ctucx.git: ansible-configs

My personal ansible roles and playbooks

commit e2910cd9c634ee9740d39f2c388b847edda8f0d7
parent 21504f0ba7c00b7e7123bf66d97ae9d31308c02c
Author: Leah (ctucx) <leah@ctu.cx>
Date: Mon, 1 Mar 2021 15:53:01 +0100

update configurations and playbook
3 files changed, 151 insertions(+), 12 deletions(-)
M
configuration/quitschi.yml
|
145
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
M
configuration/wanderduene.yml
|
14
+++-----------
M
playbook.yml
|
4
+++-
diff --git a/configuration/quitschi.yml b/configuration/quitschi.yml
@@ -84,6 +84,12 @@ services:
       quitschi.ctu.cx:
         renewTasks:
           - sudo rc-service nginx restart
+      trans-agenda.de:
+        renewTasks:
+          - sudo rc-service nginx restart
+      matrix.trans-agenda.de:
+        renewTasks:
+          - sudo rc-service nginx restart
 
   nginx:
     enable: true

@@ -100,3 +106,142 @@ services:
         locations:
           - path: /node-exporter
             proxy: http://127.0.0.1:9100/metrics
+      trans-agenda.de:
+        ssl:
+          enable: true
+          cert: "/var/lib/acme-redirect/live/trans-agenda.de/fullchain"
+          privkey: "/var/lib/acme-redirect/live/trans-agenda.de/privkey"
+        locations:
+          - path: "/.well-known/matrix/client"
+            extraConfig: '
+              add_header Content-Type application/json;
+              return 200 "{\"m.homeserver\": {\"base_url\": \"https://matrix.trans-agenda.de\"}}";
+            '
+          - path: "/.well-known/matrix/server"
+            extraConfig: '
+              add_header Content-Type application/json;
+              return 200 "{\"m.server\": \"matrix.trans-agenda.de:443\"}";
+            '
+
+  synapse:
+    enable: true
+    setupPostgreSQL: true
+    homeserverConfig:
+      suppress_key_server_warning: true
+      admin_contact: 'mailto:leah@ctu.cx'
+      no_tls: false
+      server_name: "trans-agenda.de"
+      pid_file: "/run/matrix-synapse.pid"
+      public_baseurl: "https://matrix.trans-agenda.de/"
+      listeners:
+        - port: 8008
+          bind_address: "127.0.0.1"
+          type: http
+          tls: false
+          x_forwarded: true
+          resources:
+            - names: ["client"]
+              compress: true
+            - names: ["federation"]
+              compress: false
+      database:
+        name: "psycopg2"
+        args:
+          database: "synapse"
+      event_cache_size: "10K"
+      verbose: 0
+      rc_messages_per_second: 0.2
+      rc_message_burst_count: 10.0
+      federation_rc_window_size: 1000
+      federation_rc_sleep_limit: 10
+      federation_rc_sleep_delay: 500
+      federation_rc_reject_limit: 50
+      federation_rc_concurrent: 3
+      media_store_path: "/var/lib/synapse/media"
+      uploads_path: "/var/lib/synapse/uploads"
+      max_upload_size: "150M"
+      max_image_pixels: "32M"
+      dynamic_thumbnails: true
+      url_preview_enabled: true
+      url_preview_ip_range_blacklist: ["127.0.0.0/8","10.0.0.0/8","172.16.0.0/12","192.168.0.0/16","100.64.0.0/10","169.254.0.0/16","::1/128","fe80::/64","fc00::/7"]
+      url_preview_ip_range_whitelist: []
+      url_preview_url_blacklist: []
+      enable_registration_captcha: true
+      recaptcha_public_key: "{{ lookup('diskcache', 'passwordstore', 'Server/quitschi/synapse/recaptcha.pub')}}"
+      recaptcha_private_key: "{{ lookup('diskcache', 'passwordstore', 'Server/quitschi/synapse/recaptcha.priv')}}"
+      turn_uris: []
+      turn_shared_secret: ""
+      enable_registration: true
+      enable_metrics: false
+      registration_shared_secret: "{{ lookup('diskcache', 'passwordstore', 'Server/quitschi/synapse/secret')}}"
+      recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify"
+      turn_user_lifetime: "1h"
+      user_creation_max_duration: 1209600000
+      bcrypt_rounds: 12
+      allow_guest_access: false
+      room_invite_state_types: ["m.room.join_rules", "m.room.canonical_alias", "m.room.avatar", "m.room.name"]
+      expire_access_token: false
+      report_stats: false
+      signing_key_path: "/var/lib/synapse/homeserver.signing.key"
+      key_refresh_interval: "1d"
+      redaction_retention_period: 7
+      perspectives:
+        servers:
+          "matrix.org":
+            verify_keys:
+              "ed25519:auto":
+                key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
+      email:
+        smtp_host: wanderduene.ctu.cx
+        smtp_port: 587
+        smtp_user: "matrix@trans-agenda.de"
+        smtp_pass: "{{ lookup('diskcache', 'passwordstore', 'Server/quitschi/synapse/email.passwd')}}"
+        require_transport_security: true
+        notif_from: "trans-agenda.de Matrix Server <matrix@trans-agenda.de>"
+        app_name: Matrix
+        enable_notifs: true
+        notif_for_new_users: false
+        client_base_url: "https://matrix.trans-agenda.de"
+        validation_token_lifetime: 1h
+    logConfig:
+      version: 1
+      formatters:
+          precise:
+              format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
+      handlers:
+          file:
+              class: logging.handlers.TimedRotatingFileHandler
+              formatter: precise
+              filename: /var/log/synapse/homeserver.log
+              when: midnight
+              backupCount: 3  # Does not include the current log file.
+              encoding: utf8
+          buffer:
+              class: logging.handlers.MemoryHandler
+              target: file
+              capacity: 10
+              flushLevel: 30  # Flush for WARNING logs as well
+          console:
+              class: logging.StreamHandler
+              formatter: precise
+      loggers:
+          synapse.storage.SQL:
+              level: INFO
+          twisted:
+              handlers: [file]
+              propagate: false
+      root:
+          level: INFO
+          handlers: [buffer]
+      disable_existing_loggers: false
+    webClient:
+      enable: true
+      configFile: config-files/quitschi/schildichat-web.json
+    nginx:
+      enable: true
+      domain: "matrix.trans-agenda.de"
+      sslOnly: true
+      ssl:
+        enable: true
+        cert: "/var/lib/acme-redirect/live/matrix.trans-agenda.de/fullchain"
+        privkey: "/var/lib/acme-redirect/live/matrix.trans-agenda.de/privkey"
diff --git a/configuration/wanderduene.yml b/configuration/wanderduene.yml
@@ -6,7 +6,7 @@ system:
   enableOwnRepos: true
   enableSudo: true
   useNTP: true
-  enableNFSMount: true #todo: support archlinux
+  enableNFSMount: true
   extraPackages:
     - iftop
     - iotop

@@ -308,6 +308,7 @@ services:
   synapse:
     enable: true
     homeserverConfig:
+      suppress_key_server_warning: true
       no_tls: false
       server_name: "ctu.cx"
       pid_file: "/run/matrix-synapse.pid"

@@ -350,7 +351,7 @@ services:
       turn_shared_secret: ""
       enable_registration: false
       enable_metrics: false
-      registration_shared_secret: "secret"
+      registration_shared_secret: "{{ lookup('diskcache', 'passwordstore', 'Server/wanderduene/synapse.secret')}}"
       recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify"
       turn_user_lifetime: "1h"
       user_creation_max_duration: 1209600000

@@ -458,15 +459,6 @@ services:
             'fbexporter.f2k1.de'
           ]
 
-        - job_name: 'parkplatz-exporter'
-          metrics_path: '/parkplaetze.php'
-          scheme: 'https'
-          scrape_interval: 5m
-          static_configs:
-          - targets: [
-            'f2k1.de'
-          ]
-
         - job_name: 'smarthome-exporter'
           metrics_path: '/smarthome-exporter'
           scheme: 'https'
diff --git a/playbook.yml b/playbook.yml
@@ -40,7 +40,7 @@
       tags: radicale
     - role: pleroma           # supports: alpine
       tags: pleroma
-    - role: synapse           # supports: alpine, arch(untested)
+    - role: synapse
       tags: synapse
     - role: prometheus        # supports: alpine, arch(untested)
       tags: prometheus

@@ -95,6 +95,8 @@
       tags: vnstat
     - role: nginx             # supports: alpine, arch
       tags: nginx
+    - role: synapse
+      tags: synapse
 
 - hosts: joguhrtbecher
   name: Install joguhrtbecher