Synapse docker container configuration

ansible.cfg

@@ -2,7 +2,11 @@
 remote_user = root
 remote_port = 22
 host_key_checking = False
-pipelining=True
+pipelining = True
 inject_facts_as_vars = True
 roles_path = roles
 inventory = inventory.ini
+
+[ssh_connection]
+scp_if_ssh = smart
+transfer_method = smart

playbooks/matrix.conf.j2

+server {
+    listen 443 ssl;
+    server_name matrix.nyala.website;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_tickets off;
+
+    ssl_certificate     /etc/nginx/ssl/cert.pem;
+    ssl_certificate_key /etc/nginx/ssl/privkey.pem;
+
+    location / {
+       proxy_pass http://127.0.0.1:8008;
+    }
+}
+

playbooks/nginx_install.yml

@@ -6,3 +6,11 @@
       service:
           name: nginx
           state: started
+    - name: Upload the file of configuration to the nginx server.
+      copy:
+        src: matrix.conf.j2
+        dest: /etc/nginx/sites-enabled/matrix
+    - name: Restart nginx server.
+      service:
+        name: nginx
+        state: restarted

playbooks/posgresql/tasks/main.yml

+---
+- name: Install postgresql
+  ansible.builtin.apt:
+    name: postgresql
+    state: present
+
+
+- name : Ajouter une adresse au fichier pg_hba.conf
+  community.postgresql.postgresql_pg_hba:
+    dest: /etc/postgresql/15/main/pg_hba.conf
+    contype: host
+    source: 10.69.0.0/24
+    method: scram-sha-256
+
+- name : Changement de listen adress
+  lineinfile:
+    path: /etc/postgresql/15/main/postgresql.conf
+    regexp: '^#?listen_addresses = .*'
+    line: "listen_addresses = '*'"
+
+- name: Create a new database with name "g7-db"
+  community.postgresql.postgresql_db:
+    name: g7-db
+    template : template0
+    encoding: "UTF-8"
+    lc_collate: "C"
+    lc_ctype: "C"
+  become : true
+  become_user : postgres
+
+- name: Connect to g7-db database, create g7-belhasna, and grant access to database
+  community.postgresql.postgresql_user:
+    db: g7-db
+    name: g7-belhasna
+    password: glopglop
+  become : true
+  become_user : postgres
+
+- name: Connect to g7-db database, create g7-achaouni user, and grant access to database
+  community.postgresql.postgresql_user:
+    db: g7-db
+    name: g7-achaouni
+    password: glopglop
+  become : true
+  become_user : postgres
+

playbooks/postgreSQL.yml

 ---
-- name: Deploy PostgreSQL for Synapse and Mastodon
+- name: "Install postgresql"
   hosts: db
-  become: true
-  vars:
-    postgres_user: "g7_user"
-    postgres_password: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          37373966353338626633323534386166303737636437656538343565666466343235356335623433
-          3265323931383161383731643166363239313330616537370a366636373630656130356162356436
-          33303136373838636133313064326561613438353134396435393030373335663038366130663238
-          3463323232333365360a373761363962383065626533373933316166323439643266656132326331
-          3335
-    postgres_db: "g7_db"
-    postgres_netmask: "0.0.0.0/0"
-
-  tasks:
-    - name: Install PostgreSQL and Python3 psycopg2
-      apt:
-        name:
-          - postgresql
-          - python3-psycopg2
-        state: present
-
-    - name: Ensure PostgreSQL configuration allows connections from any IP address
-      community.postgresql.postgresql_pg_hba:
-        dest: /var/lib/postgres/data/pg_hba.conf
-        databases: all
-        users: all
-        address: "{{ postgres_netmask }}"
-        method: scram-sha-256
-      notify: Restart PostgreSQL
-      become: true
-
-    - name: Update PostgreSQL configuration to listen on all interfaces
-      lineinfile:
-        path: /etc/postgresql/15/main/postgresql.conf
-        regexp: '^#?listen_addresses\s*='
-        line: "listen_addresses '*'"
-      notify: Restart PostgreSQL
-      become: true
-
-    - name: Create PostgreSQL database user
-      community.postgresql.postgresql_user:
-        name: "{{ postgres_user }}"
-        password: "{{ postgres_password }}"
-        state: present
-      become: true
-
-    - name: Create PostgreSQL database
-      community.postgresql.postgresql_db:
-        name: "{{ postgres_db }}"
-        owner: "{{ postgres_user }}"
-        encoding: "UTF-8"
-        lc_collate: "C"
-        lc_ctype: "C"
-        state: present
-      #become: true
-      become_user: postgres
-      become: true
-  handlers:
-    - name: Restart PostgreSQL
-      systemd:
-        name: postgresql
-        state: restarted
+  roles:
+    - postgresql

playbooks/synapse.yml

+---
+- hosts: all
+  roles:
+    - synapse

roles/posgresql/tasks/main.yml

 ---
-- name: Ensure required packages are installed
-  apt:
-    name: "{{ item }}"
+- name: Install postgresql
+  ansible.builtin.apt:
+    name: postgresql
     state: present
-  loop:
-    - postgresql
-    - python3-psycopg2
 
-- name: Ensure PostgreSQL is running and enabled
-  service:
-    name: postgresql
-    state: started
-    enabled: yes
 
-- name: Allow connections to PostgreSQL from all IP addresses
-  become: yes
-  lineinfile:
-    path: /etc/postgresql/15/main/pg_hba.conf
-    line: "host    all             all             0.0.0.0/0            scram-sha-256"
-    insertafter: EOF
+- name : Ajouter une adresse au fichier pg_hba.conf
+  community.postgresql.postgresql_pg_hba:
+    dest: /etc/postgresql/15/main/pg_hba.conf
+    contype: host
+    source: 10.69.0.0/24
+    method: scram-sha-256
 
-- name: Update listen_addresses in postgresql.conf
-  become: yes
+- name : Changement de listen adress
   lineinfile:
     path: /etc/postgresql/15/main/postgresql.conf
-    regexp: "^#?listen_addresses = 'localhost'"
+    regexp: '^#?listen_addresses = .*'
     line: "listen_addresses = '*'"
 
-- name: Restart PostgreSQL service to apply changes
-  become: yes
-  service:
-    name: postgresql
-    state: restarted
+- name: Create a new database with name "g7-db"
+  community.postgresql.postgresql_db:
+    name: g7-db
+    template : template0
+    encoding: "UTF-8"
+    lc_collate: "C"
+    lc_ctype: "C"
+  become : true
+  become_user : postgres
+
+- name: Connect to g7-db database, create g7-belhasna, and grant access to database
+  community.postgresql.postgresql_user:
+    db: g7-db
+    name: g7-belhasna
+    password: glopglop
+  become : true
+  become_user : postgres
+
+- name: Connect to g7-db database, create g7-achaouni user, and grant access to database
+  community.postgresql.postgresql_user:
+    db: g7-db
+    name: g7-achaouni
+    password: glopglop
+  become : true
+  become_user : postgres
 
-- name: Create PostgreSQL user and database for Synapse
-  become: yes
-  postgresql_db:
-    name: synapse
-    encoding: UTF-8
-    lc_collate: C
-    lc_ctype: C
-  vars:
-    postgresql_user: synapse
-    postgresql_password: "{{ synapse_postgresql_password }}"
-    login_user: postgres
-    login_password: "{{ postgresql_postgres_password }}"
-    login_host: localhost

roles/synapse/files/homeserver.yaml

+# Configuration file for Synapse.
+#
+# This is a YAML file: see [1] for a quick introduction. Note in particular
+# that *indentation is important*: all the elements of a list or dictionary
+# should have the same indentation.
+#
+# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
+#
+# For more information on how to configure Synapse, including a complete accounting of
+# each option, go to docs/usage/configuration/config_documentation.md or
+# https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html
+server_name: "matrix.synapse.nyala.website"
+pid_file: /data/homeserver.pid
+listeners:
+  - port: 8008
+    tls: false
+    type: http
+    x_forwarded: true
+    resources:
+      - names: [client, federation]
+        compress: false
+database:
+  name: psycopg2
+  args:
+    database: /data/homeserver.db
+    dbname: synapse
+    host: localhost
+log_config: "/data/matrix.synapse.nyala.website.log.config"
+media_store_path: /data/media_store
+registration_shared_secret: "BibA=##8svJ5sm;R@*qk2BOF3Mm=ZwrI7DhfFas#GBGEGOB3qO"
+report_stats: false
+macaroon_secret_key: "69^l,xgwOr+S3yj&aWWL_d-oDY7If8piCh89pOzqi*K&=8W*#."
+form_secret: "q8*8#1CG#lI3LlpC+V86aM4mI#c@4grJoC8+36RjzZ*kXEI~*I"
+signing_key_path: "/data/matrix.synapse.nyala.website.signing.key"
+trusted_key_servers:
+  - server_name: "matrix.org"
+
+
+# vim:ft=yaml

roles/synapse/files/matrix.synapse.nyala.website.log.config

+version: 1
+
+formatters:
+  precise:
+    
+    format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
+    
+
+handlers:
+
+
+  console:
+    class: logging.StreamHandler
+    formatter: precise
+
+loggers:
+    # This is just here so we can leave `loggers` in the config regardless of whether
+    # we configure other loggers below (avoid empty yaml dict error).
+    _placeholder:
+        level: "INFO"
+
+    
+    
+    synapse.storage.SQL:
+        # beware: increasing this to DEBUG will make synapse log sensitive
+        # information such as access tokens.
+        level: INFO
+    
+
+    
+
+root:
+    level: INFO
+
+
+    handlers: [console]
+
+
+disable_existing_loggers: false
\ No newline at end of file

roles/synapse/tasks/main.yml

+---
+- name: creates the redis container
+  community.docker.docker_container:
+    name: "synapse"
+    image: redis:latest
+    state: started
+    recreate: yes
+    volumes:
+      - /home/pifou/Bureau/g7_maurice/g7-polytech-ansible/roles/synapse/files:/data
+    ports:
+      - 8008:8008/tcp
+    restart_policy: "unless-stopped"