Matrix Docker Ansible Deploy" | ||||
|     playbook: setup.yml | ||||
|     credential: "{{ member_id }} - AWX SSH Key" | ||||
|     survey_enabled: true | ||||
|     survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json') }}" | ||||
|     become_enabled: yes | ||||
|     state: present | ||||
|     verbosity: 1 | ||||
|     tower_host: "https://{{ tower_host }}" | ||||
|     tower_oauthtoken: "{{ tower_token.stdout }}" | ||||
|     validate_certs: yes | ||||
							
								
								
									
										109
									
								
								roles/matrix-awx/tasks/set_variables_ma1sd.yml
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										109
									
								
								roles/matrix-awx/tasks/set_variables_ma1sd.yml
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,109 @@ | ||||
|  | ||||
| - name: Record ma1sd variables locally on AWX | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: "^#? *{{ item.key | regex_escape() }}:" | ||||
|     line: "{{ item.key }}: {{ item.value }}" | ||||
|     insertafter: '# ma1sd Settings Start' | ||||
|   with_dict: | ||||
|     'matrix_ma1sd_enabled': '{{ matrix_ma1sd_enabled }}' | ||||
|  | ||||
| - name: Disable REST auth (matrix-corporal/ma1sd) if using internal auth | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: "^#? *{{ item.key | regex_escape() }}:" | ||||
|     line: "{{ item.key }}: {{ item.value }}" | ||||
|     insertafter: '# Synapse Extension Start' | ||||
|   with_dict: | ||||
|     'matrix_synapse_ext_password_provider_rest_auth_enabled': 'false' | ||||
|   when: ext_matrix_ma1sd_auth_store == 'Synapse Internal' | ||||
|  | ||||
| - name: Enable REST auth if using external LDAP/AD with ma1sd | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: "^#? *{{ item.key | regex_escape() }}:" | ||||
|     line: "{{ item.key }}: {{ item.value }}" | ||||
|     insertafter: '# Synapse Extension Start' | ||||
|   with_dict: | ||||
|     'matrix_synapse_ext_password_provider_rest_auth_enabled': 'true' | ||||
|     'matrix_synapse_ext_password_provider_rest_auth_endpoint': '"http://matrix-ma1sd:8090"' | ||||
|   when: ext_matrix_ma1sd_auth_store == 'LDAP/AD' | ||||
|  | ||||
| - name: Remove entire ma1sd configuration extension | ||||
|   delegate_to: 127.0.0.1 | ||||
|   replace: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: '^.*\n' | ||||
|     after: '# Start ma1sd Extension' | ||||
|     before: '# End ma1sd Extension' | ||||
|  | ||||
| - name: Replace conjoined ma1sd configuration extension limiters | ||||
|   delegate_to: 127.0.0.1 | ||||
|   replace: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: '^# Start ma1sd Extension# End ma1sd Extension' | ||||
|     replace: '# Start ma1sd Extension\n# End ma1sd Extension' | ||||
|  | ||||
| - name: Insert/Update ma1sd configuration extension variables | ||||
|   delegate_to: 127.0.0.1 | ||||
|   blockinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     marker: "# {mark} ma1sd ANSIBLE MANAGED BLOCK" | ||||
|     insertafter: '# Start ma1sd Extension' | ||||
|     block: '{{ ext_matrix_ma1sd_configuration_extension_yaml }}' | ||||
|  | ||||
| - name: Record ma1sd Custom variables locally on AWX | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: "^#? *{{ item.key | regex_escape() }}:" | ||||
|     line: "{{ item.key }}: {{ item.value }}" | ||||
|     insertbefore: '# Custom Settings Start' | ||||
|   with_dict: | ||||
|     'ext_matrix_ma1sd_auth_store': '{{ ext_matrix_ma1sd_auth_store }}' | ||||
|     'ext_matrix_ma1sd_configuration_extension_yaml': '{{ ext_matrix_ma1sd_configuration_extension_yaml.splitlines() | to_json }}' | ||||
|   no_log: True | ||||
|  | ||||
| - name: Save new 'Configure ma1sd' survey.json to the AWX tower, template | ||||
|   delegate_to: 127.0.0.1 | ||||
|   template: | ||||
|     src: 'roles/matrix-awx/surveys/configure_ma1sd.json.j2' | ||||
|     dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json' | ||||
|  | ||||
| - name: Copy new 'Configure ma1sd' survey.json to target machine | ||||
|   copy: | ||||
|     src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json' | ||||
|     dest:  '/matrix/awx/configure_ma1sd.json' | ||||
|     mode: '0660' | ||||
|  | ||||
| - name: Collect AWX admin token the hard way! | ||||
|   delegate_to: 127.0.0.1 | ||||
|   shell: | | ||||
|       curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' | ||||
|   register: tower_token | ||||
|   no_log: True | ||||
|  | ||||
| - name: Recreate 'Configure ma1sd (Advanced)' job template | ||||
|   delegate_to: 127.0.0.1 | ||||
|   awx.awx.tower_job_template: | ||||
|     name: "{{ matrix_domain }} - 1 - Configure ma1sd (Advanced)" | ||||
|     description: "Configure Jitsi conferencing settings." | ||||
|     extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" | ||||
|     job_type: run | ||||
|     job_tags: "start,setup-ma1sd" | ||||
|     inventory: "{{ member_id }}" | ||||
|     project: "{{ member_id }} - Matrix Docker Ansible Deploy" | ||||
|     playbook: setup.yml | ||||
|     credential: "{{ member_id }} - AWX SSH Key" | ||||
|     survey_enabled: true | ||||
|     survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json') }}" | ||||
|     become_enabled: yes | ||||
|     state: present | ||||
|     verbosity: 1 | ||||
|     tower_host: "https://{{ tower_host }}" | ||||
|     tower_oauthtoken: "{{ tower_token.stdout }}" | ||||
|     validate_certs: yes | ||||
|  | ||||
							
								
								
									
										50
									
								
								roles/matrix-awx/tasks/set_variables_mailer.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										50
									
								
								roles/matrix-awx/tasks/set_variables_mailer.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,50 @@ | ||||
|  | ||||
| - name: Record Mailer variables locally on AWX | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: "^#? *{{ item.key | regex_escape() }}:" | ||||
|     line: "{{ item.key }}: {{ item.value }}" | ||||
|     insertafter: '# Email Settings Start' | ||||
|   with_dict: | ||||
|     'matrix_mailer_relay_use': '{{ matrix_mailer_relay_use }}' | ||||
|  | ||||
| - name: Save new 'Configure Email Relay' survey.json to the AWX tower, template | ||||
|   delegate_to: 127.0.0.1 | ||||
|   template: | ||||
|     src: 'roles/matrix-awx/surveys/configure_email_relay.json.j2' | ||||
|     dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json' | ||||
|  | ||||
| - name: Copy new 'Configure Email Relay' survey.json to target machine | ||||
|   copy: | ||||
|     src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json' | ||||
|     dest: '/matrix/awx/configure_email_relay.json' | ||||
|     mode: '0660' | ||||
|  | ||||
| - name: Collect AWX admin token the hard way! | ||||
|   delegate_to: 127.0.0.1 | ||||
|   shell: | | ||||
|       curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' | ||||
|   register: tower_token | ||||
|   no_log: True | ||||
|  | ||||
| - name: Recreate 'Configure Email Relay' job template | ||||
|   delegate_to: 127.0.0.1 | ||||
|   awx.awx.tower_job_template: | ||||
|     name: "{{ matrix_domain }} - 1 - Configure Email Relay" | ||||
|     description: "Enable MailGun relay to increase verification email reliability." | ||||
|     extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" | ||||
|     job_type: run | ||||
|     job_tags: "start,setup-mailer" | ||||
|     inventory: "{{ member_id }}" | ||||
|     project: "{{ member_id }} - Matrix Docker Ansible Deploy" | ||||
|     playbook: setup.yml | ||||
|     credential: "{{ member_id }} - AWX SSH Key" | ||||
|     survey_enabled: true | ||||
|     survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json') }}" | ||||
|     become_enabled: yes | ||||
|     state: present | ||||
|     verbosity: 1 | ||||
|     tower_host: "https://{{ tower_host }}" | ||||
|     tower_oauthtoken: "{{ tower_token.stdout }}" | ||||
|     validate_certs: yes | ||||
							
								
								
									
										229
									
								
								roles/matrix-awx/tasks/set_variables_synapse.yml
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										229
									
								
								roles/matrix-awx/tasks/set_variables_synapse.yml
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,229 @@ | ||||
|  | ||||
| - name: Limit max upload size to 200MB part 1 | ||||
|   set_fact: | ||||
|     matrix_synapse_max_upload_size_mb: "200" | ||||
|   when: matrix_synapse_max_upload_size_mb_raw|int >= 200 | ||||
|  | ||||
| - name: Limit max upload size to 200MB part 2 | ||||
|   set_fact: | ||||
|     matrix_synapse_max_upload_size_mb: "{{ matrix_synapse_max_upload_size_mb_raw }}" | ||||
|   when: matrix_synapse_max_upload_size_mb_raw|int < 200 | ||||
|  | ||||
| - name: Record Synapse variables locally on AWX | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: "^#? *{{ item.key | regex_escape() }}:" | ||||
|     line: "{{ item.key }}: {{ item.value }}" | ||||
|     insertafter: '# Synapse Settings Start' | ||||
|   with_dict: | ||||
|     'matrix_synapse_allow_public_rooms_over_federation': '{{ matrix_synapse_allow_public_rooms_over_federation }}' | ||||
|     'matrix_synapse_enable_registration': '{{ matrix_synapse_enable_registration }}' | ||||
|     'matrix_synapse_federation_enabled': '{{ matrix_synapse_federation_enabled }}' | ||||
|     'matrix_synapse_enable_group_creation': '{{ matrix_synapse_enable_group_creation }}' | ||||
|     'matrix_synapse_presence_enabled': '{{ matrix_synapse_presence_enabled }}' | ||||
|     'matrix_synapse_max_upload_size_mb': '{{ matrix_synapse_max_upload_size_mb }}' | ||||
|     'matrix_synapse_url_preview_enabled': '{{ matrix_synapse_url_preview_enabled }}' | ||||
|     'matrix_synapse_allow_guest_access': '{{ matrix_synapse_allow_guest_access }}' | ||||
|  | ||||
| - name: Empty Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if raw inputs empty | ||||
|   delegate_to: 127.0.0.1 | ||||
|   replace: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: "^matrix_synapse_auto_join_rooms: .*$" | ||||
|     replace: "matrix_synapse_auto_join_rooms: []" | ||||
|   when: matrix_synapse_auto_join_rooms_raw|length == 0 | ||||
|  | ||||
| - name: If the raw inputs is not empty start constructing parsed auto_join_rooms list | ||||
|   set_fact: | ||||
|     matrix_synapse_auto_join_rooms_array: |- | ||||
|       {{ matrix_synapse_auto_join_rooms_raw.splitlines() | to_json }} | ||||
|   when: matrix_synapse_auto_join_rooms_raw|length > 0 | ||||
|  | ||||
| - name: Record Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if it's not blank | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: "^#? *{{ item.key | regex_escape() }}:" | ||||
|     line: "{{ item.key }}: {{ item.value }}" | ||||
|     insertafter: '# Synapse Settings Start' | ||||
|   with_dict: | ||||
|     "matrix_synapse_auto_join_rooms": "{{ matrix_synapse_auto_join_rooms_array }}" | ||||
|   when: matrix_synapse_auto_join_rooms_raw|length > 0 | ||||
|  | ||||
| - name: Record Synapse Shared Secret if it's defined | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: "^#? *{{ item.key | regex_escape() }}:" | ||||
|     line: "{{ item.key }}: {{ item.value }}" | ||||
|     insertafter: '# Synapse Settings Start' | ||||
|   with_dict: | ||||
|     'matrix_synapse_registration_shared_secret': '{{ ext_matrix_synapse_registration_shared_secret }}' | ||||
|   when: ext_matrix_synapse_registration_shared_secret|length > 0 | ||||
|  | ||||
| - name: Record registations_require_3pid extra variable if true | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: "{{ item }}" | ||||
|     line: "{{ item }}" | ||||
|     insertbefore: '# Synapse Extension End' | ||||
|   with_items: | ||||
|     - "  registrations_require_3pid:" | ||||
|     - "    - email" | ||||
|   when: ext_registrations_require_3pid|bool | ||||
|  | ||||
| - name: Remove registrations_require_3pid extra variable if false | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: "{{ item }}" | ||||
|     line: "{{ item }}" | ||||
|     insertbefore: '# Synapse Extension End' | ||||
|     state: absent | ||||
|   with_items: | ||||
|     - "  registrations_require_3pid:" | ||||
|     - "    - email" | ||||
|   when: not ext_registrations_require_3pid|bool | ||||
|  | ||||
| - name: Remove URL Languages | ||||
|   delegate_to: 127.0.0.1 | ||||
|   replace: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: '^(?!.*\bemail\b)    - [a-zA-Z\-]{2,5}\n' | ||||
|     after: '  url_preview_accept_language:' | ||||
|     before: '# Synapse Extension End' | ||||
|  | ||||
| - name: Set URL languages default if raw inputs empty | ||||
|   set_fact: | ||||
|     ext_url_preview_accept_language_default: 'en' | ||||
|   when: ext_url_preview_accept_language_raw|length == 0 | ||||
|  | ||||
| - name: Set URL languages default if raw inputs not empty | ||||
|   set_fact: | ||||
|     ext_url_preview_accept_language_default: "{{ ext_url_preview_accept_language_raw }}" | ||||
|   when: ext_url_preview_accept_language_raw|length > 0 | ||||
|  | ||||
| - name: Set URL languages if raw inputs empty | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     insertafter: '^  url_preview_accept_language:' | ||||
|     line: "    - {{ ext_url_preview_accept_language_default }}" | ||||
|   when: ext_url_preview_accept_language_raw|length == 0 | ||||
|  | ||||
| - name: Set URL languages if raw inputs not empty | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     insertafter: '^  url_preview_accept_language:' | ||||
|     line: "    - {{ item }}" | ||||
|   with_items: "{{ ext_url_preview_accept_language_raw.splitlines() }}" | ||||
|   when: ext_url_preview_accept_language_raw|length > 0 | ||||
|  | ||||
| - name: Remove Federation Whitelisting 1 | ||||
|   delegate_to: 127.0.0.1 | ||||
|   replace: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: '^    - [a-z0-9]+\.[a-z0-9.]+\n' | ||||
|     after: '  federation_domain_whitelist:' | ||||
|     before: '# Synapse Extension End' | ||||
|  | ||||
| - name: Remove Federation Whitelisting 2 | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     line: "  federation_domain_whitelist:" | ||||
|     state: absent | ||||
|  | ||||
| - name: Set Federation Whitelisting 1 | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     insertafter: '^matrix_synapse_configuration_extension_yaml: \|' | ||||
|     line: "  federation_domain_whitelist:" | ||||
|   when: ext_federation_whitelist_raw|length > 0 | ||||
|  | ||||
| - name: Set Federation Whitelisting 2 | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     insertafter: '^  federation_domain_whitelist:' | ||||
|     line: "    - {{ item }}" | ||||
|   with_items: "{{ ext_federation_whitelist_raw.splitlines() }}" | ||||
|   when: ext_federation_whitelist_raw|length > 0 | ||||
|  | ||||
| - name: Set ext_recaptcha_public_key to a 'public-key' if undefined | ||||
|   set_fact: ext_recaptcha_public_key="public-key" | ||||
|   when: (ext_recaptcha_public_key is not defined) or (ext_recaptcha_public_key|length == 0) | ||||
|  | ||||
| - name: Set ext_recaptcha_private_key to a 'private-key' if undefined | ||||
|   set_fact: ext_recaptcha_private_key="private-key" | ||||
|   when: (ext_recaptcha_private_key is not defined) or (ext_recaptcha_private_key|length == 0) | ||||
|  | ||||
| - name: Record Synapse Extension variables locally on AWX | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: "^#? *{{ item.key | regex_escape() }}:" | ||||
|     line: "{{ item.key }}: {{ item.value }}" | ||||
|     insertbefore: '# Synapse Extension End' | ||||
|   with_dict: | ||||
|     '  enable_registration_captcha': '{{ ext_enable_registration_captcha }}' | ||||
|     '  recaptcha_public_key': '{{ ext_recaptcha_public_key }}' | ||||
|     '  recaptcha_private_key': '{{ ext_recaptcha_private_key }}' | ||||
|  | ||||
| - name: Record Synapse Custom variables locally on AWX | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: "^#? *{{ item.key | regex_escape() }}:" | ||||
|     line: "{{ item.key }}: {{ item.value }}" | ||||
|     insertafter: '# Custom Settings Start' | ||||
|   with_dict: | ||||
|     'ext_federation_whitelist_raw': '{{ ext_federation_whitelist_raw.splitlines() | to_json }}' | ||||
|     'ext_url_preview_accept_language_default': '{{ ext_url_preview_accept_language_default.splitlines() | to_json }}' | ||||
|     'ext_enable_registration_captcha': '{{ ext_enable_registration_captcha }}' | ||||
|     'ext_recaptcha_public_key': '"{{ ext_recaptcha_public_key }}"' | ||||
|     'ext_recaptcha_private_key': '"{{ ext_recaptcha_private_key }}"' | ||||
|  | ||||
| - name: Save new 'Configure Synapse' survey.json to the AWX tower, template | ||||
|   delegate_to: 127.0.0.1 | ||||
|   template: | ||||
|     src: 'roles/matrix-awx/surveys/configure_synapse.json.j2' | ||||
|     dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//configure_synapse.json' | ||||
|  | ||||
| - name: Copy new 'Configure Synapse' survey.json to target machine | ||||
|   copy: | ||||
|     src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json' | ||||
|     dest:  '/matrix/awx/configure_synapse.json' | ||||
|     mode: '0660' | ||||
|  | ||||
| - name: Collect AWX admin token the hard way! | ||||
|   delegate_to: 127.0.0.1 | ||||
|   shell: | | ||||
|       curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' | ||||
|   register: tower_token | ||||
|   no_log: True | ||||
|  | ||||
| - name: Recreate 'Configure Synapse' job template | ||||
|   delegate_to: 127.0.0.1 | ||||
|   awx.awx.tower_job_template: | ||||
|     name: "{{ matrix_domain }} - 1 - Configure Synapse" | ||||
|     description: "Configure Synapse (homeserver) settings." | ||||
|     extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" | ||||
|     job_type: run | ||||
|     job_tags: "start,setup-synapse" | ||||
|     inventory: "{{ member_id }}" | ||||
|     project: "{{ member_id }} - Matrix Docker Ansible Deploy" | ||||
|     playbook: setup.yml | ||||
|     credential: "{{ member_id }} - AWX SSH Key" | ||||
|     survey_enabled: true | ||||
|     survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json') }}" | ||||
|     become_enabled: yes | ||||
|     state: present | ||||
|     verbosity: 1 | ||||
|     tower_host: "https://{{ tower_host }}" | ||||
|     tower_oauthtoken: "{{ tower_token.stdout }}" | ||||
|     validate_certs: yes | ||||
							
								
								
									
										50
									
								
								roles/matrix-awx/tasks/set_variables_synapse_admin.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										50
									
								
								roles/matrix-awx/tasks/set_variables_synapse_admin.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,50 @@ | ||||
|  | ||||
| - name: Record Synapse Admin variables locally on AWX | ||||
|   delegate_to: 127.0.0.1 | ||||
|   lineinfile: | ||||
|     path: '{{ awx_cached_matrix_vars }}' | ||||
|     regexp: "^#? *{{ item.key | regex_escape() }}:" | ||||
|     line: "{{ item.key }}: {{ item.value }}" | ||||
|     insertafter: '# Synapse Admin Settings Start' | ||||
|   with_dict: | ||||
|     'matrix_synapse_admin_enabled': '{{ matrix_synapse_admin_enabled }}' | ||||
|  | ||||
| - name: Save new 'Configure Synapse Admin' survey.json to the AWX tower, template | ||||
|   delegate_to: 127.0.0.1 | ||||
|   template: | ||||
|     src: 'roles/matrix-awx/surveys/configure_synapse_admin.json.j2' | ||||
|     dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json' | ||||
|  | ||||
| - name: Copy new 'Configure Synapse Admin' survey.json to target machine | ||||
|   copy: | ||||
|     src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json' | ||||
|     dest:  '/matrix/awx/configure_synapse_admin.json' | ||||
|     mode: '0660' | ||||
|  | ||||
| - name: Collect AWX admin token the hard way! | ||||
|   delegate_to: 127.0.0.1 | ||||
|   shell: | | ||||
|       curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' | ||||
|   register: tower_token | ||||
|   no_log: True | ||||
|  | ||||
| - name: Recreate 'Configure Synapse Admin' job template | ||||
|   delegate_to: 127.0.0.1 | ||||
|   awx.awx.tower_job_template: | ||||
|     name: "{{ matrix_domain }} - 1 - Configure Synapse Admin" | ||||
|     description: "Configure 'Synapse Admin', a moderation tool to help you manage your server." | ||||
|     extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" | ||||
|     job_type: run | ||||
|     job_tags: "start,setup-all" | ||||
|     inventory: "{{ member_id }}" | ||||
|     project: "{{ member_id }} - Matrix Docker Ansible Deploy" | ||||
|     playbook: setup.yml | ||||
|     credential: "{{ member_id }} - AWX SSH Key" | ||||
|     survey_enabled: true | ||||
|     survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json') }}" | ||||
|     become_enabled: yes | ||||
|     state: present | ||||
|     verbosity: 1 | ||||
|     tower_host: "https://{{ tower_host }}" | ||||
|     tower_oauthtoken: "{{ tower_token.stdout }}" | ||||
|     validate_certs: yes | ||||
		Reference in New Issue
	
	Block a user