diff --git a/Vagrantfile b/Vagrantfile index bb32fef..28f2e28 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -13,6 +13,7 @@ Vagrant.configure(2) do |config| ansible.verbose = "v" ansible.compatibility_mode = "2.0" ansible.playbook = "playbook.yml" + ansible.ask_vault_pass = true ansible.host_vars = { "datacoop" => {"ansible_python_interpreter" => "/usr/bin/python3.6"} } diff --git a/group_vars/all/secrets.yml b/group_vars/all/secrets.yml index 6c36fb6..9b1720c 100644 --- a/group_vars/all/secrets.yml +++ b/group_vars/all/secrets.yml @@ -1,38 +1,42 @@ $ANSIBLE_VAULT;1.1;AES256 -63323530623531666436636366633932313030663465316462623730383562623961373734303630 -3961356564343865353430353539626531396462376164360a383662633337353765356364366464 -38363066303165666562393735663435393130396463333131396232386236363566653737323937 -3562643633636633310a353731626562616230363536646538303636633262643366653566393538 -39393639313933666330326235333661356335343031353935623737616432333633356533383266 -64346438333630306634396534613534303038396662653035623832393339613232333465376436 -35623037616532353061373635356536336437303666343239643236323530333534343331346639 -34663335383962656534613739626538303663316437613338336562393866313862326336313464 -64316438653233663063623938663864623235623463626666653366393062303639653733656534 -35333161633638363564386338623739643366346462326434626336323766646462306535616534 -31313063343032373732333762626233326233376137656164646666303962633034386437376131 -61353235333164333632393964343962323930383861353434336236663437373333373065626635 -35396261393031363339656665373235383134383930383238323363323961366162313161653731 -33333635303638356338633166646463356533653065663035316563636139303137333733343138 -37346164613235373965376131623732376463323265346234376565343364393262306362633933 -36633563373932653663353063636238643665363666663536613562626632643235643934663465 -63316162316234633561623965353166613939386136333261383830653431616662626366393838 -31373861653962633065636637616631623832326565396533386331633034636666336234353662 -62356631383334373631306163643161623333363264626436396437666234313637356666663334 -34623039376632663839363539386661356666663030663239653634373237313066333337313837 -34373530313834303038303839393566643538383138363035613066393239666165303162303932 -33653462353638353033303364316433333564303565646165643065626163306365383836333665 -30636234373636316265633965356232343762643362613966303063636439396439616130633835 -36353062383032333431616434373133633038386530646531363439306263343464313762383866 -66313237323336666162393439333737663434353466643631353039343433306264393030356362 -63643030666433633631613733376330383034313632303263646439316635656334346439636334 -31343235353366646566626431313734666232633539316363396665383434663532356330613462 -35653037336532643236326534303335623265633633363462653638316637356230356236383365 -66346361653236346366306462383364323662616664393365313238323936303062316136386664 -30306366663235353630646537623237623631646139396533633439353839356637386437396132 -36626139316335653333313037666231353734623436316563633763396637313233333938376130 -30326364383833376161326563633166373631643762663063353764313665616335663233316336 -61393735343734653136613539613262343331343938363364343530656234393839313830303133 -38363630343262646230366234313538306430646161626534353030396661626336326230376261 -65303231616238393430643533366630613361653431336432383331376533616665326537626336 -34313439623232326166373636633135303766636133303465656332653633356339363761623833 -63313762346233623338356466623638316466646436323238663434666232343765 +37383765663034396532346138346339646138613131363332623831383766646534356133626630 +3766346661383236336433633762626538343266323866340a353333616330656132376163373061 +37323833396431663630346331363662373734353263386238306138313938356235303839363734 +3738376564616239370a666635653063356565306431333963626439303630633834663737323036 +64373165616565316534653738353362653339336237373966623635666438363764633938653331 +30313534613864346136383635356666663635396162326334393963306530336130383238326337 +64313162633835306132316431303436623135303165366165306363643838363964623862393334 +36303036636534646438353336626365373036646233356262373436383230366464393561396166 +31306130313434666661633166383435303730613637386366663539363432656362336663633730 +39386530326661383664353563336130313330633237396561356637623331653862336133316133 +31366533646464336434313131353031656634653638383965336563303465373038376131393863 +38393039663631343066396132356362333032633462396433303430656264636435323638363663 +33326364323866346231653164356631303536393664643963613734336163373331663061623263 +32383137373763613465393037383135636633386565646139363034373237323032613066363535 +66366138663636633465346239326232336432353666323532656366353763616565333931353736 +63346662633165346334383933313231643934386232653038643937656464306365386261326539 +64313965663164366138326139626237353835313230393733663133393330323261353537626331 +36383733326162383431363861653137393063393336363437393936613237613761346134336233 +61343539383435396565613066363730376637616538383431363962656237326661383433303662 +39613234393230666434323233663066646430393564313261336436336433613562363066646630 +62653733613832386366306537656164336132323333376634346330643730333736323461343333 +65396264666265386230616438643135633765303164613135626330313261363865363466613863 +35336161316266666263336364343437343864623636326566663063313964386561656335393230 +31336334363230383261653432353430633531306631363362346534653966653738623039633463 +38333665323961616533326437356238393265373436356162313433643164326435386235343232 +61343564643233343234366165623066656431333936383132323930616662366238343233393466 +34643232306331633063353266326232323263663531386464313566383438353131643034643535 +30383664646238383838386263643466333537316136313666353132663766373765393633353361 +35646630373866386235383632356266633530633737363532363235616637653932313434363138 +35366631376439386239396135636463306661643438643431316134663338656330333732613464 +31336164626235323863386235343930343963356136373733666639393263343630623932646338 +62333039663237333731316135643735393932373731663066666239353338376538376162306138 +65313733303262663634343832643566343331396266363163653335363262343861613439663734 +39393631336135303338366230373961373865316338356133613738613366613336643436383238 +65656431636536393830393862623263356532613461353863613230336238346664343132623737 +32313037363365656263663237663736623762316566356139646535363836633366356438333062 +34376162343061343064383935313463656634333564666261616661653866343062383061303661 +39326164306564366662656630323164363533323865393237616265623131343039353864656332 +63623863663134393266323532386366643961306561373934313832613362643534323630363033 +30353433643234316533636330643538643463646164333362633535383865656663396539653131 +65633164363633666266623139666437616530343130336236633137303334303261 diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 8bc38ef..804536a 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -15,3 +15,9 @@ passit: fider: domain: "feedback.{{ base_domain }}" + +matrix: + domain: "matrix.{{ base_domain }}" + +riot: + domain: "riot.{{ base_domain }}" diff --git a/roles/docker/files/configs/riot-config.json b/roles/docker/files/configs/riot-config.json new file mode 100644 index 0000000..dd259d4 --- /dev/null +++ b/roles/docker/files/configs/riot-config.json @@ -0,0 +1,46 @@ +{ + "default_hs_url": "https://{{ matrix.domain }}", + "default_is_url": "https://vector.im", + "brand": "riot.data.coop", + "integrations_ui_url": "https://scalar.vector.im/", + "integrations_rest_url": "https://scalar.vector.im/api", + "integrations_widgets_urls": [ + "https://scalar-staging.riot.im/scalar/api", + "https://scalar.vector.im/api" + ], + "bug_report_endpoint_url": "https://riot.im/bugreports/submit", + "features": { + "feature_rich_quoting": "enable", + "feature_pinning": "enable", + "feature_presence_management": "enable", + "feature_sticker_messages": "enable", + "feature_jitsi": "enable", + "feature_tag_panel": "enable", + "feature_keybackup": "enable", + "feature_custom_status": "enable", + "feature_custom_tags": "enable", + "feature_lazyloading": "enable", + "feature_tabbed_settings": "enable", + "feature_sas": "enable" + }, + "welcomeUserId": "@riot-bot:matrix.org", + "piwik": false, + "roomDirectory": { + "servers": [ + "matrix.data.coop" + ] + }, + "enable_presence_by_hs_url": { + "https://matrix.data.coop": false + }, + "terms_and_conditions_links": [ + { + "url": "https://riot.im/privacy", + "text": "Privacy Policy" + }, + { + "url": "https://matrix.org/docs/guides/riot_im_cookie_policy", + "text": "Cookie Policy" + } + ] +} diff --git a/roles/docker/files/configs/riot.im.conf b/roles/docker/files/configs/riot.im.conf new file mode 100644 index 0000000..1c85942 --- /dev/null +++ b/roles/docker/files/configs/riot.im.conf @@ -0,0 +1 @@ +-c 3500 diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 4d8f863..f4183ac 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -1,13 +1,13 @@ --- - name: add docker gpg key apt_key: - keyserver: pgp.key-server.io + keyserver: pgp.mit.edu id: 8D81803C0EBFCD88 state: present - name: add docker apt repository apt_repository: - repo: deb https://download.docker.com/linux/ubuntu artful stable + repo: deb https://download.docker.com/linux/ubuntu bionic stable state: present update_cache: yes diff --git a/roles/docker/tasks/services/matrix_riot.yml b/roles/docker/tasks/services/matrix_riot.yml new file mode 100644 index 0000000..8d7afa6 --- /dev/null +++ b/roles/docker/tasks/services/matrix_riot.yml @@ -0,0 +1,80 @@ +--- + +- name: matrix network + docker_network: + name: matrix + +- name: matrix database volume + docker_volume: + name: matrix_db + +- name: riot volume + docker_volume: + name: riot_app + +- name: upload riot config.json + template: + src: files/configs/riot-config.json + dest: /var/lib/docker/volumes/riot_app/_data/config.json + +- name: upload riot.im.conf + template: + src: files/configs/riot.im.conf + dest: /var/lib/docker/volumes/riot_app/_data/riot.im.conf + +- name: matrix database container + docker_container: + name: matrix_db + image: postgres:10 + state: started + restart_policy: always + networks: + - name: matrix + volumes: + - matrix_db:/var/lib/postgresql/data + env: + POSTGRES_USER: "synapse" + POSTGRES_PASSWORD: "{{ postgres_passwords.matrix }}" + +- name: matrix container + docker_container: + name: matrix + image: matrixdotorg/synapse:latest + restart_policy: unless-stopped + networks: + - name: matrix + published_ports: + - 8448:8448 + env: + SYNAPSE_SERVER_NAME: "{{ matrix.domain }}" + SYNAPSE_REPORT_STATS: "False" + SYNAPSE_ENABLE_REGISTRATION: "True" + SYNAPSE_LOG_LEVEL: "INFO" + SYNAPSE_NO_TLS: "1" + POSTGRES_HOST: "matrix_db" + POSTGRES_USER: "synapse" + POSTGRES_PASSWORD: "{{ postgres_passwords.matrix }}" + VIRTUAL_HOST: "{{ matrix.domain }}" + VIRTUAL_PORT: "8008" + LETSENCRYPT_HOST: "{{ matrix.domain }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" + +- name: riot container + docker_container: + name: riot_app + image: avhost/docker-matrix-riot + state: started + restart_policy: always + networks: + - name: matrix + - name: external_services + volumes: + - riot_app:/data + published_ports: + - 8080 + env: + VIRTUAL_HOST: "{{ riot.domain }}" + VIRTUAL_PORT: "8080" + LETSENCRYPT_HOST: "{{ riot.domain }}" + LETSENCRYPT_EMAIL: "{{ letsencrypt_email }}" +