Dernières configs et fin du TP

ca2e7a60 · achaouni · 0abb8176 · ca2e7a60 · ca2e7a60 · ca2e7a60
Commit ca2e7a60 authored 1 year ago by achaouni
--- a/playbooks/.nginx_install.yml.swp
+++ b/playbooks/.nginx_install.yml.swp
--- a/playbooks/matrix.conf.j2
+++ b/playbooks/matrix.conf.j2
 server {
    listen 443 ssl;
-    server_name matrix.nyala.website;
+    server_name synapse.nyala.website;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
@@ -8,11 +8,10 @@ server {
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;

-    ssl_certificate     /etc/nginx/ssl/cert.pem;
-    ssl_certificate_key /etc/nginx/ssl/privkey.pem;
+    ssl_certificate     /etc/letsencrypt/live/synapse.nyala.website-0001/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/synapse.nyala.website-0001/privkey.pem;

    location / {
       proxy_pass http://127.0.0.1:8008;
    }
 }
-
--- a/playbooks/postgreSQL.yml
+++ b/playbooks/postgreSQL.yml
--- a/playbooks/posgresql/tasks/main.yml
+++ b/playbooks/posgresql/tasks/main.yml
--- a/roles/posgresql/tasks/main.yml
+++ b/roles/posgresql/tasks/main.yml
@@ -9,7 +9,7 @@
  community.postgresql.postgresql_pg_hba:
    dest: /etc/postgresql/15/main/pg_hba.conf
    contype: host
-    source: 10.69.0.0/24
+    source: 10.0.69.0/24
    method: scram-sha-256

 - name : Changement de listen adress
@@ -18,19 +18,8 @@
    regexp: '^#?listen_addresses = .*'
    line: "listen_addresses = '*'"

- name: Create a new database with name "g7-db"
-  community.postgresql.postgresql_db:
-    name: g7-db
-    template : template0
-    encoding: "UTF-8"
-    lc_collate: "C"
-    lc_ctype: "C"
-  become : true
-  become_user : postgres
-
 - name: Connect to g7-db database, create g7-belhasna, and grant access to database
  community.postgresql.postgresql_user:
-    db: g7-db
    name: g7-belhasna
    password: glopglop
  become : true
@@ -38,9 +27,24 @@

 - name: Connect to g7-db database, create g7-achaouni user, and grant access to database
  community.postgresql.postgresql_user:
-    db: g7-db
    name: g7-achaouni
    password: glopglop
  become : true
  become_user : postgres

+- name: Create a new database with name "g7-db"
+  community.postgresql.postgresql_db:
+    name: g7-db
+    template : template0
+    encoding: "UTF-8"
+    lc_collate: "C"
+    lc_ctype: "C"
+    owner: g7-belhasna
+  become : true
+  become_user : postgres
+
+- name: Reload Postgres
+  ansible.builtin.service:
+    name: postgresql
+    state: reloaded
+
--- a/roles/synapse/files/homeserver.yaml
+++ b/roles/synapse/files/homeserver.yaml
@@ -9,7 +9,7 @@
 # For more information on how to configure Synapse, including a complete accounting of
 # each option, go to docs/usage/configuration/config_documentation.md or
 # https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html
-server_name: "matrix.synapse.nyala.website"
+server_name: "synapse.nyala.website"
 pid_file: /data/homeserver.pid
 listeners:
  - port: 8008
@@ -22,9 +22,12 @@ listeners:
 database:
  name: psycopg2
  args:
-    database: /data/homeserver.db
-    dbname: synapse
-    host: localhost
+    user: g7-belhasna
+    password: glopglop
+    dbname: g7-db
+    host: 10.0.69.105
+    cp_min: 5
+    cp_max: 10
 log_config: "/data/matrix.synapse.nyala.website.log.config"
 media_store_path: /data/media_store
 registration_shared_secret: "BibA=##8svJ5sm;R@*qk2BOF3Mm=ZwrI7DhfFas#GBGEGOB3qO"
@@ -34,6 +37,3 @@ form_secret: "q8*8#1CG#lI3LlpC+V86aM4mI#c@4grJoC8+36RjzZ*kXEI~*I"
 signing_key_path: "/data/matrix.synapse.nyala.website.signing.key"
 trusted_key_servers:
  - server_name: "matrix.org"
-
-
-# vim:ft=yaml
--- a/roles/synapse/tasks/main.yml
+++ b/roles/synapse/tasks/main.yml
---
- name: creates the redis container
+- name: Copy files to Synapse server
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: "/synapse/"
+  with_items:
+    - homeserver.yaml
+    - matrix.synapse.nyala.website.signing.key
+    - matrix.synapse.nyala.website.log.config
+
+- name: Creates directory
+  ansible.builtin.file:
+    path: "/synapse/media_store"
+    mode: 0700
+    state: directory
+
+- name: Creates the synapse container
  community.docker.docker_container:
    name: "synapse"
-    image: redis:latest
+    image: "matrixdotorg/synapse:latest"
    state: started
    recreate: yes
-    volumes:
-      - /home/pifou/Bureau/g7_maurice/g7-polytech-ansible/roles/synapse/files:/data
    ports:
-      - 8008:8008/tcp
+      - 8008:8008
+    volumes:
+      - /synapse:/data
    restart_policy: "unless-stopped"