Merge branch 'main' into dev-authelia

ansible/roles/postgresql-for-synapse/defaults/main.json

@@ -0,0 +1,5 @@
+{
+	"var_postgresql_for_synapse_username": "synapse_user",
+	"var_postgresql_for_synapse_password": "synapse_password",
+	"var_postgresql_for_synapse_schema": "synapse"
+}

ansible/roles/postgresql-for-synapse/tasks/main.json

@@ -15,8 +15,8 @@
 		"become_user": "postgres",
 		"community.postgresql.postgresql_user": {
 			"state": "present",
-			"name": "{{var_postgresql_server_for_synapse_username}}",
+			"name": "{{var_postgresql_for_synapse_username}}",
-			"password": "{{var_postgresql_server_for_synapse_password}}"
+			"password": "{{var_postgresql_for_synapse_password}}"
 		}
 	},
 	{
@@ -26,8 +26,8 @@
 		"community.postgresql.postgresql_db": {
 			"state": "present",
 			"template": "template0",
-			"name": "{{var_postgresql_server_for_synapse_schema}}",
+			"name": "{{var_postgresql_for_synapse_schema}}",
-			"owner": "{{var_postgresql_server_for_synapse_username}}",
+			"owner": "{{var_postgresql_for_synapse_username}}",
 			"encoding": "UTF-8",
 			"lc_collate": "C",
 			"lc_ctype": "C"
@@ -39,9 +39,9 @@
 		"become_user": "postgres",
 		"community.postgresql.postgresql_privs": {
 			"state": "present",
-			"db": "{{var_postgresql_server_for_synapse_schema}}",
+			"db": "{{var_postgresql_for_synapse_schema}}",
 			"objs": "ALL_IN_SCHEMA",
-			"roles": "{{var_postgresql_server_for_synapse_username}}",
+			"roles": "{{var_postgresql_for_synapse_username}}",
 			"privs": "ALL",
 			"grant_option": true
 		}

ansible/roles/postgresql/tasks/main.json

@@ -10,13 +10,13 @@
 	},
 	{
 		"name": "get version",
-		"ansible.builtin.command": {
+		"ansible.builtin.shell": {
-			"cmd": "ls /etc/postgresql"
+			"cmd": "ls /etc/postgresql | sort -n | tail -n 1"
 		},
 		"register": "temp_version_output"
 	},
 	{
-		"name": "set port",
+		"name": "config",
 		"become": true,
 		"ansible.builtin.template": {
 			"src": "postgresql.conf.j2",
@@ -24,7 +24,7 @@
 		}
 	},
 	{
-		"name": "restart service",
+		"name": "apply",
 		"become": true,
 		"ansible.builtin.systemd_service": {
 			"state": "restarted",

ansible/roles/postgresql:client-for-synapse/defaults/main.json

@@ -1,7 +0,0 @@
-{
-	"var_postgresql_client_for_synapse_host": "localhost",
-	"var_postgresql_client_for_synapse_port": "5432",
-	"var_postgresql_client_for_synapse_username": "synapse_user",
-	"var_postgresql_client_for_synapse_password": "synapse_password",
-	"var_postgresql_client_for_synapse_schema": "synapse"
-}

ansible/roles/postgresql:client-for-synapse/info.md

@@ -1,3 +0,0 @@
-## Verweise
-
-- [Synapse-Dokumentation](https://matrix-org.github.io/synapse/latest/postgres.html#using-postgres)

ansible/roles/postgresql:client-for-synapse/tasks/main.json

@@ -1,10 +0,0 @@
-[
-	{
-		"name": "emplace configuration file",
-		"become": true,
-		"ansible.builtin.template": {
-			"src": "database.yaml.j2",
-			"dest": "/etc/matrix-synapse/conf.d/database.yaml"
-		}
-	}
-]

ansible/roles/postgresql:client-for-synapse/templates/database.yaml.j2

@@ -1,10 +0,0 @@
-database:
-  name: psycopg2
-  args:
-    host: {{var_postgresql_client_for_synapse_host}}
-    port: {{var_postgresql_client_for_synapse_port}}
-    database: "{{var_postgresql_client_for_synapse_schema}}"
-    user: "{{var_postgresql_client_for_synapse_username}}"
-    password: "{{var_postgresql_client_for_synapse_password}}"
-    cp_min: 5
-    cp_max: 10

ansible/roles/postgresql:server-for-synapse/defaults/main.json

@@ -1,5 +0,0 @@
-{
-	"var_postgresql_server_for_synapse_username": "synapse_user",
-	"var_postgresql_server_for_synapse_password": "synapse_password",
-	"var_postgresql_server_for_synapse_schema": "synapse"
-}

ansible/roles/synapse/defaults/main.json

@@ -1,6 +1,12 @@
 {
 	"var_synapse_scheme": "https",
 	"var_synapse_domain": "matrix.example.org",
+	"var_synaspe_database_kind": "postgresql",
+	"var_synaspe_database_postgresql_host": "localhost",
+	"var_synaspe_database_postgresql_port": "5432",
+	"var_synaspe_database_postgresql_username": "synapse_user",
+	"var_synaspe_database_postgresql_password": "synapse_password",
+	"var_synaspe_database_postgresql_schema": "synapse",
 	"var_synapse_element_url": "https://element.example.org",
 	"var_synapse_title": "Example | Matrix",
 	"var_synapse_federation_whitelist": "[]",

ansible/roles/synapse/info.md

@@ -1,10 +1,11 @@
 ## Beschreibung
 
+Zur Einrichtung des [matrix.org](https://matrix.org/)-Servers Synapse
 
 
 ## Verweise
 
-- [matrix.org](https://matrix.org/)
 - [ubuntuusers-Wiki-Eintrag](https://wiki.ubuntuusers.de/Matrix_synapse/)
 - [GitHub-Repository](https://github.com/matrix-org/synapse)
 - [Configuration Manual](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html)
+- [Dokumentation | PostgreSQL](https://matrix-org.github.io/synapse/latest/postgres.html#using-postgres)

ansible/roles/synapse/templates/homeserver.yaml.j2

@@ -1,3 +1,16 @@
+{% if var_synaspe_database_kind == 'postgresql' %}
+database:
+  name: psycopg2
+  args:
+    host: {{var_synapse_database_postgresql_host}}
+    port: {{var_synapse_database_postgresql_port}}
+    database: "{{var_synapse_database_postgresql_schema}}"
+    user: "{{var_synapse_database_postgresql_username}}"
+    password: "{{var_synapse_database_postgresql_password}}"
+    cp_min: 5
+    cp_max: 10
+{% endif %}
+
 no_tls: True
 
 tls_fingerprints: []

ansible/roles/tlscert_acme_inwx/tasks/main.json

@@ -10,39 +10,21 @@
 		}
 	},
 	{
-		"name": "setup directories | keys",
+		"name": "directories | ssl",
 		"become": true,
+		"loop": [
+			"{{var_tlscert_acme_inwx_ssl_directory}}/private",
+			"{{var_tlscert_acme_inwx_ssl_directory}}/csr",
+			"{{var_tlscert_acme_inwx_ssl_directory}}/certs",
+			"{{var_tlscert_acme_inwx_ssl_directory}}/fullchains"
+		],
 		"ansible.builtin.file": {
 			"state": "directory",
-			"path": "{{var_tlscert_acme_inwx_ssl_directory}}/private"
+			"path": "{{item}}"
 		}
 	},
 	{
-		"name": "setup directories | certs",
+		"name": "directories | Let's Encrypt account key",
-		"become": true,
-		"ansible.builtin.file": {
-			"state": "directory",
-			"path": "{{var_tlscert_acme_inwx_ssl_directory}}/certs"
-		}
-	},
-	{
-		"name": "setup directories | csr",
-		"become": true,
-		"ansible.builtin.file": {
-			"state": "directory",
-			"path": "{{var_tlscert_acme_inwx_ssl_directory}}/csr"
-		}
-	},
-	{
-		"name": "setup directories | fullchains",
-		"become": true,
-		"ansible.builtin.file": {
-			"state": "directory",
-			"path": "{{var_tlscert_acme_inwx_ssl_directory}}/fullchains"
-		}
-	},
-	{
-		"name": "setup directories | Let's Encrypt account key",
 		"become": true,
 		"ansible.builtin.file": {
 			"state": "directory",
@@ -50,14 +32,14 @@
 		}
 	},
 	{
-		"name": "csr | generate private key",
+		"name": "key",
 		"become": true,
 		"community.crypto.openssl_privatekey": {
 			"path": "{{var_tlscert_acme_inwx_ssl_directory}}/private/{{var_tlscert_acme_inwx_domain_path}}.{{var_tlscert_acme_inwx_domain_base}}.pem"
 		}
 	},
 	{
-		"name": "csr | execute",
+		"name": "csr",
 		"become": true,
 		"community.crypto.openssl_csr": {
 			"common_name": "{{var_tlscert_acme_inwx_domain_path}}.{{var_tlscert_acme_inwx_domain_base}}",
@@ -66,7 +48,7 @@
 		}
 	},
 	{
-		"name": "acme | generate account key",
+		"name": "acme | account key",
 		"become": true,
 		"ansible.builtin.shell": {
 			"cmd": "test -f {{var_tlscert_acme_inwx_acme_account_key_path}} || openssl genrsa 4096 > {{var_tlscert_acme_inwx_acme_account_key_path}}"

ansible/roles/tlscert_acme_netcup/defaults/main.json

@@ -6,5 +6,6 @@
 	"var_tlscert_acme_netcup_netcup_api_key": "REPLACE_ME",
 	"var_tlscert_acme_netcup_domain_base": "example.org",
 	"var_tlscert_acme_netcup_domain_path": "foo",
+	"var_tlscert_acme_netcup_challenge_delay": 300,
 	"var_tlscert_acme_netcup_ssl_directory": "/etc/ssl"
 }

ansible/roles/tlscert_acme_netcup/tasks/main.json

@@ -1,48 +1,40 @@
 [
 	{
-		"name": "packages",
+		"name": "packages | debian",
 		"become": true,
 		"ansible.builtin.apt": {
 			"pkg": [
 				"openssl",
-				"python3-cryptography"
+				"python3-cryptography",
+				"python3-pip"
 			]
 		}
 	},
 	{
-		"name": "setup directories | keys",
+		"name": "packages | python",
-		"become": true,
+		"ansible.builtin.pip": {
-		"ansible.builtin.file": {
+			"name": "nc_dnsapi"
-			"state": "directory",
+		},
-			"path": "{{var_tlscert_acme_netcup_ssl_directory}}/private"
+		"environment": {
+			"PIP_BREAK_SYSTEM_PACKAGES": "1"
 		}
 	},
 	{
-		"name": "setup directories | certs",
+		"name": "directories | ssl",
 		"become": true,
+		"loop": [
+			"{{var_tlscert_acme_netcup_ssl_directory}}/private",
+			"{{var_tlscert_acme_netcup_ssl_directory}}/csr",
+			"{{var_tlscert_acme_netcup_ssl_directory}}/certs",
+			"{{var_tlscert_acme_netcup_ssl_directory}}/fullchains"
+		],
 		"ansible.builtin.file": {
 			"state": "directory",
-			"path": "{{var_tlscert_acme_netcup_ssl_directory}}/certs"
+			"path": "{{item}}"
 		}
 	},
 	{
-		"name": "setup directories | csr",
+		"name": "directories | Let's Encrypt account key",
-		"become": true,
-		"ansible.builtin.file": {
-			"state": "directory",
-			"path": "{{var_tlscert_acme_netcup_ssl_directory}}/csr"
-		}
-	},
-	{
-		"name": "setup directories | fullchains",
-		"become": true,
-		"ansible.builtin.file": {
-			"state": "directory",
-			"path": "{{var_tlscert_acme_netcup_ssl_directory}}/fullchains"
-		}
-	},
-	{
-		"name": "setup directories | Let's Encrypt account key",
 		"become": true,
 		"ansible.builtin.file": {
 			"state": "directory",
@@ -50,14 +42,14 @@
 		}
 	},
 	{
-		"name": "csr | generate private key",
+		"name": "key",
 		"become": true,
 		"community.crypto.openssl_privatekey": {
 			"path": "{{var_tlscert_acme_netcup_ssl_directory}}/private/{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}.pem"
 		}
 	},
 	{
-		"name": "csr | execute",
+		"name": "csr",
 		"become": true,
 		"community.crypto.openssl_csr": {
 			"common_name": "{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}",
@@ -105,7 +97,7 @@
 		"name": "dns challenge | wait",
 		"when": "'challenge_data' in temp_acme_data",
 		"ansible.builtin.pause": {
-			"seconds": 60
+			"seconds": "{{var_tlscert_acme_netcup_challenge_delay}}"
 		}
 	},
 	{

ansible/roles/tlscert_existing/defaults/main.json

@@ -0,0 +1,7 @@
+{
+	"var_tlscert_existing_key_path": "/tmp/key.pem",
+	"var_tlscert_existing_cert_path": "/tmp/cert.pem",
+	"var_tlscert_existing_domain_base": "example.org",
+	"var_tlscert_existing_domain_path": "foo",
+	"var_tlscert_existing_ssl_directory": "/etc/ssl"
+}

ansible/roles/tlscert_existing/tasks/main.json

@@ -0,0 +1,32 @@
+[
+	{
+		"name": "directories",
+		"become": true,
+		"loop": [
+			"{{var_tlscert_existing_ssl_directory}}/private",
+			"{{var_tlscert_existing_ssl_directory}}/csr",
+			"{{var_tlscert_existing_ssl_directory}}/certs",
+			"{{var_tlscert_existing_ssl_directory}}/fullchains"
+		],
+		"ansible.builtin.file": {
+			"state": "directory",
+			"path": "{{item}}"
+		}
+	},
+	{
+		"name": "key",
+		"become": true,
+		"ansible.builtin.copy": {
+			"src": "{{var_tlscert_existing_key_path}}",
+			"dest": "{{var_tlscert_existing_ssl_directory}}/private/{{var_tlscert_existing_domain_path}}.{{var_tlscert_existing_domain_base}}.pem"
+		}
+	},
+	{
+		"name": "cert",
+		"become": true,
+		"ansible.builtin.copy": {
+			"src": "{{var_tlscert_existing_cert_path}}",
+			"dest": "{{var_tlscert_existing_ssl_directory}}/certs/{{var_tlscert_existing_domain_path}}.{{var_tlscert_existing_domain_base}}.pem"
+		}
+	}
+]

ansible/roles/tlscert_selfsigned/tasks/main.json

@@ -10,35 +10,17 @@
 		}
 	},
 	{
-		"name": "setup directories | keys",
+		"name": "setup directories",
 		"become": true,
+		"loop": [
+			"{{var_tlscert_selfsigned_ssl_directory}}/private",
+			"{{var_tlscert_selfsigned_ssl_directory}}/csr",
+			"{{var_tlscert_selfsigned_ssl_directory}}/certs",
+			"{{var_tlscert_selfsigned_ssl_directory}}/fullchains"
+		],
 		"ansible.builtin.file": {
 			"state": "directory",
-			"path": "{{var_tlscert_selfsigned_ssl_directory}}/private"
+			"path": "{{item}}"
-		}
-	},
-	{
-		"name": "setup directories | certs",
-		"become": true,
-		"ansible.builtin.file": {
-			"state": "directory",
-			"path": "{{var_tlscert_selfsigned_ssl_directory}}/certs"
-		}
-	},
-	{
-		"name": "setup directories | csr",
-		"become": true,
-		"ansible.builtin.file": {
-			"state": "directory",
-			"path": "{{var_tlscert_selfsigned_ssl_directory}}/csr"
-		}
-	},
-	{
-		"name": "setup directories | fullchains",
-		"become": true,
-		"ansible.builtin.file": {
-			"state": "directory",
-			"path": "{{var_tlscert_selfsigned_ssl_directory}}/fullchains"
 		}
 	},
 	{