mirror/matrix-docker-ansible-deploy
1
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2025-06-25 18:57:50 +02:00
Code Issues Packages Projects Releases Wiki Activity

Remove matrix-awx sections

Browse Source
This commit is contained in:
PC-Admin
2022-04-09 08:48:02 +08:00
parent 1ffad8ba64
commit ab3e02c7fd
53 changed files with 0 additions and 3536 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
roles/matrix-awx/defaults/main.yml
View File

@ -1,8 +0,0 @@
---
matrix_awx_enabled: true
# Defaults for 'Customise Website + Access Export' template
awx_sftp_auth_method: 'Disabled'
awx_sftp_password: ''
awx_sftp_public_key: ''

29
roles/matrix-awx/scripts/matrix_build_room_list.py
View File

@ -1,29 +0,0 @@
import sys
import requests
import json
janitor_token = sys.argv[1]
synapse_container_ip = sys.argv[2]
synapse_container_port = sys.argv[3]
# collect total amount of rooms
rooms_raw_url = 'http://' + synapse_container_ip + ':' + synapse_container_port + '/_synapse/admin/v1/rooms'
rooms_raw_header = {'Authorization': 'Bearer ' + janitor_token}
rooms_raw = requests.get(rooms_raw_url, headers=rooms_raw_header)
rooms_raw_python = json.loads(rooms_raw.text)
total_rooms = rooms_raw_python["total_rooms"]
# build complete room list file
room_list_file = open("/tmp/room_list_complete.json", "w")
for i in range(0, total_rooms, 100):
rooms_inc_url = 'http://' + synapse_container_ip + ':' + synapse_container_port + '/_synapse/admin/v1/rooms?from=' + str(i)
rooms_inc = requests.get(rooms_inc_url, headers=rooms_raw_header)
room_list_file.write(rooms_inc.text)
room_list_file.close()
print(total_rooms)

42
roles/matrix-awx/surveys/access_export.json.j2
View File

@ -1,42 +0,0 @@
{
"name": "Access Export",
"description": "Access the services export.",
"spec": [
{
"question_name": "SFTP Authorisation Method",
"question_description": "Set whether you want to disable SFTP, use a password to connect to SFTP or connect with a more secure SSH key.",
"required": true,
"min": null,
"max": null,
"default": "{{ awx_sftp_auth_method | string }}",
"choices": "Disabled\nPassword\nSSH Key",
"new_question": true,
"variable": "awx_sftp_auth_method",
"type": "multiplechoice"
},
{
"question_name": "SFTP Password",
"question_description": "Sets the password of the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'Password' method is selected. WARNING: You must set a strong and unique password here.",
"required": false,
"min": 0,
"max": 64,
"default": "{{ awx_sftp_password }}",
"choices": "",
"new_question": true,
"variable": "awx_sftp_password",
"type": "password"
},
{
"question_name": "SFTP Public SSH Key (More Secure)",
"question_description": "Sets the public SSH key used to access the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'SSH Key' method is selected.",
"required": false,
"min": 0,
"max": 16384,
"default": "{{ awx_sftp_public_key }}",
"choices": "",
"new_question": true,
"variable": "awx_sftp_public_key",
"type": "text"
}
]
}

18
roles/matrix-awx/surveys/backup_server.json.j2
View File

@ -1,18 +0,0 @@
{
"name": "Backup Server",
"description": "Performs a backup of the entire service to a remote location.",
"spec": [
{
"question_name": "Enable Backup",
"question_description": "Set if remote backup is enabled or not. If enabled a daily backup of your server will be sent to the backup server located in {{ backup_server_location }}.",
"required": false,
"min": null,
"max": null,
"default": "{{ awx_backup_enabled | string | lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "awx_backup_enabled",
"type": "multiplechoice"
}
]
}

66
roles/matrix-awx/surveys/bridge_discord_appservice.json.j2
View File

@ -1,66 +0,0 @@
{
"name": "Bridge Discord Appservice",
"description": "Enables a private bridge you can use to connect Matrix rooms to Discord.",
"spec": [
{
"question_name": "Enable Discord AppService Bridge",
"question_description": "Enables a private bridge you can use to connect Matrix rooms to Discord.",
"required": true,
"min": null,
"max": null,
"default": "{{ matrix_appservice_discord_enabled | string | lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_appservice_discord_enabled",
"type": "multiplechoice"
},
{
"question_name": "Discord OAuth2 Client ID",
"question_description": "The OAuth2 'CLIENT ID' which can be found in the 'OAuth2' tab of your new discord application: https://discord.com/developers/applications",
"required": true,
"min": 0,
"max": 128,
"default": "{{ matrix_appservice_discord_client_id | trim }}",
"choices": "",
"new_question": true,
"variable": "matrix_appservice_discord_client_id",
"type": "text"
},
{
"question_name": "Discord Bot Token",
"question_description": "The Bot 'TOKEN' which can be found in the 'Bot' tab of your new discord application: https://discord.com/developers/applications",
"required": true,
"min": 0,
"max": 256,
"default": "{{ matrix_appservice_discord_bot_token | trim }}",
"choices": "",
"new_question": true,
"variable": "matrix_appservice_discord_bot_token",
"type": "password"
},
{
"question_name": "Auto-Admin Matrix User",
"question_description": "The username you would like to be automatically joined and promoted to administrator (PL100) in bridged rooms. Exclude the '@' and server name postfix. So to create @stevo:example.org just enter 'stevo'.",
"required": false,
"min": 0,
"max": 1024,
"default": "",
"choices": "",
"new_question": true,
"variable": "awx_appservice_discord_admin_user",
"type": "text"
},
{
"question_name": "Auto-Admin Rooms",
"question_description": "A list of rooms you want the user to be automatically joined and promoted to administrator (PL100) in. These should be the internal IDs (for example '!axfBUsKhfAjSMBdjKX:example.org') separated by newlines.",
"required": false,
"min": 0,
"max": 4096,
"default": "",
"choices": "",
"new_question": true,
"variable": "awx_appservice_discord_admin_rooms",
"type": "textarea"
}
]
}

88
roles/matrix-awx/surveys/configure_corporal.json.j2
View File

@ -1,88 +0,0 @@
{
"name": "Configure Matrix Corporal",
"description": "Configure Matrix Corporal, a tool that manages your Matrix server according to a configuration policy.",
"spec": [
{
"question_name": "Enable Corporal",
"question_description": "Controls if Matrix Corporal is enabled at all. If you're unsure if you need Matrix Corporal or not, you most likely don't.",
"required": true,
"min": null,
"max": null,
"default": "{{ matrix_corporal_enabled|string|lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_corporal_enabled",
"type": "multiplechoice"
},
{
"question_name": "Corporal Policy Provider",
"question_description": "Controls what provider policy is used with Matrix Corporal.",
"required": true,
"min": null,
"max": null,
"default": "{{ awx_corporal_policy_provider_mode }}",
"choices": "Simple Static File\nHTTP Pull Mode (API Enabled)\nHTTP Push Mode (API Enabled)",
"new_question": true,
"variable": "awx_corporal_policy_provider_mode",
"type": "multiplechoice"
},
{
"question_name": "Simple Static File Configuration",
"question_description": "The configuration file for Matrix Corporal, only needed if 'Simple Static File' provider is selected, any configuration entered here will be saved and applied.",
"required": false,
"min": 0,
"max": 65536,
"default": "",
"new_question": true,
"variable": "awx_corporal_simple_static_config",
"type": "textarea"
},
{
"question_name": "HTTP Pull Mode URI",
"question_description": "The network address to remotely fetch the configuration from. Only needed if 'HTTP Pull Mode (API Enabled)' provider is selected.",
"required": false,
"min": 0,
"max": 4096,
"default": "{{ awx_corporal_pull_mode_uri }}",
"new_question": true,
"variable": "awx_corporal_pull_mode_uri",
"type": "text"
},
{
"question_name": "HTTP Pull Mode Authentication Token",
"question_description": "An authentication token for pulling the Corporal configuration from a network location. Only needed if 'HTTP Pull Mode (API Enabled)' provider is selected. WARNING: You must set a strong and unique password here.",
"required": false,
"min": 0,
"max": 256,
"default": "{{ awx_corporal_pull_mode_token }}",
"choices": "",
"new_question": true,
"variable": "awx_corporal_pull_mode_token",
"type": "password"
},
{
"question_name": "Corporal API Authentication Token",
"question_description": "An authentication token for interfacing with Corporals API. Only needed to be set if 'HTTP Pull Mode (API Enabled)' or 'HTTP Push Mode (API Enabled)' provider is selected. WARNING: You must set a strong and unique password here.",
"required": false,
"min": 0,
"max": 256,
"default": "{{ matrix_corporal_http_api_auth_token }}",
"choices": "",
"new_question": true,
"variable": "matrix_corporal_http_api_auth_token",
"type": "password"
},
{
"question_name": "Raise Synapse Ratelimits",
"question_description": "For Matrix Corporal to work you will need to temporarily raise the rate limits for logins, please return this value to 'Normal' after you're done using Corporal.",
"required": false,
"min": null,
"max": null,
"default": "{{ awx_corporal_raise_ratelimits }}",
"choices": "Normal\nRaised",
"new_question": true,
"variable": "awx_corporal_raise_ratelimits",
"type": "multiplechoice"
}
]
}

30
roles/matrix-awx/surveys/configure_dimension.json.j2
View File

@ -1,30 +0,0 @@
{
"name": "Configure Dimension",
"description": "Configure Dimension, the self-hosted integrations server.",
"spec": [
{
"question_name": "Enable Dimension",
"question_description": "Enables the Dimension integration server, before doing this you need to create a CNAME record for 'dimension.{{ matrix_domain }}' that points to 'matrix.{{ matrix_domain }}'.",
"required": false,
"min": null,
"max": null,
"default": "{{ matrix_dimension_enabled | string | lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_dimension_enabled",
"type": "multiplechoice"
},
{
"question_name": "Dimension Users",
"question_description": "Here you can list the user accounts that will be able to configure Dimension. Entries must be seperated with newlines and must be a complete Matrix ID. For example: '@dimension:{{ matrix_domain }}'",
"required": false,
"min": 0,
"max": 65536,
"default": {{ awx_dimension_users_final | to_json }},
"choices": "",
"new_question": true,
"variable": "awx_dimension_users",
"type": "textarea"
}
]
}

114
roles/matrix-awx/surveys/configure_element.json.j2
View File

@ -1,114 +0,0 @@
{
"name": "Configure Element",
"description": "Configure Element web client, Element is the most developed Matrix client software.",
"spec": [
{
"question_name": "Enable Element-Web",
"question_description": "Set if Element web client is enabled or not.",
"required": true,
"min": null,
"max": null,
"default": "{{ matrix_client_element_enabled }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_client_element_enabled",
"type": "multiplechoice"
},
{
"question_name": "Set Theme for Web Client",
"question_description": "Sets the default theme for the web client, can be changed later by individual users.",
"required": false,
"min": null,
"max": null,
"default": "{{ matrix_client_element_default_theme }}",
"choices": "light\ndark",
"new_question": true,
"variable": "matrix_client_element_default_theme",
"type": "multiplechoice"
},
{
"question_name": "Set Branding for Web Client",
"question_description": "Sets the 'branding' seen in the tab and on the welcome page to a custom value.Leaving this field blank will cause the default branding will be used: 'Element'",
"required": false,
"min": 0,
"max": 256,
"default": "{{ matrix_client_element_brand | trim }}",
"choices": "",
"new_question": true,
"variable": "matrix_client_element_brand",
"type": "text"
},
{
"question_name": "Set Welcome Page Background",
"question_description": "Sets the background image on the welcome page, you should enter a URL to the image you want to use. Must be a 'https' link, otherwise it won't be set. Leaving this field blank will cause the default background to be used.",
"required": false,
"min": 0,
"max": 1024,
"default": "{{ matrix_client_element_branding_welcomeBackgroundUrl | trim }}",
"choices": "",
"new_question": true,
"variable": "matrix_client_element_branding_welcomeBackgroundUrl",
"type": "text"
},
{
"question_name": "Set Welcome Page Logo",
"question_description": "Sets the logo found on the welcome and login page, must be a valid https link to your logo, the logo itself should be a square vector image (SVG). Leaving this field blank will cause the default Element logo to be used.",
"required": false,
"min": 0,
"max": 1024,
"default": "{{ matrix_client_element_welcome_logo | trim }}",
"choices": "",
"new_question": true,
"variable": "matrix_client_element_welcome_logo",
"type": "text"
},
{
"question_name": "Set Welcome Page Logo URL",
"question_description": "Sets the URL link the welcome page logo leads to, must be a valid https link. Leaving this field blank will cause this default link to be used: 'https://element.io'",
"required": false,
"min": 0,
"max": 1024,
"default": "{{ matrix_client_element_welcome_logo_link | trim }}",
"choices": "",
"new_question": true,
"variable": "matrix_client_element_welcome_logo_link",
"type": "text"
},
{
"question_name": "Set Welcome Page Headline",
"question_description": "Sets the headline seen on the welcome page. Leaving this field blank will cause this default headline to be used: 'Welcome to Element!'",
"required": false,
"min": 0,
"max": 512,
"default": "{{ awx_matrix_client_element_welcome_headline | trim }}",
"choices": "",
"new_question": true,
"variable": "awx_matrix_client_element_welcome_headline",
"type": "text"
},
{
"question_name": "Set Welcome Page Text",
"question_description": "Sets the text seen on the welcome page. Leaving this field blank will cause this default headline to be used: 'Decentralised, encrypted chat & collaboration powered by [Matrix]'",
"required": false,
"min": 0,
"max": 2048,
"default": "{{ awx_matrix_client_element_welcome_text | trim }}",
"choices": "",
"new_question": true,
"variable": "awx_matrix_client_element_welcome_text",
"type": "text"
},
{
"question_name": "Show Registration Button",
"question_description": "If you show the registration button on the welcome page.",
"required": false,
"min": null,
"max": null,
"default": "{{ matrix_client_element_registration_enabled }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_client_element_registration_enabled",
"type": "multiplechoice"
}
]
}

18
roles/matrix-awx/surveys/configure_element_subdomain.json.j2
View File

@ -1,18 +0,0 @@
{
"name": "Configure Element Subdomain",
"description": "Configure Element clients subdomain location. (Eg: 'element' for element.example.org)",
"spec": [
{
"question_name": "Set Element Subdomain",
"question_description": "Sets the subdomain of the Element web-client, you should only specify the subdomain, not the base domain you've already set. (Eg: 'element' for element.example.org) Note that if you change this value you'll need to reconfigure your DNS.",
"required": false,
"min": 0,
"max": 2048,
"default": "{{ awx_element_subdomain }}",
"choices": "",
"new_question": true,
"variable": "awx_element_subdomain",
"type": "text"
}
]
}

19
roles/matrix-awx/surveys/configure_email_relay.json.j2
View File

@ -1,19 +0,0 @@
{
"name": "Configure Email Relay",
"description": "Enable MailGun relay to increase verification email reliability.",
"spec": [
{
"question_name": "Enable Email Relay",
"question_description": "Enables the MailGun email relay server, enabling this will increase the reliability of your email verification.",
"required": false,
"min": null,
"max": null,
"default": "{{ matrix_mailer_relay_use | string | lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_mailer_relay_use",
"type": "multiplechoice"
}
]
}

31
roles/matrix-awx/surveys/configure_jitsi.json.j2
View File

@ -1,31 +0,0 @@
{
"name": "Configure Jitsi",
"description": "Configure Jitsi conferencing settings.",
"spec": [
{
"question_name": "Enable Jitsi",
"question_description": "Set if Jitsi is enabled or not. If disabled your server will use the https://jitsi.riot.im server. If you're on a smaller server disabling this might increase the performance of your Matrix service.",
"required": false,
"min": null,
"max": null,
"default": "{{ matrix_jitsi_enabled }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_jitsi_enabled",
"type": "multiplechoice"
},
{
"question_name": "Set Default Language",
"question_description": "2 digit 639-1 language code to adjust the language of the web client. For a list of possible codes see: https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes",
"required": false,
"min": 0,
"max": 2,
"default": "{{ matrix_jitsi_web_config_defaultLanguage }}",
"choices": "",
"new_question": true,
"variable": "matrix_jitsi_web_config_defaultLanguage",
"type": "text"
}
]
}

41
roles/matrix-awx/surveys/configure_ma1sd.json.j2
View File

@ -1,41 +0,0 @@
{
"name": "Configure ma1sd",
"description": "Configure ma1sd settings, ma1sd is a self-hosted identity server for Matrix.",
"spec": [
{
"question_name": "Enable ma1sd",
"question_description": "Set if ma1sd is enabled or not. If disabled your server will loose identity functionality (not recommended).",
"required": false,
"min": null,
"max": null,
"default": "{{ matrix_ma1sd_enabled | string | lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_ma1sd_enabled",
"type": "multiplechoice"
},
{
"question_name": "ma1sd Authentication Mode",
"question_description": "Set the source of user account authentication credentials with the ma1sd.",
"required": false,
"min": null,
"max": null,
"default": "{{ awx_matrix_ma1sd_auth_store }}",
"choices": "Synapse Internal\nLDAP/AD",
"new_question": true,
"variable": "awx_matrix_ma1sd_auth_store",
"type": "multiplechoice"
},
{
"question_name": "LDAP/AD Configuration",
"question_description": "Settings for connecting LDAP/AD to the ma1sd service. (ignored if using Synapse Internal, see https://github.com/ma1uta/ma1sd/blob/master/docs/stores/README.md )",
"required": false,
"min": 0,
"max": 65536,
"default": {{ awx_matrix_ma1sd_configuration_extension_yaml | to_json }},
"new_question": true,
"variable": "awx_matrix_ma1sd_configuration_extension_yaml",
"type": "textarea"
}
]
}

29
roles/matrix-awx/surveys/configure_mjolnir.json.j2
View File

@ -1,29 +0,0 @@
{
"name": "Configure Mjolnir",
"description": "Configure Mjolnir settings, Mjolnir is a moderation bot for Matrix.",
"spec": [
{
"question_name": "Enable Mjolnir",
"question_description": "Set if Mjolnir is enabled or not. Mjolnir is a moderation bot for Matrix.",
"required": true,
"min": null,
"max": null,
"default": "{{ matrix_bot_mjolnir_enabled | string | lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_bot_mjolnir_enabled",
"type": "multiplechoice"
},
{
"question_name": "Mjolnir Management Room",
"question_description": "Sets the internal ID of the management room for Mjolnir. Example: '!wAeZaPCKvaCHcSqxAW:matrix.org'",
"required": true,
"min": null,
"max": null,
"default": "{{ matrix_bot_mjolnir_management_room }}",
"new_question": true,
"variable": "matrix_bot_mjolnir_management_room",
"type": "text"
}
]
}

198
roles/matrix-awx/surveys/configure_synapse.json.j2
View File

@ -1,198 +0,0 @@
{
"name": "Configure Synapse",
"description": "Configure Synapse settings. Synapse is the homeserver software that powers your Matrix instance.",
"spec": [
{
"question_name": "Enable Public Registration",
"question_description": "Controls whether people with access to the homeserver can register by themselves.",
"required": false,
"min": null,
"max": null,
"default": "{{ matrix_synapse_enable_registration | string | lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_synapse_enable_registration",
"type": "multiplechoice"
},
{
"question_name": "Enable Federation",
"question_description": "Controls whether Synapse will federate at all. Disable this to completely isolate your server from the rest of the Matrix network.",
"required": false,
"min": null,
"max": null,
"default": "{{ matrix_synapse_federation_enabled | string | lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_synapse_federation_enabled",
"type": "multiplechoice"
},
{
"question_name": "Allow Public Rooms Over Federation",
"question_description": "Controls whether remote servers can fetch this server's public rooms directory via federation. For private servers, you'll most likely want to forbid this.",
"required": false,
"min": null,
"max": null,
"default": "{{ matrix_synapse_allow_public_rooms_over_federation | string | lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_synapse_allow_public_rooms_over_federation",
"type": "multiplechoice"
},
{
"question_name": "Enable Community Creation",
"question_description": "Allows regular users (who aren't server admins) to create 'communities', which are basically groups of rooms.",
"required": false,
"min": null,
"max": null,
"default": "{{ matrix_synapse_enable_group_creation | string | lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_synapse_enable_group_creation",
"type": "multiplechoice"
},
{
"question_name": "Enable Synapse Presence",
"question_description": "Controls whether presence is enabled. This shows who's online and reading your posts. Disabling it will increase both performance and user privacy.",
"required": false,
"min": null,
"max": null,
"default": "{{ matrix_synapse_presence_enabled | string | lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_synapse_presence_enabled",
"type": "multiplechoice"
},
{
"question_name": "Enable URL Previews",
"question_description": "Controls whether URL previews should be generated. This will cause a request from Synapse to URLs shared by users.",
"required": false,
"min": null,
"max": null,
"default": "{{ matrix_synapse_url_preview_enabled | string | lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_synapse_url_preview_enabled",
"type": "multiplechoice"
},
{
"question_name": "Enable Guest Access",
"question_description": "Controls whether 'guest accounts' can access rooms without registering. Guest users do not count towards your servers user limit.",
"required": false,
"min": null,
"max": null,
"default": "{{ matrix_synapse_allow_guest_access | string | lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_synapse_allow_guest_access",
"type": "multiplechoice"
},
{
"question_name": "Registration Requires Email",
"question_description": "Controls whether an email address is required to register on the server.",
"required": false,
"min": null,
"max": null,
"default": "{{ awx_registrations_require_3pid | string | lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "awx_registrations_require_3pid",
"type": "multiplechoice"
},
{
"question_name": "Registration Shared Secret",
"question_description": "A secret that allows registration of standard or admin accounts by anyone who has the shared secret, even if registration is otherwise disabled. WARNING: You must set a strong and unique password here.",
"required": false,
"min": 0,
"max": 256,
"default": "",
"choices": "",
"new_question": true,
"variable": "awx_matrix_synapse_registration_shared_secret",
"type": "password"
},
{
"question_name": "Synapse Max Upload Size",
"question_description": "Sets the maximum size for uploaded files in MB.",
"required": false,
"min": 0,
"max": 3,
"default": "{{ matrix_synapse_max_upload_size_mb }}",
"choices": "",
"new_question": true,
"variable": "awx_synapse_max_upload_size_mb",
"type": "text"
},
{
"question_name": "URL Preview Languages",
"question_description": "Sets the languages that URL previews will be generated in. Entries are a 2-3 letter IETF language tag, they must be seperated with newlines. For example: 'fr' https://en.wikipedia.org/wiki/IETF_language_tag",
"required": false,
"min": 0,
"max": 65536,
"default": {{ awx_url_preview_accept_language_default | to_json }},
"choices": "",
"new_question": true,
"variable": "awx_url_preview_accept_language",
"type": "textarea"
},
{
"question_name": "Federation Whitelist",
"question_description": "Here you can list the URLs of other Matrix homeservers and Synapse will only federate with those homeservers. Entries must be seperated with newlines and must not have a 'https://' prefix. For example: 'matrix.example.org'",
"required": false,
"min": 0,
"max": 65536,
"default": {{ awx_federation_whitelist | to_json }},
"choices": "",
"new_question": true,
"variable": "awx_federation_whitelist",
"type": "textarea"
},
{
"question_name": "Synapse Auto-Join Rooms",
"question_description": "Sets the 'auto-join' rooms, where new users will be automatically invited to, these rooms must already exist. Entries must be room addresses that are separated with newlines. For example: '#announcements:example.org'",
"required": false,
"min": 0,
"max": 65536,
"default": {{ awx_synapse_auto_join_rooms | to_json }},
"choices": "",
"new_question": true,
"variable": "awx_synapse_auto_join_rooms",
"type": "textarea"
},
{
"question_name": "Enable ReCaptcha on Registration",
"question_description": "Enables Googles ReCaptcha verification for registering an account, recommended for public servers.",
"required": false,
"min": null,
"max": null,
"default": "{{ awx_enable_registration_captcha | string | lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "awx_enable_registration_captcha",
"type": "multiplechoice"
},
{
"question_name": "Recaptcha Public Key",
"question_description": "Sets the Google ReCaptcha public key for this website.",
"required": false,
"min": 0,
"max": 40,
"default": "{{ awx_recaptcha_public_key }}",
"choices": "",
"new_question": true,
"variable": "awx_recaptcha_public_key",
"type": "text"
},
{
"question_name": "Recaptcha Private Key",
"question_description": "Sets the Google ReCaptcha private key for this website.",
"required": false,
"min": 0,
"max": 40,
"default": "{{ awx_recaptcha_private_key }}",
"choices": "",
"new_question": true,
"variable": "awx_recaptcha_private_key",
"type": "text"
}
]
}

18
roles/matrix-awx/surveys/configure_synapse_admin.json.j2
View File

@ -1,18 +0,0 @@
{
"name": "Configure Synapse Admin",
"description": "Configure 'Synapse Admin', a moderation tool to help you manage your server.",
"spec": [
{
"question_name": "Enable Synapse Admin",
"question_description": "Set if Synapse Admin is enabled or not. If enabled you can access it at https://{{ matrix_server_fqn_matrix }}/synapse-admin.",
"required": false,
"min": null,
"max": null,
"default": "{{ matrix_synapse_admin_enabled | string | lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "matrix_synapse_admin_enabled",
"type": "multiplechoice"
}
]
}

54
roles/matrix-awx/surveys/configure_website_access_export.json.j2
View File

@ -1,54 +0,0 @@
{
"name": "Configure Website Access Backup",
"description": "Configure base domain website settings and access the services backup.",
"spec": [
{
"question_name": "Customise Base Domain Website",
"question_description": "Set if you want to adjust the base domain website using SFTP.",
"required": true,
"min": null,
"max": null,
"default": "{{ awx_customise_base_domain_website | string | lower }}",
"choices": "true\nfalse",
"new_question": true,
"variable": "awx_customise_base_domain_website",
"type": "multiplechoice"
},
{
"question_name": "SFTP Authorisation Method",
"question_description": "Set whether you want to disable SFTP, use a password to connect to SFTP or connect with a more secure SSH key.",
"required": true,
"min": null,
"max": null,
"default": "{{ awx_sftp_auth_method | string }}",
"choices": "Disabled\nPassword\nSSH Key",
"new_question": true,
"variable": "awx_sftp_auth_method",
"type": "multiplechoice"
},
{
"question_name": "SFTP Password",
"question_description": "Sets the password of the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'Password' method is selected. WARNING: You must set a strong and unique password here.",
"required": false,
"min": 0,
"max": 64,
"default": "{{ awx_sftp_password }}",
"choices": "",
"new_question": true,
"variable": "awx_sftp_password",
"type": "password"
},
{
"question_name": "SFTP Public SSH Key (More Secure)",
"question_description": "Sets the public SSH key used to access the 'sftp' account, which allows you to upload a multi-file static website by SFTP, as well as export the latest copy of your Matrix service. Must be defined if 'SSH Key' method is selected.",
"required": false,
"min": 0,
"max": 16384,
"default": "{{ awx_sftp_public_key }}",
"choices": "",
"new_question": true,
"variable": "awx_sftp_public_key",
"type": "text"
}
]
}

101
roles/matrix-awx/tasks/backup_server.yml
View File

@ -1,101 +0,0 @@
---
- name: Record Backup Server variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# AWX Settings Start'
with_dict:
'awx_backup_enabled': '{{ awx_backup_enabled }}'
tags: use-survey
- name: Save new 'Backup Server' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: 'roles/matrix-awx/surveys/backup_server.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json'
tags: use-survey
- name: Copy new 'Backup Server' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json'
dest: '/matrix/awx/backup_server.json'
mode: '0660'
tags: use-survey
- name: Recreate 'Backup Server' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 0 - Backup Server"
description: "Performs a backup of the entire service to a remote location."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "backup-server,use-survey"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json') }}"
become_enabled: true
state: present
verbosity: 1
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: true
tags: use-survey
- name: Include vars in matrix_vars.yml
include_vars:
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
no_log: true
- name: Copy new 'matrix_vars.yml' to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
dest: '/matrix/awx/matrix_vars.yml'
mode: '0660'
tags: use-survey
- name: Run initial backup of /matrix/ and snapshot the database simultaneously
command: "{{ item }}"
with_items:
- borgmatic -c /root/.config/borgmatic/config_1.yaml
- /bin/sh /usr/local/bin/awx-export-service.sh 1 0
register: _create_instances
async: 3600 # Maximum runtime in seconds.
poll: 0 # Fire and continue (never poll)
when: awx_backup_enabled|bool
- name: Wait for both of these jobs to finish
async_status:
jid: "{{ item.ansible_job_id }}"
register: _jobs
until: _jobs.finished
delay: 5 # Check every 5 seconds.
retries: 720 # Retry for a full hour.
with_items: "{{ _create_instances.results }}"
when: awx_backup_enabled|bool
- name: Perform borg backup of postgres dump
command: borgmatic -c /root/.config/borgmatic/config_2.yaml
when: awx_backup_enabled|bool
- name: Delete the AWX session token for executing modules
awx.awx.tower_token:
description: 'AWX Session Token'
scope: "write"
state: absent
existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
- name: Set boolean value to exit playbook
set_fact:
awx_end_playbook: true
- name: End playbook if this task list is called.
meta: end_play
when: awx_end_playbook is defined and awx_end_playbook|bool

58
roles/matrix-awx/tasks/bridge_discord_appservice.yml
View File

@ -1,58 +0,0 @@
---
- name: Record Bridge Discord AppService variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Bridge Discord AppService Start'
with_dict:
'matrix_appservice_discord_enabled': '{{ matrix_appservice_discord_enabled }}'
'matrix_appservice_discord_client_id': '{{ matrix_appservice_discord_client_id }}'
'matrix_appservice_discord_bot_token': '{{ matrix_appservice_discord_bot_token }}'
- name: If the raw inputs is not empty start constructing parsed awx_appservice_discord_admin_rooms list
set_fact:
awx_appservice_discord_admin_rooms_array: |-
{{ awx_appservice_discord_admin_rooms.splitlines() | to_json }}
when: awx_appservice_discord_admin_rooms | trim | length > 0
- name: Promote user to administer (PL100) of each room
command: |
docker exec -i matrix-appservice-discord /bin/sh -c 'cp /cfg/registration.yaml /tmp/discord-registration.yaml && cd /tmp && node /build/tools/adminme.js -c /cfg/config.yaml -m "{{ item.1 }}" -u "@{{ awx_appservice_discord_admin_user }}:{{ matrix_domain }}" -p 100'
with_indexed_items:
- "{{ awx_appservice_discord_admin_rooms_array }}"
when: ( awx_appservice_discord_admin_rooms | trim | length > 0 ) and ( awx_appservice_discord_admin_user is defined )
- name: Save new 'Bridge Discord Appservice' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: 'roles/matrix-awx/surveys/bridge_discord_appservice.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//bridge_discord_appservice.json'
- name: Copy new 'Bridge Discord Appservice' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/bridge_discord_appservice.json'
dest: '/matrix/awx/bridge_discord_appservice.json'
mode: '0660'
- name: Recreate 'Bridge Discord Appservice' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 3 - Bridge Discord AppService"
description: "Enables a private bridge you can use to connect Matrix rooms to Discord."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "start,setup-all,bridge-discord-appservice"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/bridge_discord_appservice.json') }}"
state: present
verbosity: 1
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: true

13
roles/matrix-awx/tasks/cache_matrix_variables.yml
View File

@ -1,13 +0,0 @@
---
- name: Collect current datetime
set_fact:
awx_datetime: "{{ lookup('pipe', 'date +%Y-%m-%d_%H:%M') }}"
- name: Create cached matrix_vars.yml file location
set_fact:
awx_cached_matrix_vars: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars_{{ awx_datetime }}.yml'
- name: Create cached matrix_vars.yml
delegate_to: 127.0.0.1
shell: "cp /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml {{ awx_cached_matrix_vars }}"

11
roles/matrix-awx/tasks/create_session_token.yml
View File

@ -1,11 +0,0 @@
---
- name: Create a AWX session token for executing modules
awx.awx.tower_token:
description: 'AWX Session Token'
scope: "write"
state: present
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_master_token }}"
register: awx_session_token
no_log: true

41
roles/matrix-awx/tasks/create_user.yml
View File

@ -1,41 +0,0 @@
---
#
# Create user and define if they are admin
#
# /usr/local/bin/matrix-synapse-register-user <your_username> <your_password> <admin access: 0 or 1>
#
- name: Set admin bool to zero
set_fact:
awx_admin_bool: 0
when: awx_admin_access == 'false'
- name: Examine if server admin set
set_fact:
awx_admin_bool: 1
when: awx_admin_access == 'true'
- name: Create user account
command: |
/usr/local/bin/matrix-synapse-register-user {{ awx_new_username | quote }} {{ awx_new_password | quote }} {{ awx_admin_bool }}
register: awx_cmd_output
- name: Delete the AWX session token for executing modules
awx.awx.tower_token:
description: 'AWX Session Token'
scope: "write"
state: absent
existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
- name: Set boolean value to exit playbook
set_fact:
awx_end_playbook: true
- name: Result
debug: msg="{{ awx_cmd_output.stdout }}"
- name: End playbook if this task list is called.
meta: end_play
when: awx_end_playbook is defined and awx_end_playbook|bool

267
roles/matrix-awx/tasks/customise_website_access_export.yml
View File

@ -1,267 +0,0 @@
---
- name: Enable index.html creation if user doesn't wish to customise base domain
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Base Domain Settings Start'
with_dict:
'matrix_nginx_proxy_base_domain_homepage_enabled': 'true'
when: (awx_customise_base_domain_website is defined) and not awx_customise_base_domain_website|bool
- name: Disable index.html creation to allow multi-file site if user does wish to customise base domain
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Base Domain Settings Start'
with_dict:
'matrix_nginx_proxy_base_domain_homepage_enabled': 'false'
when: (awx_customise_base_domain_website is defined) and awx_customise_base_domain_website|bool
- name: Record custom 'Customise Website + Access Export' variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Custom Settings Start'
with_dict:
'awx_sftp_auth_method': '"{{ awx_sftp_auth_method }}"'
'awx_sftp_password': '"{{ awx_sftp_password }}"'
'awx_sftp_public_key': '"{{ awx_sftp_public_key }}"'
- name: Record custom 'Customise Website + Access Export' variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Custom Settings Start'
with_dict:
'awx_customise_base_domain_website': '{{ awx_customise_base_domain_website }}'
when: awx_customise_base_domain_website is defined
- name: Reload vars in matrix_vars.yml
include_vars:
file: '{{ awx_cached_matrix_vars }}'
no_log: true
- name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: './roles/matrix-awx/surveys/configure_website_access_export.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json'
when: awx_customise_base_domain_website is defined
- name: Copy new 'Customise Website + Access Export' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json'
dest: '/matrix/awx/configure_website_access_export.json'
mode: '0660'
when: awx_customise_base_domain_website is defined
- name: Save new 'Customise Website + Access Export' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: './roles/matrix-awx/surveys/access_export.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json'
when: awx_customise_base_domain_website is undefined
- name: Copy new 'Customise Website + Access Export' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json'
dest: '/matrix/awx/access_export.json'
mode: '0660'
when: awx_customise_base_domain_website is undefined
- name: Recreate 'Configure Website + Access Export' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 1 - Configure Website + Access Export"
description: "Configure base domain website settings and access the servers export."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "start,setup-nginx-proxy"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_website_access_export.json') }}"
become_enabled: true
state: present
verbosity: 1
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: true
when: awx_customise_base_domain_website is defined
- name: Recreate 'Access Export' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 1 - Access Export"
description: "Access the services export."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "start,setup-nginx-proxy"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/access_export.json') }}"
become_enabled: true
state: present
verbosity: 1
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: true
when: awx_customise_base_domain_website is undefined
- name: If user doesn't define a awx_sftp_password, create a disabled 'sftp' account
user:
name: sftp
comment: SFTP user to set custom web files and access servers export
shell: /bin/false
home: /home/sftp
group: matrix
password: '*'
update_password: always
when: awx_sftp_password|length == 0
- name: If user defines awx_sftp_password, enable account and set password on 'stfp' account
user:
name: sftp
comment: SFTP user to set custom web files and access servers export
shell: /bin/false
home: /home/sftp
group: matrix
password: "{{ awx_sftp_password | password_hash('sha512') }}"
update_password: always
when: awx_sftp_password|length > 0
- name: Ensure group "sftp" exists
group:
name: sftp
state: present
- name: adding existing user 'sftp' to group matrix
user:
name: sftp
groups: sftp
append: true
when: awx_customise_base_domain_website is defined
- name: Create the ro /chroot directory with sticky bit if it doesn't exist. (/chroot/website has matrix:matrix permissions and is mounted to nginx container)
file:
path: /chroot
state: directory
owner: root
group: root
mode: '1755'
- name: Ensure /chroot/website location exists.
file:
path: /chroot/website
state: directory
owner: matrix
group: matrix
mode: '0770'
when: awx_customise_base_domain_website is defined
- name: Ensure /chroot/export location exists
file:
path: /chroot/export
state: directory
owner: sftp
group: sftp
mode: '0700'
- name: Ensure /home/sftp/.ssh location exists
file:
path: /home/sftp/.ssh
state: directory
owner: sftp
group: sftp
mode: '0700'
- name: Ensure /home/sftp/authorized_keys exists
file:
path: /home/sftp/.ssh/authorized_keys
state: touch
owner: sftp
group: sftp
mode: '0644'
- name: Clear authorized_keys file
shell: echo "" > /home/sftp/.ssh/authorized_keys
- name: Insert public SSH key into authorized_keys file
lineinfile:
path: /home/sftp/.ssh/authorized_keys
line: "{{ awx_sftp_public_key }}"
owner: sftp
group: sftp
mode: '0644'
when: (awx_sftp_public_key | length > 0) and (awx_sftp_auth_method == "SSH Key")
- name: Remove any existing Subsystem lines
lineinfile:
path: /etc/ssh/sshd_config
state: absent
regexp: '^Subsystem'
- name: Set SSH Subsystem State
lineinfile:
path: /etc/ssh/sshd_config
insertafter: "^# override default of no subsystems"
line: "Subsystem sftp internal-sftp"
- name: Add SSH Match User section for disabled auth
blockinfile:
path: /etc/ssh/sshd_config
state: absent
block: |
Match User sftp
ChrootDirectory /chroot
PermitTunnel no
X11Forwarding no
AllowTcpForwarding no
PasswordAuthentication yes
AuthorizedKeysFile /home/sftp/.ssh/authorized_keys
when: awx_sftp_auth_method == "Disabled"
- name: Add SSH Match User section for password auth
blockinfile:
path: /etc/ssh/sshd_config
state: present
block: |
Match User sftp
ChrootDirectory /chroot
PermitTunnel no
X11Forwarding no
AllowTcpForwarding no
PasswordAuthentication yes
when: awx_sftp_auth_method == "Password"
- name: Add SSH Match User section for publickey auth
blockinfile:
path: /etc/ssh/sshd_config
state: present
block: |
Match User sftp
ChrootDirectory /chroot
PermitTunnel no
X11Forwarding no
AllowTcpForwarding no
AuthorizedKeysFile /home/sftp/.ssh/authorized_keys
when: awx_sftp_auth_method == "SSH Key"
- name: Restart service ssh.service
service:
name: ssh.service
state: restarted

10
roles/matrix-awx/tasks/delete_session_token.yml
View File

@ -1,10 +0,0 @@
---
- name: Delete the AWX session token for executing modules
awx.awx.tower_token:
description: 'AWX Session Token'
scope: "write"
state: absent
existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"

43
roles/matrix-awx/tasks/export_server.yml
View File

@ -1,43 +0,0 @@
---
- name: Run export of /matrix/ and snapshot the database simultaneously
command: "{{ item }}"
with_items:
- /bin/sh /usr/local/bin/awx-export-service.sh 1 0
- /bin/sh /usr/local/bin/awx-export-service.sh 0 1
register: awx_create_instances
async: 3600 # Maximum runtime in seconds.
poll: 0 # Fire and continue (never poll)
- name: Wait for both of these jobs to finish
async_status:
jid: "{{ item.ansible_job_id }}"
register: awx_jobs
until: awx_jobs.finished
delay: 5 # Check every 5 seconds.
retries: 720 # Retry for a full hour.
with_items: "{{ awx_create_instances.results }}"
- name: Schedule deletion of the export in 24 hours
at:
command: rm /chroot/export/matrix*
count: 1
units: days
unique: true
- name: Delete the AWX session token for executing modules
awx.awx.tower_token:
description: 'AWX Session Token'
scope: "write"
state: absent
existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
- name: Set boolean value to exit playbook
set_fact:
awx_end_playbook: true
- name: End playbook if this task list is called.
meta: end_play
when: awx_end_playbook is defined and awx_end_playbook|bool

7
roles/matrix-awx/tasks/import_awx.yml
View File

@ -1,7 +0,0 @@
---
- name: Ensure correct ownership of /matrix/awx
shell: chown -R matrix:matrix /matrix/awx
- name: Ensure correct ownership of /matrix/synapse
shell: chown -R matrix:matrix /matrix/synapse

16
roles/matrix-awx/tasks/load_hosting_and_org_variables.yml
View File

@ -1,16 +0,0 @@
---
- name: Include vars in organisation.yml
include_vars:
file: '/var/lib/awx/projects/clients/{{ member_id }}/organisation.yml'
no_log: true
- name: Include vars in hosting_vars.yml
include_vars:
file: '/var/lib/awx/projects/hosting/hosting_vars.yml'
no_log: true
- name: Include AWX master token from awx_tokens.yml
include_vars:
file: /var/lib/awx/projects/hosting/awx_tokens.yml
no_log: true

16
roles/matrix-awx/tasks/load_matrix_variables.yml
View File

@ -1,16 +0,0 @@
---
- name: Include new vars in matrix_vars.yml
include_vars:
file: '{{ awx_cached_matrix_vars }}'
no_log: true
- name: If include_vars succeeds overwrite the old matrix_vars.yml
delegate_to: 127.0.0.1
shell: "cp {{ awx_cached_matrix_vars }} /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml && rm {{ awx_cached_matrix_vars }}"
- name: Copy new 'matrix_vars.yml' to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
dest: '/matrix/awx/matrix_vars.yml'
mode: '0660'

234
roles/matrix-awx/tasks/main.yml
View File

@ -1,234 +0,0 @@
---
# Load initial hosting and organisation variables from AWX volume
- include_tasks:
file: "load_hosting_and_org_variables.yml"
apply:
tags: always
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- always
# Renames or updates the vars.yml if needed
- include_tasks:
file: "update_variables.yml"
apply:
tags: always
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- always
# Create AWX session token
- include_tasks:
file: "create_session_token.yml"
apply:
tags: always
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- always
# Perform a backup of the server
- include_tasks:
file: "backup_server.yml"
apply:
tags: backup-server
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- backup-server
# Perform a export of the server
- include_tasks:
file: "export_server.yml"
apply:
tags: export-server
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- export-server
# Create a user account if called
- include_tasks:
file: "create_user.yml"
apply:
tags: create-user
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- create-user
# Purge local/remote media if called
- include_tasks:
file: "purge_media_main.yml"
apply:
tags: purge-media
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- purge-media
# Purge Synapse database if called
- include_tasks:
file: "purge_database_main.yml"
apply:
tags: purge-database
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- purge-database
# Rotate SSH key if called
- include_tasks:
file: "rotate_ssh.yml"
apply:
tags: rotate-ssh
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- rotate-ssh
# Import configs, media repo from /chroot/backup import
- include_tasks:
file: "import_awx.yml"
apply:
tags: import-awx
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- import-awx
# Perform extra self-check functions
- include_tasks:
file: "self_check.yml"
apply:
tags: self-check
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- self-check
# Create cached matrix_vars.yml file
- include_tasks:
file: "cache_matrix_variables.yml"
apply:
tags: always
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- always
# Configure SFTP so user can upload a static website or access the servers export
- include_tasks:
file: "customise_website_access_export.yml"
apply:
tags: setup-nginx-proxy
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- setup-nginx-proxy
# Additional playbook to set the variable file during Element configuration
- include_tasks:
file: "set_variables_element.yml"
apply:
tags: setup-client-element
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- setup-client-element
# Additional playbook to set the variable file during Mailer configuration
- include_tasks:
file: "set_variables_mailer.yml"
apply:
tags: setup-mailer
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- setup-mailer
# Additional playbook to set the variable file during Element configuration
- include_tasks:
file: "set_variables_element_subdomain.yml"
apply:
tags: setup-client-element-subdomain
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- setup-client-element-subdomain
# Additional playbook to set the variable file during Synapse configuration
- include_tasks:
file: "set_variables_synapse.yml"
apply:
tags: setup-synapse
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- setup-synapse
# Additional playbook to set the variable file during Jitsi configuration
- include_tasks:
file: "set_variables_jitsi.yml"
apply:
tags: setup-jitsi
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- setup-jitsi
# Additional playbook to set the variable file during Ma1sd configuration
- include_tasks:
file: "set_variables_ma1sd.yml"
apply:
tags: setup-ma1sd
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- setup-ma1sd
# Additional playbook to set the variable file during Mjolnir Bot configuration
- include_tasks:
file: "set_variables_mjolnir.yml"
apply:
tags: setup-bot-mjolnir
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- setup-bot-mjolnir
# Additional playbook to set the variable file during Corporal configuration
- include_tasks:
file: "set_variables_corporal.yml"
apply:
tags: setup-corporal
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- setup-corporal
# Additional playbook to set the variable file during Dimension configuration
- include_tasks:
file: "set_variables_dimension.yml"
apply:
tags: setup-dimension
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- setup-dimension
# Additional playbook to set the variable file during Synapse Admin configuration
- include_tasks:
file: "set_variables_synapse_admin.yml"
apply:
tags: setup-synapse-admin
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- setup-synapse-admin
# Additional playbook to set the variable file during Discord Appservice Bridge configuration
- include_tasks:
file: "bridge_discord_appservice.yml"
apply:
tags: bridge-discord-appservice
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- bridge-discord-appservice
# Delete AWX session token
- include_tasks:
file: "delete_session_token.yml"
apply:
tags: always
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- always
# Load newly formed matrix variables from AWX volume
- include_tasks:
file: "load_matrix_variables.yml"
apply:
tags: always
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- always

14
roles/matrix-awx/tasks/purge_database_events.yml
View File

@ -1,14 +0,0 @@
---
- name: Purge all rooms with more then N events
shell: |
curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ awx_purge_epoche_time.stdout }}000 }' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_history/{{ item[1:-1] }}"
register: awx_purge_command
- name: Print output of purge command
debug:
msg: "{{ awx_purge_command.stdout }}"
- name: Pause for 5 seconds to let Synapse breathe
pause:
seconds: 5

320
roles/matrix-awx/tasks/purge_database_main.yml
View File

@ -1,320 +0,0 @@
---
- name: Ensure dateutils and curl is installed in AWX
delegate_to: 127.0.0.1
yum:
name: dateutils
state: latest
- name: Include vars in matrix_vars.yml
include_vars:
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
no_log: true
- name: Ensure curl and jq intalled on target machine
apt:
pkg:
- curl
- jq
state: present
- name: Collect before shrink size of Synapse database
shell: du -sh /matrix/postgres/data
register: awx_db_size_before_stat
when: (awx_purge_mode.find("Perform final shrink") != -1)
no_log: true
- name: Collect the internal IP of the matrix-synapse container
shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse"
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
register: awx_synapse_container_ip
- name: Collect access token for @admin-janitor user
shell: |
curl -X POST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
register: awx_janitors_token
no_log: true
- name: Copy build_room_list.py script to target machine
copy:
src: ./roles/matrix-awx/scripts/matrix_build_room_list.py
dest: /usr/local/bin/matrix_build_room_list.py
owner: matrix
group: matrix
mode: '0755'
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
- name: Run build_room_list.py script
shell: |
runuser -u matrix -- python3 /usr/local/bin/matrix_build_room_list.py {{ awx_janitors_token.stdout[1:-1] }} {{ awx_synapse_container_ip.stdout }} {{ matrix_synapse_container_client_api_port.stdout }}
register: awx_rooms_total
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
- name: Fetch complete room list from target machine
fetch:
src: /tmp/room_list_complete.json
dest: "/tmp/{{ subscription_id }}_room_list_complete.json"
flat: true
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
- name: Remove complete room list from target machine
file:
path: /tmp/room_list_complete.json
state: absent
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
- name: Generate list of rooms with no local users
delegate_to: 127.0.0.1
shell: |
jq 'try .rooms[] | select(.joined_local_members == 0) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_no_local_users.txt
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
- name: Count number of rooms with no local users
delegate_to: 127.0.0.1
shell: |
wc -l /tmp/{{ subscription_id }}_room_list_no_local_users.txt | awk '{ print $1 }'
register: awx_rooms_no_local_total
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
- name: Setting host fact awx_room_list_no_local_users
set_fact:
awx_room_list_no_local_users: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_no_local_users.txt') }}"
no_log: true
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
- name: Purge all rooms with no local users
include_tasks: purge_database_no_local.yml
loop: "{{ awx_room_list_no_local_users.splitlines() | flatten(levels=1) }}"
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
- name: Collect epoche time from date
delegate_to: 127.0.0.1
shell: |
date -d '{{ awx_purge_date }}' +"%s"
when: (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
register: awx_purge_epoche_time
- name: Generate list of rooms with more then N users
delegate_to: 127.0.0.1
shell: |
jq 'try .rooms[] | select(.joined_members > {{ awx_purge_metric_value }}) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_joined_members.txt
when: awx_purge_mode.find("Number of users [slower]") != -1
- name: Count number of rooms with more then N users
delegate_to: 127.0.0.1
shell: |
wc -l /tmp/{{ subscription_id }}_room_list_joined_members.txt | awk '{ print $1 }'
register: awx_rooms_join_members_total
when: awx_purge_mode.find("Number of users [slower]") != -1
- name: Setting host fact awx_room_list_joined_members
delegate_to: 127.0.0.1
set_fact:
awx_room_list_joined_members: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_joined_members.txt') }}"
when: awx_purge_mode.find("Number of users [slower]") != -1
no_log: true
- name: Purge all rooms with more then N users
include_tasks: purge_database_users.yml
loop: "{{ awx_room_list_joined_members.splitlines() | flatten(levels=1) }}"
when: awx_purge_mode.find("Number of users [slower]") != -1
- name: Generate list of rooms with more then N events
delegate_to: 127.0.0.1
shell: |
jq 'try .rooms[] | select(.state_events > {{ awx_purge_metric_value }}) | .room_id' < /tmp/{{ subscription_id }}_room_list_complete.json > /tmp/{{ subscription_id }}_room_list_state_events.txt
when: awx_purge_mode.find("Number of events [slower]") != -1
- name: Count number of rooms with more then N events
delegate_to: 127.0.0.1
shell: |
wc -l /tmp/{{ subscription_id }}_room_list_state_events.txt | awk '{ print $1 }'
register: awx_rooms_state_events_total
when: awx_purge_mode.find("Number of events [slower]") != -1
- name: Setting host fact awx_room_list_state_events
delegate_to: 127.0.0.1
set_fact:
awx_room_list_state_events: "{{ lookup('file', '/tmp/{{ subscription_id }}_room_list_state_events.txt') }}"
when: awx_purge_mode.find("Number of events [slower]") != -1
no_log: true
- name: Purge all rooms with more then N events
include_tasks: purge_database_events.yml
loop: "{{ awx_room_list_state_events.splitlines() | flatten(levels=1) }}"
when: awx_purge_mode.find("Number of events [slower]") != -1
- name: Adjust 'Deploy/Update a Server' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
description: "Creates a new matrix service with Spantaleev's playbooks"
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "rust-synapse-compress-state"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
state: present
verbosity: 1
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: true
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1)
- name: Execute rust-synapse-compress-state job template
delegate_to: 127.0.0.1
awx.awx.tower_job_launch:
job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
wait: true
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: true
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1)
- name: Revert 'Deploy/Update a Server' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
description: "Creates a new matrix service with Spantaleev's playbooks"
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "setup-all,start"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
state: present
verbosity: 1
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: true
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1) or (awx_purge_mode.find("Skip purging rooms [faster]") != -1)
- name: Ensure matrix-synapse is stopped
service:
name: matrix-synapse
state: stopped
daemon_reload: true
when: (awx_purge_mode.find("Perform final shrink") != -1)
- name: Re-index Synapse database
shell: docker exec -i matrix-postgres psql "host=127.0.0.1 port=5432 dbname=synapse user=synapse password={{ matrix_synapse_connection_password }}" -c 'REINDEX (VERBOSE) DATABASE synapse'
when: (awx_purge_mode.find("Perform final shrink") != -1)
- name: Ensure matrix-synapse is started
service:
name: matrix-synapse
state: started
daemon_reload: true
when: (awx_purge_mode.find("Perform final shrink") != -1)
- name: Adjust 'Deploy/Update a Server' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
description: "Creates a new matrix service with Spantaleev's playbooks"
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "run-postgres-vacuum,start"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
state: present
verbosity: 1
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: true
when: (awx_purge_mode.find("Perform final shrink") != -1)
- name: Execute run-postgres-vacuum job template
delegate_to: 127.0.0.1
awx.awx.tower_job_launch:
job_template: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
wait: true
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: true
when: (awx_purge_mode.find("Perform final shrink") != -1)
- name: Revert 'Deploy/Update a Server' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 0 - Deploy/Update a Server"
description: "Creates a new matrix service with Spantaleev's playbooks"
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "setup-all,start"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
state: present
verbosity: 1
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: true
when: (awx_purge_mode.find("Perform final shrink") != -1)
- name: Cleanup room_list files
delegate_to: 127.0.0.1
shell: |
rm /tmp/{{ subscription_id }}_room_list*
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
ignore_errors: true
- name: Collect after shrink size of Synapse database
shell: du -sh /matrix/postgres/data
register: awx_db_size_after_stat
when: (awx_purge_mode.find("Perform final shrink") != -1)
no_log: true
- name: Print total number of rooms processed
debug:
msg: '{{ awx_rooms_total.stdout }}'
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
- name: Print the number of rooms purged with no local users
debug:
msg: '{{ awx_rooms_no_local_total.stdout }}'
when: (awx_purge_mode.find("No local users [recommended]") != -1) or (awx_purge_mode.find("Number of users [slower]") != -1) or (awx_purge_mode.find("Number of events [slower]") != -1)
- name: Print the number of rooms purged with more then N users
debug:
msg: '{{ awx_rooms_join_members_total.stdout }}'
when: awx_purge_mode.find("Number of users") != -1
- name: Print the number of rooms purged with more then N events
debug:
msg: '{{ awx_rooms_state_events_total.stdout }}'
when: awx_purge_mode.find("Number of events") != -1
- name: Print before purge size of Synapse database
debug:
msg: "{{ awx_db_size_before_stat.stdout.split('\n') }}"
when: ( awx_db_size_before_stat is defined ) and ( awx_purge_mode.find("Perform final shrink" ) != -1 )
- name: Print after purge size of Synapse database
debug:
msg: "{{ awx_db_size_after_stat.stdout.split('\n') }}"
when: (awx_db_size_after_stat is defined) and (awx_purge_mode.find("Perform final shrink") != -1)
- name: Delete the AWX session token for executing modules
awx.awx.tower_token:
description: 'AWX Session Token'
scope: "write"
state: absent
existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
- name: Set boolean value to exit playbook
set_fact:
awx_end_playbook: true
- name: End playbook early if this task is called.
meta: end_play
when: awx_end_playbook is defined and awx_end_playbook|bool

14
roles/matrix-awx/tasks/purge_database_no_local.yml
View File

@ -1,14 +0,0 @@
---
- name: Purge all rooms with no local users
shell: |
curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "room_id": {{ item }} }' '{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_room'
register: awx_purge_command
- name: Print output of purge command
debug:
msg: "{{ awx_purge_command.stdout }}"
- name: Pause for 5 seconds to let Synapse breathe
pause:
seconds: 5

14
roles/matrix-awx/tasks/purge_database_users.yml
View File

@ -1,14 +0,0 @@
---
- name: Purge all rooms with more then N users
shell: |
curl --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" -X POST -H "Content-Type: application/json" -d '{ "delete_local_events": false, "purge_up_to_ts": {{ awx_purge_epoche_time.stdout }}000 }' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_history/{{ item[1:-1] }}"
register: awx_purge_command
- name: Print output of purge command
debug:
msg: "{{ awx_purge_command.stdout }}"
- name: Pause for 5 seconds to let Synapse breathe
pause:
seconds: 5

19
roles/matrix-awx/tasks/purge_media_local.yml
View File

@ -1,19 +0,0 @@
---
- name: Collect epoche time from date
shell: |
date -d '{{ item }}' +"%s"
register: awx_epoche_time
- name: Purge local media to specific date
shell: |
curl -X POST --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" '{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/media/matrix.{{ matrix_domain }}/delete?before_ts={{ awx_epoche_time.stdout }}000'
register: awx_purge_command
- name: Print output of purge command
debug:
msg: "{{ awx_purge_command.stdout }}"
- name: Pause for 5 seconds to let Synapse breathe
pause:
seconds: 5

111
roles/matrix-awx/tasks/purge_media_main.yml
View File

@ -1,111 +0,0 @@
---
- name: Ensure dateutils is installed in AWX
delegate_to: 127.0.0.1
yum:
name: dateutils
state: latest
- name: Include vars in matrix_vars.yml
include_vars:
file: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
no_log: true
- name: Ensure curl and jq intalled on target machine
apt:
pkg:
- curl
- jq
state: present
- name: Collect the internal IP of the matrix-synapse container
shell: "/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse"
register: awx_synapse_container_ip
- name: Collect access token for @admin-janitor user
shell: |
curl -XPOST -d '{"type":"m.login.password", "user":"admin-janitor", "password":"{{ awx_janitor_user_password }}"}' "{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_matrix/client/r0/login" | jq '.access_token'
register: awx_janitors_token
no_log: true
- name: Generate list of dates to purge to
delegate_to: 127.0.0.1
shell: "dateseq {{ awx_purge_from_date }} {{ awx_purge_to_date }}"
register: awx_purge_dates
- name: Calculate initial size of local media repository
shell: du -sh /matrix/synapse/storage/media-store/local*
register: awx_local_media_size_before
when: awx_purge_media_type == "Local Media"
async: 600
ignore_errors: true
no_log: true
- name: Calculate initial size of remote media repository
shell: du -sh /matrix/synapse/storage/media-store/remote*
register: awx_remote_media_size_before
when: awx_purge_media_type == "Remote Media"
async: 600
ignore_errors: true
no_log: true
- name: Purge local media with loop
include_tasks: purge_media_local.yml
loop: "{{ awx_purge_dates.stdout_lines | flatten(levels=1) }}"
when: awx_purge_media_type == "Local Media"
- name: Purge remote media with loop
include_tasks: purge_media_remote.yml
loop: "{{ awx_purge_dates.stdout_lines | flatten(levels=1) }}"
when: awx_purge_media_type == "Remote Media"
- name: Calculate final size of local media repository
shell: du -sh /matrix/synapse/storage/media-store/local*
register: awx_local_media_size_after
when: awx_purge_media_type == "Local Media"
ignore_errors: true
no_log: true
- name: Calculate final size of remote media repository
shell: du -sh /matrix/synapse/storage/media-store/remote*
register: awx_remote_media_size_after
when: awx_purge_media_type == "Remote Media"
ignore_errors: true
no_log: true
- name: Print size of local media repository before purge
debug:
msg: "{{ awx_local_media_size_before.stdout.split('\n') }}"
when: awx_purge_media_type == "Local Media"
- name: Print size of local media repository after purge
debug:
msg: "{{ awx_local_media_size_after.stdout.split('\n') }}"
when: awx_purge_media_type == "Local Media"
- name: Print size of remote media repository before purge
debug:
msg: "{{ awx_remote_media_size_before.stdout.split('\n') }}"
when: awx_purge_media_type == "Remote Media"
- name: Print size of remote media repository after purge
debug:
msg: "{{ awx_remote_media_size_after.stdout.split('\n') }}"
when: awx_purge_media_type == "Remote Media"
- name: Delete the AWX session token for executing modules
awx.awx.tower_token:
description: 'AWX Session Token'
scope: "write"
state: absent
existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
- name: Set boolean value to exit playbook
set_fact:
awx_end_playbook: true
- name: End playbook early if this task is called.
meta: end_play
when: awx_end_playbook is defined and awx_end_playbook|bool

19
roles/matrix-awx/tasks/purge_media_remote.yml
View File

@ -1,19 +0,0 @@
---
- name: Collect epoche time from date
shell: |
date -d '{{ item }}' +"%s"
register: awx_epoche_time
- name: Purge remote media to specific date
shell: |
curl -X POST --header "Authorization: Bearer {{ awx_janitors_token.stdout[1:-1] }}" '{{ awx_synapse_container_ip.stdout }}:{{ matrix_synapse_container_client_api_port }}/_synapse/admin/v1/purge_media_cache?before_ts={{ awx_epoche_time.stdout }}000'
register: awx_purge_command
- name: Print output of purge command
debug:
msg: "{{ awx_purge_command.stdout }}"
- name: Pause for 5 seconds to let Synapse breathe
pause:
seconds: 5

25
roles/matrix-awx/tasks/rotate_ssh.yml
View File

@ -1,25 +0,0 @@
---
- name: Set the new authorized key taken from file
authorized_key:
user: root
state: present
exclusive: true
key: "{{ lookup('file', '/var/lib/awx/projects/hosting/client_public.key') }}"
- name: Delete the AWX session token for executing modules
awx.awx.tower_token:
description: 'AWX Session Token'
scope: "write"
state: absent
existing_token_id: "{{ awx_session_token.ansible_facts.tower_token.id }}"
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
- name: Set boolean value to exit playbook
set_fact:
end_playbook: true
- name: End playbook if this task list is called.
meta: end_play
when: end_playbook is defined and end_playbook|bool

108
roles/matrix-awx/tasks/self_check.yml
View File

@ -1,108 +0,0 @@
---
- name: Install prerequisite apt packages on target
apt:
name:
- sysstat
- curl
state: present
- name: Install prerequisite yum packages on AWX
delegate_to: 127.0.0.1
yum:
name:
- bind-utils
state: present
- name: Install prerequisite pip packages on AWX
delegate_to: 127.0.0.1
pip:
name:
- dnspython
state: present
- name: Calculate MAU value
shell: |
curl -s localhost:9000 | grep "^synapse_admin_mau_current "
register: awx_mau_stat
no_log: true
- name: Calculate CPU usage statistics
shell: iostat -c
register: awx_cpu_usage_stat
no_log: true
- name: Calculate RAM usage statistics
shell: free -mh
register: awx_ram_usage_stat
no_log: true
- name: Calculate free disk space
shell: df -h
register: awx_disk_space_stat
no_log: true
- name: Calculate size of Synapse database
shell: du -sh /matrix/postgres/data
register: awx_db_size_stat
no_log: true
- name: Calculate size of local media repository
shell: du -sh /matrix/synapse/storage/media-store/local*
register: awx_local_media_size_stat
async: 600
ignore_errors: true
no_log: true
- name: Calculate size of remote media repository
shell: du -sh /matrix/synapse/storage/media-store/remote*
register: awx_remote_media_size_stat
async: 600
ignore_errors: true
no_log: true
- name: Calculate docker container statistics
shell: docker stats --all --no-stream
register: awx_docker_stats
ignore_errors: true
no_log: true
- name: Print size of remote media repository
debug:
msg: "{{ awx_remote_media_size_stat.stdout.split('\n') }}"
when: awx_remote_media_size_stat is defined
- name: Print size of local media repository
debug:
msg: "{{ awx_local_media_size_stat.stdout.split('\n') }}"
when: awx_local_media_size_stat is defined
- name: Print size of Synapse database
debug:
msg: "{{ awx_db_size_stat.stdout.split('\n') }}"
when: awx_db_size_stat is defined
- name: Print free disk space
debug:
msg: "{{ awx_disk_space_stat.stdout.split('\n') }}"
when: awx_disk_space_stat is defined
- name: Print RAM usage statistics
debug:
msg: "{{ awx_ram_usage_stat.stdout.split('\n') }}"
when: awx_ram_usage_stat is defined
- name: Print CPU usage statistics
debug:
msg: "{{ awx_cpu_usage_stat.stdout.split('\n') }}"
when: awx_cpu_usage_stat is defined
- name: Print MAU value
debug:
msg: "{{ awx_mau_stat.stdout.split('\n') }}"
when: awx_mau_stat is defined
- name: Print docker container statistics
debug:
msg: "{{ awx_docker_stats.stdout.split('\n') }}"
when: awx_docker_stats is defined

243
roles/matrix-awx/tasks/set_variables_corporal.yml
View File

@ -1,243 +0,0 @@
---
- name: Record Corporal Enabled/Disabled variable
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Corporal Settings Start'
with_dict:
'matrix_corporal_enabled': '{{ matrix_corporal_enabled }}'
- name: Enable Shared Secret Auth if Corporal enabled
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Shared Secret Auth Settings Start'
with_dict:
'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'true'
when: matrix_corporal_enabled|bool
- name: Disable Shared Secret Auth if Corporal disabled
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Shared Secret Auth Settings Start'
with_dict:
'matrix_synapse_ext_password_provider_shared_secret_auth_enabled': 'false'
when: not matrix_corporal_enabled|bool
- name: Enable Rest Auth Endpoint if Corporal enabled
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Synapse Extension Start'
with_dict:
'matrix_synapse_ext_password_provider_rest_auth_enabled': 'true'
when: matrix_corporal_enabled|bool
- name: Disable Rest Auth Endpoint if Corporal disabled
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Synapse Extension Start'
with_dict:
'matrix_synapse_ext_password_provider_rest_auth_enabled': 'false'
when: not matrix_corporal_enabled|bool
- name: Disable Corporal API if Simple Static File mode selected
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Corporal Settings Start'
with_dict:
'matrix_corporal_http_api_enabled': 'false'
when: (awx_corporal_policy_provider_mode == "Simple Static File") or (not matrix_corporal_enabled|bool)
- name: Enable Corporal API if Push/Pull mode delected
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Corporal Settings Start'
with_dict:
'matrix_corporal_http_api_enabled': 'true'
when: (awx_corporal_policy_provider_mode != "Simple Static File") and (matrix_corporal_enabled|bool)
- name: Record Corporal API Access Token if it's defined
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Corporal Settings Start'
with_dict:
'matrix_corporal_http_api_auth_token': '{{ matrix_corporal_http_api_auth_token }}'
when: ( matrix_corporal_http_api_auth_token|length > 0 ) and ( awx_corporal_policy_provider_mode != "Simple Static File" )
- name: Record 'Simple Static File' configuration variables in matrix_vars.yml
delegate_to: 127.0.0.1
blockinfile:
path: '{{ awx_cached_matrix_vars }}'
insertbefore: "# Corporal Policy Provider Settings End"
marker_begin: "Corporal"
marker_end: "Corporal"
block: |
matrix_corporal_policy_provider_config: |
{
"Type": "static_file",
"Path": "/etc/matrix-corporal/corporal-policy.json"
}
when: awx_corporal_policy_provider_mode == "Simple Static File"
- name: Touch the /matrix/corporal/ directory
file:
path: "/matrix/corporal/"
state: directory
owner: matrix
group: matrix
mode: '750'
- name: Touch the /matrix/corporal/config/ directory
file:
path: "/matrix/corporal/config/"
state: directory
owner: matrix
group: matrix
mode: '750'
- name: Touch the /matrix/corporal/cache/ directory
file:
path: "/matrix/corporal/cache/"
state: directory
owner: matrix
group: matrix
mode: '750'
- name: Touch the corporal-policy.json file to ensure it exists
file:
path: "/matrix/corporal/config/corporal-policy.json"
state: touch
owner: matrix
group: matrix
mode: '660'
- name: Touch the last-policy.json file to ensure it exists
file:
path: "/matrix/corporal/config/last-policy.json"
state: touch
owner: matrix
group: matrix
mode: '660'
- name: Record 'Simple Static File' configuration content in corporal-policy.json
copy:
content: "{{ awx_corporal_simple_static_config | string }}"
dest: "/matrix/corporal/config/corporal-policy.json"
owner: matrix
group: matrix
mode: '660'
when: (awx_corporal_policy_provider_mode == "Simple Static File") and (awx_corporal_simple_static_config|length > 0)
- name: Record 'HTTP Pull Mode' configuration variables in matrix_vars.yml
delegate_to: 127.0.0.1
blockinfile:
path: '{{ awx_cached_matrix_vars }}'
insertafter: "# Corporal Policy Provider Settings Start"
block: |
matrix_corporal_policy_provider_config: |
{
"Type": "http",
"Uri": "{{ awx_corporal_pull_mode_uri }}",
"AuthorizationBearerToken": "{{ awx_corporal_pull_mode_token }}",
"CachePath": "/var/cache/matrix-corporal/last-policy.json",
"ReloadIntervalSeconds": 1800,
"TimeoutMilliseconds": 30000
}
when: (awx_corporal_policy_provider_mode == "HTTP Pull Mode (API Enabled)") and (matrix_corporal_pull_mode_uri|length > 0) and (awx_corporal_pull_mode_token|length > 0)
- name: Record 'HTTP Push Mode' configuration variables in matrix_vars.yml
delegate_to: 127.0.0.1
blockinfile:
path: '{{ awx_cached_matrix_vars }}'
insertafter: "# Corporal Policy Provider Settings Start"
block: |
matrix_corporal_policy_provider_config: |
{
"Type": "last_seen_store_policy",
"CachePath": "/var/cache/matrix-corporal/last-policy.json"
}
when: (awx_corporal_policy_provider_mode == "HTTP Push Mode (API Enabled)")
- name: Lower RateLimit if set to 'Normal'
delegate_to: 127.0.0.1
replace:
path: '{{ awx_cached_matrix_vars }}'
regexp: ' address:\n per_second: 50\n burst_count: 300\n account:\n per_second: 0.17\n burst_count: 300'
replace: ' address:\n per_second: 0.17\n burst_count: 3\n account:\n per_second: 0.17\n burst_count: 3'
when: awx_corporal_raise_ratelimits == "Normal"
- name: Raise RateLimit if set to 'Raised'
delegate_to: 127.0.0.1
replace:
path: '{{ awx_cached_matrix_vars }}'
regexp: ' address:\n per_second: 0.17\n burst_count: 3\n account:\n per_second: 0.17\n burst_count: 3'
replace: ' address:\n per_second: 50\n burst_count: 300\n account:\n per_second: 0.17\n burst_count: 300'
when: awx_corporal_raise_ratelimits == "Raised"
- name: Save new 'Configure Corporal' survey.json to the AWX tower
delegate_to: 127.0.0.1
template:
src: 'roles/matrix-awx/surveys/configure_corporal.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json'
- name: Copy new 'Configure Corporal' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json'
dest: '/matrix/awx/configure_corporal.json'
mode: '0660'
- debug:
msg: "matrix_corporal_matrix_homeserver_api_endpoint: {{ matrix_corporal_matrix_homeserver_api_endpoint }}"
- debug:
msg: "matrix_corporal_matrix_auth_shared_secret: {{ matrix_corporal_matrix_auth_shared_secret }}"
- debug:
msg: "matrix_corporal_http_gateway_internal_rest_auth_enabled: {{ matrix_corporal_http_gateway_internal_rest_auth_enabled }}"
- debug:
msg: "matrix_corporal_matrix_registration_shared_secret: {{ matrix_corporal_matrix_registration_shared_secret }}"
- name: Recreate 'Configure Corporal (Advanced)' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 1 - Configure Corporal (Advanced)"
description: "Configure Matrix Corporal, a tool that manages your Matrix server according to a configuration policy."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "start,setup-corporal"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_corporal.json') }}"
become_enabled: true
state: present
verbosity: 1
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: true

105
roles/matrix-awx/tasks/set_variables_dimension.yml
View File

@ -1,105 +0,0 @@
---
- name: Include vars in matrix_vars.yml
include_vars:
file: '{{ awx_cached_matrix_vars }}'
no_log: true
- name: Install jq and curl on remote machine
apt:
name:
- jq
- curl
state: present
- name: Collect access token of @admin-dimension user
shell: |
curl -X POST --header 'Content-Type: application/json' -d '{"identifier": {"type": "m.id.user","user": "admin-dimension"}, "password": "{{ awx_dimension_user_password }}", "type": "m.login.password"}' 'https://matrix.{{ matrix_domain }}/_matrix/client/r0/login' | jq '.access_token'
register: awx_dimension_user_access_token
- name: Record Synapse variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Dimension Settings Start'
with_dict:
'matrix_dimension_enabled': '{{ matrix_dimension_enabled }}'
'matrix_dimension_access_token': '"{{ awx_dimension_user_access_token.stdout[1:-1] }}"'
- name: Set final users list if users are defined
set_fact:
awx_dimension_users_final: "{{ awx_dimension_users }}"
when: awx_dimension_users | length > 0
- name: Set final users list if no users are defined
set_fact:
awx_dimension_users_final: '@dimension:{{ matrix_domain }}'
when: awx_dimension_users | length == 0
- name: Remove Dimension Users
delegate_to: 127.0.0.1
replace:
path: '{{ awx_cached_matrix_vars }}'
regexp: '^ - .*\n'
after: 'matrix_dimension_admins:'
before: '# Dimension Settings End'
- name: Set Dimension Users Header
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
insertbefore: '# Dimension Settings End'
line: "matrix_dimension_admins:"
- name: Set Dimension Users
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
insertafter: '^matrix_dimension_admins:'
line: ' - "{{ item }}"'
with_items: "{{ awx_dimension_users_final.splitlines() }}"
- name: Record Dimension Custom variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertbefore: '# Dimension Settings End'
with_dict:
'awx_dimension_users': '{{ awx_dimension_users.splitlines() | to_json }}'
- name: Save new 'Configure Dimension' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: 'roles/matrix-awx/surveys/configure_dimension.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//configure_dimension.json'
- name: Copy new 'Configure Dimension' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json'
dest: '/matrix/awx/configure_dimension.json'
mode: '0660'
- name: Recreate 'Configure Dimension' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 1 - Configure Dimension"
description: "Configure Dimension, the self-hosted integrations server."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "start,setup-all,setup-dimension"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_dimension.json') }}"
become_enabled: true
state: present
verbosity: 1
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: true

180
roles/matrix-awx/tasks/set_variables_element.yml
View File

@ -1,180 +0,0 @@
---
- name: Record Element-Web variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Element Settings Start'
with_dict:
'matrix_client_element_enabled': '{{ matrix_client_element_enabled }}'
'matrix_client_element_jitsi_preferredDomain': 'jitsi.{{ matrix_domain }}'
'matrix_client_element_default_theme': '{{ matrix_client_element_default_theme }}'
'matrix_client_element_registration_enabled': '{{ matrix_client_element_registration_enabled }}'
'matrix_client_element_brand': '{{ matrix_client_element_brand | trim }}'
'matrix_client_element_branding_welcomeBackgroundUrl': '{{ matrix_client_element_branding_welcomeBackgroundUrl | trim }}'
'matrix_client_element_welcome_logo': '{{ matrix_client_element_welcome_logo | trim }}'
'matrix_client_element_welcome_logo_link': '{{ matrix_client_element_welcome_logo_link | trim }}'
- name: Record Element-Web custom variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: '{{ item.value }}'"
insertbefore: '# Element Settings End'
with_dict:
'awx_matrix_client_element_welcome_headline': '{{ awx_matrix_client_element_welcome_headline | trim }}'
'awx_matrix_client_element_welcome_text': '{{ awx_matrix_client_element_welcome_text | trim }}'
- name: Set Element-Web custom branding locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: '{{ item.value }}'"
insertafter: '# Element Settings Start'
with_dict:
'matrix_client_element_brand': "{{ matrix_client_element_brand }}"
when: matrix_client_element_brand | trim | length > 0
- name: Remove Element-Web custom branding locally on AWX if not defined
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^matrix_client_element_brand: "
state: absent
when: matrix_client_element_brand | trim | length == 0
- name: Set fact for 'https' string
set_fact:
awx_https_string: "https"
- name: Set Element-Web custom logo locally on AWX if defined
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: '{{ item.value }}'"
insertafter: '# Element Settings Start'
with_dict:
'matrix_client_element_welcome_logo': '{{ matrix_client_element_welcome_logo }}'
when: ( awx_https_string in matrix_client_element_welcome_logo ) and ( matrix_client_element_welcome_logo | trim | length > 0 )
- name: Remove Element-Web custom logo locally on AWX if not defined
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^matrix_client_element_welcome_logo: "
state: absent
when: matrix_client_element_welcome_logo | trim | length == 0
- name: Set Element-Web custom logo link locally on AWX if defined
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: '{{ item.value }}'"
insertafter: '# Element Settings Start'
with_dict:
'matrix_client_element_welcome_logo_link': '{{ matrix_client_element_welcome_logo_link }}'
when: ( awx_https_string in matrix_client_element_welcome_logo_link ) and ( matrix_client_element_welcome_logo_link | trim | length > 0 )
- name: Remove Element-Web custom logo link locally on AWX if not defined
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^matrix_client_element_welcome_logo_link: "
state: absent
when: matrix_client_element_welcome_logo_link | trim | length == 0
- name: Set Element-Web custom headline locally on AWX if defined
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: '{{ item.value }}'"
insertafter: '# Element Settings Start'
with_dict:
'matrix_client_element_welcome_headline': '{{ awx_matrix_client_element_welcome_headline }}'
when: awx_matrix_client_element_welcome_headline | trim | length > 0
- name: Remove Element-Web custom headline locally on AWX if not defined
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^matrix_client_element_welcome_headline: "
state: absent
when: awx_matrix_client_element_welcome_headline | trim | length == 0
- name: Set Element-Web custom text locally on AWX if defined
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: '{{ item.value }}'"
insertafter: '# Element Settings Start'
with_dict:
'matrix_client_element_welcome_text': '{{ awx_matrix_client_element_welcome_text }}'
when: awx_matrix_client_element_welcome_text | trim | length > 0
- name: Remove Element-Web custom text locally on AWX if not defined
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^matrix_client_element_welcome_text: "
state: absent
when: awx_matrix_client_element_welcome_text | trim | length == 0
- name: Set Element-Web background locally on AWX if defined
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: '{{ item.value }}'"
insertafter: '# Element Settings Start'
with_dict:
'matrix_client_element_branding_welcomeBackgroundUrl': '{{ matrix_client_element_branding_welcomeBackgroundUrl }}'
when: matrix_client_element_branding_welcomeBackgroundUrl | trim | length > 0
- name: Remove Element-Web background locally on AWX if not defined
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^matrix_client_element_branding_welcomeBackgroundUrl: "
state: absent
when: matrix_client_element_branding_welcomeBackgroundUrl | trim | length == 0
- name: Save new 'Configure Element' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: 'roles/matrix-awx/surveys/configure_element.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json'
- name: Copy new 'Configure Element' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json'
dest: '/matrix/awx/configure_element.json'
mode: '0660'
- name: Recreate 'Configure Element' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 1 - Configure Element"
description: "Configure Element client via survey."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "start,setup-client-element"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element.json') }}"
become_enabled: true
state: present
verbosity: 1
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: true

43
roles/matrix-awx/tasks/set_variables_element_subdomain.yml
View File

@ -1,43 +0,0 @@
---
- name: Record Element-Web variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Element Settings Start'
with_dict:
'matrix_server_fqn_element': "{{ awx_element_subdomain | trim }}.{{ matrix_domain }}"
- name: Save new 'Configure Element Subdomain' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: 'roles/matrix-awx/surveys/configure_element_subdomain.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element_subdomain.json'
- name: Copy new 'Configure Element Subdomain' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element_subdomain.json'
dest: '/matrix/awx/configure_element_subdomain.json'
mode: '0660'
- name: Recreate 'Configure Element Subdomain' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 1 - Configure Element Subdomain"
description: "Configure Element clients subdomain location. (Eg: 'element' for element.example.org)"
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "start,setup-all,setup-client-element-subdomain"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_element_subdomain.json') }}"
state: present
verbosity: 1
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: true

45
roles/matrix-awx/tasks/set_variables_jitsi.yml
View File

@ -1,45 +0,0 @@
---
- name: Record Jitsi variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Jitsi Settings Start'
with_dict:
'matrix_jitsi_enabled': '{{ matrix_jitsi_enabled }}'
'matrix_jitsi_web_config_defaultLanguage': '{{ matrix_jitsi_web_config_defaultLanguage | trim }}'
- name: Save new 'Configure Jitsi' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: 'roles/matrix-awx/surveys/configure_jitsi.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json'
- name: Copy new 'Configure Jitsi' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json'
dest: '/matrix/awx/configure_jitsi.json'
mode: '0660'
- name: Recreate 'Configure Jitsi' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 1 - Configure Jitsi"
description: "Configure Jitsi conferencing settings."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "start,setup-jitsi"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_jitsi.json') }}"
become_enabled: true
state: present
verbosity: 1
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: true

102
roles/matrix-awx/tasks/set_variables_ma1sd.yml
View File

@ -1,102 +0,0 @@
---
- name: Record ma1sd variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# ma1sd Settings Start'
with_dict:
'matrix_ma1sd_enabled': '{{ matrix_ma1sd_enabled }}'
- name: Disable REST auth (matrix-corporal/ma1sd) if using internal auth
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Synapse Extension Start'
with_dict:
'matrix_synapse_awx_password_provider_rest_auth_enabled': 'false'
when: awx_matrix_ma1sd_auth_store == 'Synapse Internal'
- name: Enable REST auth if using external LDAP/AD with ma1sd
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Synapse Extension Start'
with_dict:
'matrix_synapse_awx_password_provider_rest_auth_enabled': 'true'
'matrix_synapse_awx_password_provider_rest_auth_endpoint': '"http://matrix-ma1sd:{{ matrix_ma1sd_container_port }}"'
when: awx_matrix_ma1sd_auth_store == 'LDAP/AD'
- name: Remove entire ma1sd configuration extension
delegate_to: 127.0.0.1
replace:
path: '{{ awx_cached_matrix_vars }}'
regexp: '^.*\n'
after: '# ma1sd Extension Start'
before: '# ma1sd Extension End'
- name: Replace conjoined ma1sd configuration extension limiters
delegate_to: 127.0.0.1
replace:
path: '{{ awx_cached_matrix_vars }}'
regexp: '^# ma1sd Extension Start# ma1sd Extension End'
replace: '# ma1sd Extension Start\n# ma1sd Extension End'
- name: Insert/Update ma1sd configuration extension variables
delegate_to: 127.0.0.1
blockinfile:
path: '{{ awx_cached_matrix_vars }}'
marker: "# {mark} ma1sd ANSIBLE MANAGED BLOCK"
insertafter: '# ma1sd Extension Start'
block: '{{ awx_matrix_ma1sd_configuration_extension_yaml }}'
- name: Record ma1sd Custom variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertbefore: '# ma1sd Settings End'
with_dict:
'awx_matrix_ma1sd_auth_store': '{{ awx_matrix_ma1sd_auth_store }}'
'awx_matrix_ma1sd_configuration_extension_yaml': '{{ awx_matrix_ma1sd_configuration_extension_yaml.splitlines() | to_json }}'
no_log: true
- name: Save new 'Configure ma1sd' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: 'roles/matrix-awx/surveys/configure_ma1sd.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json'
- name: Copy new 'Configure ma1sd' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json'
dest: '/matrix/awx/configure_ma1sd.json'
mode: '0660'
- name: Recreate 'Configure ma1sd (Advanced)' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 1 - Configure ma1sd (Advanced)"
description: "Configure Jitsi conferencing settings."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "start,setup-ma1sd"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_ma1sd.json') }}"
become_enabled: true
state: present
verbosity: 1
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: true

44
roles/matrix-awx/tasks/set_variables_mailer.yml
View File

@ -1,44 +0,0 @@
---
- name: Record Mailer variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Email Settings Start'
with_dict:
'matrix_mailer_relay_use': '{{ matrix_mailer_relay_use }}'
- name: Save new 'Configure Email Relay' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: 'roles/matrix-awx/surveys/configure_email_relay.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json'
- name: Copy new 'Configure Email Relay' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json'
dest: '/matrix/awx/configure_email_relay.json'
mode: '0660'
- name: Recreate 'Configure Email Relay' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 1 - Configure Email Relay"
description: "Enable MailGun relay to increase verification email reliability."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "start,setup-mailer"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_email_relay.json') }}"
become_enabled: true
state: present
verbosity: 1
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: true

68
roles/matrix-awx/tasks/set_variables_mjolnir.yml
View File

@ -1,68 +0,0 @@
---
- name: Include vars in matrix_vars.yml
include_vars:
file: '{{ awx_cached_matrix_vars }}'
no_log: true
- name: Collect the internal IP of the matrix-synapse container
shell: |
/usr/bin/docker inspect --format '{''{range.NetworkSettings.Networks}''}{''{.IPAddress}''}{''{end}''}' matrix-synapse
register: matrix_synapse_ip
- name: Collect access token of @admin-mjolnir user
shell: |
curl -X POST --header 'Content-Type: application/json' -d '{"identifier": {"type": "m.id.user","user": "admin-mjolnir"}, "password": "{{ awx_mjolnir_user_password }}", "type": "m.login.password"}' 'http://{{ matrix_synapse_ip.stdout }}:8008/_matrix/client/r0/login' | jq '.access_token'
register: awx_mjolnir_user_access_token
no_log: true
- name: Record Mjolnir Bot variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Mjolnir Settings Start'
with_dict:
'matrix_bot_mjolnir_enabled': '{{ matrix_bot_mjolnir_enabled }}'
'matrix_bot_mjolnir_access_token': '{{ awx_mjolnir_user_access_token.stdout[1:-1] }}'
'matrix_bot_mjolnir_management_room': '"{{ matrix_bot_mjolnir_management_room }}"'
no_log: true
- name: Remove Synapse rate-limiting for admin-mjolnir user
shell: |
/usr/local/bin/matrix-postgres-cli-non-interactive --dbname=synapse --command="INSERT INTO ratelimit_override VALUES ('@admin-mjolnir:{{ matrix_domain }}', 0, 0);"
ignore_errors: true
- name: Save new 'Configure Mjolnir' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: 'roles/matrix-awx/surveys/configure_mjolnir.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_mjolnir.json'
- name: Copy new 'Configure Mjolnir' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_mjolnir.json'
dest: '/matrix/awx/configure_mjolnir.json'
mode: '0660'
- name: Recreate 'Configure Mjolnir Bot' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 1 - Configure Mjolnir Bot"
description: "Configure Mjolnir settings, Mjolnir is a moderation bot for Matrix."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "start,setup-bot-mjolnir"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_mjolnir.json') }}"
become_enabled: true
state: present
verbosity: 1
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: true

223
roles/matrix-awx/tasks/set_variables_synapse.yml
View File

@ -1,223 +0,0 @@
---
- name: Limit max upload size to 200MB part 1
set_fact:
matrix_synapse_max_upload_size_mb: "200"
when: awx_synapse_max_upload_size_mb | int >= 200
- name: Limit max upload size to 200MB part 2
set_fact:
matrix_synapse_max_upload_size_mb: "{{ awx_synapse_max_upload_size_mb }}"
when: awx_synapse_max_upload_size_mb | int < 200
- name: Record Synapse variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Synapse Settings Start'
with_dict:
'matrix_synapse_allow_public_rooms_over_federation': '{{ matrix_synapse_allow_public_rooms_over_federation }}'
'matrix_synapse_enable_registration': '{{ matrix_synapse_enable_registration }}'
'matrix_synapse_federation_enabled': '{{ matrix_synapse_federation_enabled }}'
'matrix_synapse_enable_group_creation': '{{ matrix_synapse_enable_group_creation }}'
'matrix_synapse_presence_enabled': '{{ matrix_synapse_presence_enabled }}'
'matrix_synapse_max_upload_size_mb': '{{ matrix_synapse_max_upload_size_mb }}'
'matrix_synapse_url_preview_enabled': '{{ matrix_synapse_url_preview_enabled }}'
'matrix_synapse_allow_guest_access': '{{ matrix_synapse_allow_guest_access }}'
- name: Empty Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if raw inputs empty
delegate_to: 127.0.0.1
replace:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^matrix_synapse_auto_join_rooms: .*$"
replace: "matrix_synapse_auto_join_rooms: []"
when: awx_synapse_auto_join_rooms | length == 0
- name: If the raw inputs is not empty start constructing parsed auto_join_rooms list
set_fact:
awx_synapse_auto_join_rooms_array: |-
{{ awx_synapse_auto_join_rooms.splitlines() | to_json }}
when: awx_synapse_auto_join_rooms | length > 0
- name: Record Synapse variable 'matrix_synapse_auto_join_rooms' locally on AWX, if it's not blank
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Synapse Settings Start'
with_dict:
"matrix_synapse_auto_join_rooms": "{{ awx_synapse_auto_join_rooms_array }}"
when: awx_synapse_auto_join_rooms | length > 0
- name: Record Synapse Shared Secret if it's defined
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Synapse Settings Start'
with_dict:
'matrix_synapse_registration_shared_secret': '{{ awx_matrix_synapse_registration_shared_secret }}'
when: awx_matrix_synapse_registration_shared_secret | length > 0
- name: Record registations_require_3pid extra variable if true
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "{{ item }}"
line: "{{ item }}"
insertbefore: '# Synapse Extension End'
with_items:
- " registrations_require_3pid:"
- " - email"
when: awx_registrations_require_3pid | bool
- name: Remove registrations_require_3pid extra variable if false
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "{{ item }}"
line: "{{ item }}"
insertbefore: '# Synapse Extension End'
state: absent
with_items:
- " registrations_require_3pid:"
- " - email"
when: not awx_registrations_require_3pid | bool
- name: Remove URL Languages
delegate_to: 127.0.0.1
replace:
path: '{{ awx_cached_matrix_vars }}'
regexp: '^(?!.*\bemail\b) - [a-zA-Z\-]{2,5}\n'
after: ' url_preview_accept_language:'
before: '# Synapse Extension End'
- name: Set URL languages default if raw inputs empty
set_fact:
awx_url_preview_accept_language_default: 'en'
when: awx_url_preview_accept_language | length == 0
- name: Set URL languages default if raw inputs not empty
set_fact:
awx_url_preview_accept_language_default: "{{ awx_url_preview_accept_language }}"
when: awx_url_preview_accept_language|length > 0
- name: Set URL languages if raw inputs empty
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
insertafter: '^ url_preview_accept_language:'
line: " - {{ awx_url_preview_accept_language_default }}"
when: awx_url_preview_accept_language|length == 0
- name: Set URL languages if raw inputs not empty
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
insertafter: '^ url_preview_accept_language:'
line: " - {{ item }}"
with_items: "{{ awx_url_preview_accept_language.splitlines() }}"
when: awx_url_preview_accept_language | length > 0
- name: Remove Federation Whitelisting 1
delegate_to: 127.0.0.1
replace:
path: '{{ awx_cached_matrix_vars }}'
regexp: '^ - [a-z0-9]+\.[a-z0-9.]+\n'
after: ' federation_domain_whitelist:'
before: '# Synapse Extension End'
- name: Remove Federation Whitelisting 2
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
line: " federation_domain_whitelist:"
state: absent
- name: Set Federation Whitelisting 1
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
insertafter: '^matrix_synapse_configuration_extension_yaml: \|'
line: " federation_domain_whitelist:"
when: awx_federation_whitelist | length > 0
- name: Set Federation Whitelisting 2
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
insertafter: '^ federation_domain_whitelist:'
line: " - {{ item }}"
with_items: "{{ awx_federation_whitelist.splitlines() }}"
when: awx_federation_whitelist | length > 0
- name: Set awx_recaptcha_public_key to a 'public-key' if undefined
set_fact: awx_recaptcha_public_key="public-key"
when: (awx_recaptcha_public_key is not defined) or (awx_recaptcha_public_key|length == 0)
- name: Set awx_recaptcha_private_key to a 'private-key' if undefined
set_fact: awx_recaptcha_private_key="private-key"
when: (awx_recaptcha_private_key is not defined) or (awx_recaptcha_private_key|length == 0)
- name: Record Synapse Extension variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertbefore: '# Synapse Extension End'
with_dict:
' enable_registration_captcha': '{{ awx_enable_registration_captcha }}'
' recaptcha_public_key': '{{ awx_recaptcha_public_key }}'
' recaptcha_private_key': '{{ awx_recaptcha_private_key }}'
- name: Record Synapse Custom variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertbefore: '# Synapse Settings End'
with_dict:
'awx_federation_whitelist': '{{ awx_federation_whitelist.splitlines() | to_json }}'
'awx_url_preview_accept_language_default': '{{ awx_url_preview_accept_language_default.splitlines() | to_json }}'
'awx_enable_registration_captcha': '{{ awx_enable_registration_captcha }}'
'awx_recaptcha_public_key': '"{{ awx_recaptcha_public_key }}"'
'awx_recaptcha_private_key': '"{{ awx_recaptcha_private_key }}"'
- name: Save new 'Configure Synapse' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: 'roles/matrix-awx/surveys/configure_synapse.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}//configure_synapse.json'
- name: Copy new 'Configure Synapse' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json'
dest: '/matrix/awx/configure_synapse.json'
mode: '0660'
- name: Recreate 'Configure Synapse' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 1 - Configure Synapse"
description: "Configure Synapse (homeserver) settings."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "start,setup-synapse"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse.json') }}"
become_enabled: true
state: present
verbosity: 1
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: true

44
roles/matrix-awx/tasks/set_variables_synapse_admin.yml
View File

@ -1,44 +0,0 @@
---
- name: Record Synapse Admin variables locally on AWX
delegate_to: 127.0.0.1
lineinfile:
path: '{{ awx_cached_matrix_vars }}'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: '# Synapse Admin Settings Start'
with_dict:
'matrix_synapse_admin_enabled': '{{ matrix_synapse_admin_enabled }}'
- name: Save new 'Configure Synapse Admin' survey.json to the AWX tower, template
delegate_to: 127.0.0.1
template:
src: 'roles/matrix-awx/surveys/configure_synapse_admin.json.j2'
dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json'
- name: Copy new 'Configure Synapse Admin' survey.json to target machine
copy:
src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json'
dest: '/matrix/awx/configure_synapse_admin.json'
mode: '0660'
- name: Recreate 'Configure Synapse Admin' job template
delegate_to: 127.0.0.1
awx.awx.tower_job_template:
name: "{{ matrix_domain }} - 1 - Configure Synapse Admin"
description: "Configure 'Synapse Admin', a moderation tool to help you manage your server."
extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}"
job_type: run
job_tags: "start,setup-all"
inventory: "{{ member_id }}"
project: "{{ member_id }} - Matrix Docker Ansible Deploy"
playbook: setup.yml
credential: "{{ member_id }} - AWX SSH Key"
survey_enabled: true
survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/configure_synapse_admin.json') }}"
become_enabled: true
state: present
verbosity: 1
tower_host: "https://{{ awx_host }}"
tower_oauthtoken: "{{ awx_session_token.ansible_facts.tower_token.token }}"
validate_certs: true

32
roles/matrix-awx/tasks/update_variables.yml
View File

@ -1,32 +0,0 @@
---
- name: Rename synapse presence variable
delegate_to: 127.0.0.1
replace:
path: "/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml"
regexp: 'matrix_synapse_use_presence'
replace: 'matrix_synapse_presence_enabled'
- name: Search for matrix_homeserver_generic_secret_key variable in matrix_vars.yml
delegate_to: 127.0.0.1
register: presence
shell: "grep -i 'matrix_homeserver_generic_secret_key' /var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml"
no_log: true
- name: Generate matrix_homeserver_generic_secret_key variable if not present
delegate_to: 127.0.0.1
command: |
openssl rand -hex 16
register: generic_secret
no_log: true
when: presence is not changed
- name: Add new matrix_homeserver_generic_secret_key variable if not present
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
line: "matrix_homeserver_generic_secret_key: {{ generic_secret.stdout }}"
insertbefore: '# Basic Settings End'
mode: '0600'
state: present
when: presence is not changed

77
roles/matrix-common-after/tasks/awx_post.yml
View File

@ -1,77 +0,0 @@
---
- name: Create user account @admin-janitor
command: |
/usr/local/bin/matrix-synapse-register-user admin-janitor {{ awx_janitor_user_password | quote }} 1
register: cmd
when: not awx_janitor_user_created|bool
no_log: false
- name: Update AWX janitor user created variable
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: 'AWX Settings'
with_dict:
'awx_janitor_user_created': 'true'
when: not awx_janitor_user_created|bool
- name: Create user account @admin-dimension
command: |
/usr/local/bin/matrix-synapse-register-user admin-dimension {{ awx_dimension_user_password | quote }} 0
register: cmd
when: not awx_dimension_user_created|bool
no_log: false
- name: Update AWX dimension user created variable
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: 'AWX Settings'
with_dict:
'awx_dimension_user_created': 'true'
when: not awx_dimension_user_created|bool
- name: Create user account @admin-mjolnir
command: |
/usr/local/bin/matrix-synapse-register-user admin-mjolnir {{ awx_mjolnir_user_password | quote }} 0
register: cmd
when: not awx_mjolnir_user_created|bool
no_log: false
- name: Update AWX dimension user created variable
delegate_to: 127.0.0.1
lineinfile:
path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml'
regexp: "^#? *{{ item.key | regex_escape() }}:"
line: "{{ item.key }}: {{ item.value }}"
insertafter: 'AWX Settings'
with_dict:
'awx_mjolnir_user_created': 'true'
when: not awx_mjolnir_user_created|bool
- name: Ensure /chroot/website location has correct permissions
file:
path: /chroot/website
state: directory
owner: matrix
group: matrix
mode: '0770'
when: awx_customise_base_domain_website is defined
- name: Collect Discord AppService bot invite link if file exists
command:
cat /matrix/appservice-discord/config/invite_link
register: awx_discord_appservice_link
when: awx_appservice_discord_admin_user is defined
args:
removes: /matrix/appservice-discord/config/invite_link
- name: Print Discord AppService bot link for user
debug:
msg: "{{ awx_discord_appservice_link.stdout }}"
when: awx_discord_appservice_link.stdout is defined

5
roles/matrix-common-after/tasks/main.yml
View File

@ -14,11 +14,6 @@
tags:
- always
- import_tasks: "{{ role_path }}/tasks/awx_post.yml"
when: run_setup|bool and matrix_awx_enabled|bool
tags:
- always
- import_tasks: "{{ role_path }}/tasks/run_docker_prune.yml"
tags:
- run-docker-prune