From 8bd84e52ff1cd1e379eac1e681e8618b074bd4a8 Mon Sep 17 00:00:00 2001 From: Scott Wallace Date: Sun, 20 Oct 2019 15:25:37 +0100 Subject: [PATCH] Move Matrix to a Docker container --- .ansible/roles/matrix_server/files/log.yaml | 37 ---------- .../matrix_server/tasks/includes/repos.yaml | 19 ------ .ansible/roles/matrix_server/tasks/main.yaml | 68 +++---------------- .../templates/homeserver.yaml.j2 | 9 ++- .ansible/roles/matrix_server/vars/main.yaml | 8 --- 5 files changed, 14 insertions(+), 127 deletions(-) delete mode 100644 .ansible/roles/matrix_server/files/log.yaml delete mode 100644 .ansible/roles/matrix_server/tasks/includes/repos.yaml diff --git a/.ansible/roles/matrix_server/files/log.yaml b/.ansible/roles/matrix_server/files/log.yaml deleted file mode 100644 index 9d7acb8..0000000 --- a/.ansible/roles/matrix_server/files/log.yaml +++ /dev/null @@ -1,37 +0,0 @@ -version: 1 - -formatters: - precise: - format: "%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s" - -filters: - context: - (): synapse.logging.context.LoggingContextFilter - request: "" - -handlers: - file: - class: logging.handlers.RotatingFileHandler - formatter: precise - filename: /var/log/matrix-synapse/homeserver.log - maxBytes: 104857600 - backupCount: 10 - filters: [context] - encoding: utf8 - console: - class: logging.StreamHandler - formatter: precise - level: WARN - -loggers: - synapse: - level: WARN - - synapse.storage.SQL: - # beware: increasing this to DEBUG will make synapse log sensitive - # information such as access tokens. - level: WARN - -root: - level: WARN - handlers: [file, console] diff --git a/.ansible/roles/matrix_server/tasks/includes/repos.yaml b/.ansible/roles/matrix_server/tasks/includes/repos.yaml deleted file mode 100644 index 55e7d02..0000000 --- a/.ansible/roles/matrix_server/tasks/includes/repos.yaml +++ /dev/null @@ -1,19 +0,0 @@ -- name: includes/repos.yaml - tags: - - install - - repos - - matrix - block: - - name: "Apt repo: Import GPG key: {{ repo.name }}" - apt_key: - state: present - url: "{{ repo.key }}" - when: repo.key - become: true - - - name: "Apt repo: Add repo: {{ repo.name }}" - apt_repository: - state: present - repo: "{{ repo.data }}" - update_cache: yes - become: true diff --git a/.ansible/roles/matrix_server/tasks/main.yaml b/.ansible/roles/matrix_server/tasks/main.yaml index 5e3d9ae..332e2f3 100644 --- a/.ansible/roles/matrix_server/tasks/main.yaml +++ b/.ansible/roles/matrix_server/tasks/main.yaml @@ -1,60 +1,14 @@ -- name: "Matrix: Repositories" - tags: - - install - - repos - - matrix - include: includes/repos.yaml - loop: "{{ linux_repos }}" - loop_control: - loop_var: repo - -- name: "Matrix: Packages" - tags: - - install - - packages - - matrix - package: - name: "{{ item }}" - state: present - loop: "{{ linux_packages }}" - become: true - - name: "Matrix: Configuration" tags: - config - matrix block: + - include: roles/common_server/tasks/docker.yaml + - name: "Matrix: Configuration: homeserver.yaml" template: src: "templates/homeserver.yaml.j2" - dest: "/etc/matrix-synapse/homeserver.yaml" - mode: "0400" - owner: "matrix-synapse" - group: "nogroup" - become: yes - - - name: "Matrix: Configuration: server_name.yaml" - copy: - dest: "/etc/matrix-synapse/conf.d/server_name.yaml" - content: "server_name: home.suborbit.com" - mode: "0400" - owner: "matrix-synapse" - group: "nogroup" - become: yes - - - name: "Matrix: Configuration: log.yaml" - copy: - dest: "/etc/matrix-synapse/log.yaml" - src: "files/log.yaml" - mode: "0400" - owner: "matrix-synapse" - group: "nogroup" - become: yes - - - name: "Matrix: Configuration: dhparam.pem" - copy: - dest: "/etc/matrix-synapse/dhparam.pem" - content: "{{ dhparam }}" + dest: "/srv/app/docker/matrix/config/homeserver.yaml" mode: "0400" owner: "matrix-synapse" group: "nogroup" @@ -62,18 +16,16 @@ - name: "Matrix: Configuration: homeserver.signing.key" copy: - dest: "/etc/matrix-synapse/homeserver.signing.key" + dest: "/srv/app/docker/matrix/config/homeserver.signing.key" content: "{{ signing_key }}" mode: "0400" owner: "matrix-synapse" group: "nogroup" become: yes -- name: "Matrix: Service" - tags: - - matrix - systemd: - name: "matrix-synapse" - state: started - enabled: yes - become: yes + - name: "Matrix: Docker: compose.yaml" + copy: + dest: "/srv/app/docker/matrix/compose.yaml" + src: "files/docker-compose.yaml" + mode: "0400" + become: yes diff --git a/.ansible/roles/matrix_server/templates/homeserver.yaml.j2 b/.ansible/roles/matrix_server/templates/homeserver.yaml.j2 index a3cbd36..4f0c01d 100644 --- a/.ansible/roles/matrix_server/templates/homeserver.yaml.j2 +++ b/.ansible/roles/matrix_server/templates/homeserver.yaml.j2 @@ -17,9 +17,8 @@ listeners: database: name: "sqlite3" args: - database: "/var/lib/matrix-synapse/homeserver.db" + database: "/data/homeserver.db" event_cache_size: "10K" -log_config: "/etc/matrix-synapse/log.yaml" rc_messages_per_second: 0.2 rc_message_burst_count: 10.0 federation_rc_window_size: 1000 @@ -27,8 +26,8 @@ federation_rc_sleep_limit: 10 federation_rc_sleep_delay: 500 federation_rc_reject_limit: 5 federation_rc_concurrent: 1 -media_store_path: "/var/lib/matrix-synapse/media" -uploads_path: "/var/lib/matrix-synapse/uploads" +media_store_path: "/data/media" +uploads_path: "/data/uploads" max_upload_size: "100M" max_image_pixels: "64M" dynamic_thumbnails: false @@ -76,7 +75,7 @@ room_invite_state_types: app_service_config_files: [] track_appservice_user_ips: False expire_access_token: False -signing_key_path: "/etc/matrix-synapse/homeserver.signing.key" +signing_key_path: "/config/homeserver.signing.key" old_signing_keys: {} key_refresh_interval: "1d" # 1 Day. trusted_key_servers: diff --git a/.ansible/roles/matrix_server/vars/main.yaml b/.ansible/roles/matrix_server/vars/main.yaml index f93a0da..a8fc01e 100644 --- a/.ansible/roles/matrix_server/vars/main.yaml +++ b/.ansible/roles/matrix_server/vars/main.yaml @@ -1,12 +1,4 @@ --- -linux_repos: - - name: "Matrix Synapse" - data: "deb https://packages.matrix.org/debian disco main" - key: "https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg" - -linux_packages: - - matrix-synapse-py3 - password_pepper: !vault | $ANSIBLE_VAULT;1.1;AES256 33373335643631373939643231653138646134633537343138333461633164393764376236663065