[res]

2023-12-16 15:20:28 +01:00 · 2023-12-16 15:20:28 +01:00 · a5d1b1c02b
commit a5d1b1c02b
parent adda3f6677 10a2e47a3f
17 changed files with 108 additions and 132 deletions
--- a/ansible/roles/postgresql-for-synapse/defaults/main.json
+++ b/ansible/roles/postgresql-for-synapse/defaults/main.json
@ -0,0 +1,5 @@
+{
+	"var_postgresql_for_synapse_username": "synapse_user",
+	"var_postgresql_for_synapse_password": "synapse_password",
+	"var_postgresql_for_synapse_schema": "synapse"
+}
--- a/ansible/roles/postgresql:server-for-synapse/tasks/main.json
+++ b/ansible/roles/postgresql:server-for-synapse/tasks/main.json
@ -15,8 +15,8 @@
 		"become_user": "postgres",
 		"community.postgresql.postgresql_user": {
 			"state": "present",
-			"name": "{{var_postgresql_server_for_synapse_username}}",
-			"password": "{{var_postgresql_server_for_synapse_password}}"
+			"name": "{{var_postgresql_for_synapse_username}}",
+			"password": "{{var_postgresql_for_synapse_password}}"
 		}
 	},
 	{
@ -26,8 +26,8 @@
 		"community.postgresql.postgresql_db": {
 			"state": "present",
 			"template": "template0",
-			"name": "{{var_postgresql_server_for_synapse_schema}}",
-			"owner": "{{var_postgresql_server_for_synapse_username}}",
+			"name": "{{var_postgresql_for_synapse_schema}}",
+			"owner": "{{var_postgresql_for_synapse_username}}",
 			"encoding": "UTF-8",
 			"lc_collate": "C",
 			"lc_ctype": "C"
@ -39,9 +39,9 @@
 		"become_user": "postgres",
 		"community.postgresql.postgresql_privs": {
 			"state": "present",
-			"db": "{{var_postgresql_server_for_synapse_schema}}",
+			"db": "{{var_postgresql_for_synapse_schema}}",
 			"objs": "ALL_IN_SCHEMA",
-			"roles": "{{var_postgresql_server_for_synapse_username}}",
+			"roles": "{{var_postgresql_for_synapse_username}}",
 			"privs": "ALL",
 			"grant_option": true
 		}
--- a/ansible/roles/postgresql/tasks/main.json
+++ b/ansible/roles/postgresql/tasks/main.json
@ -10,13 +10,13 @@
 	},
 	{
 		"name": "get version",
-		"ansible.builtin.command": {
-			"cmd": "ls /etc/postgresql"
+		"ansible.builtin.shell": {
+			"cmd": "ls /etc/postgresql | sort -n | tail -n 1"
 		},
 		"register": "temp_version_output"
 	},
 	{
-		"name": "set port",
+		"name": "config",
 		"become": true,
 		"ansible.builtin.template": {
 			"src": "postgresql.conf.j2",
@ -24,7 +24,7 @@
 		}
 	},
 	{
-		"name": "restart service",
+		"name": "apply",
 		"become": true,
 		"ansible.builtin.systemd_service": {
 			"state": "restarted",
--- a/ansible/roles/postgresql:client-for-synapse/defaults/main.json
+++ b/ansible/roles/postgresql:client-for-synapse/defaults/main.json
@ -1,7 +0,0 @@
-{
-	"var_postgresql_client_for_synapse_host": "localhost",
-	"var_postgresql_client_for_synapse_port": "5432",
-	"var_postgresql_client_for_synapse_username": "synapse_user",
-	"var_postgresql_client_for_synapse_password": "synapse_password",
-	"var_postgresql_client_for_synapse_schema": "synapse"
-}
--- a/ansible/roles/postgresql:client-for-synapse/info.md
+++ b/ansible/roles/postgresql:client-for-synapse/info.md
@ -1,3 +0,0 @@
-## Verweise
-
- [Synapse-Dokumentation](https://matrix-org.github.io/synapse/latest/postgres.html#using-postgres)
--- a/ansible/roles/postgresql:client-for-synapse/tasks/main.json
+++ b/ansible/roles/postgresql:client-for-synapse/tasks/main.json
@ -1,10 +0,0 @@
-[
-	{
-		"name": "emplace configuration file",
-		"become": true,
-		"ansible.builtin.template": {
-			"src": "database.yaml.j2",
-			"dest": "/etc/matrix-synapse/conf.d/database.yaml"
-		}
-	}
-]
--- a/ansible/roles/postgresql:client-for-synapse/templates/database.yaml.j2
+++ b/ansible/roles/postgresql:client-for-synapse/templates/database.yaml.j2
@ -1,10 +0,0 @@
-database:
-  name: psycopg2
-  args:
-    host: {{var_postgresql_client_for_synapse_host}}
-    port: {{var_postgresql_client_for_synapse_port}}
-    database: "{{var_postgresql_client_for_synapse_schema}}"
-    user: "{{var_postgresql_client_for_synapse_username}}"
-    password: "{{var_postgresql_client_for_synapse_password}}"
-    cp_min: 5
-    cp_max: 10
--- a/ansible/roles/postgresql:server-for-synapse/defaults/main.json
+++ b/ansible/roles/postgresql:server-for-synapse/defaults/main.json
@ -1,5 +0,0 @@
-{
-	"var_postgresql_server_for_synapse_username": "synapse_user",
-	"var_postgresql_server_for_synapse_password": "synapse_password",
-	"var_postgresql_server_for_synapse_schema": "synapse"
-}
--- a/ansible/roles/synapse/defaults/main.json
+++ b/ansible/roles/synapse/defaults/main.json
@ -1,6 +1,12 @@
 {
 	"var_synapse_scheme": "https",
 	"var_synapse_domain": "matrix.example.org",
+	"var_synaspe_database_kind": "postgresql",
+	"var_synaspe_database_postgresql_host": "localhost",
+	"var_synaspe_database_postgresql_port": "5432",
+	"var_synaspe_database_postgresql_username": "synapse_user",
+	"var_synaspe_database_postgresql_password": "synapse_password",
+	"var_synaspe_database_postgresql_schema": "synapse",
 	"var_synapse_element_url": "https://element.example.org",
 	"var_synapse_title": "Example | Matrix",
 	"var_synapse_federation_whitelist": "[]",
--- a/ansible/roles/synapse/info.md
+++ b/ansible/roles/synapse/info.md
@ -1,10 +1,11 @@
 ## Beschreibung

+Zur Einrichtung des [matrix.org](https://matrix.org/)-Servers Synapse


 ## Verweise

- [matrix.org](https://matrix.org/)
 - [ubuntuusers-Wiki-Eintrag](https://wiki.ubuntuusers.de/Matrix_synapse/)
 - [GitHub-Repository](https://github.com/matrix-org/synapse)
 - [Configuration Manual](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html)
+- [Dokumentation | PostgreSQL](https://matrix-org.github.io/synapse/latest/postgres.html#using-postgres)
--- a/ansible/roles/synapse/templates/homeserver.yaml.j2
+++ b/ansible/roles/synapse/templates/homeserver.yaml.j2
@ -1,3 +1,16 @@
+{% if var_synaspe_database_kind == 'postgresql' %}
+database:
+  name: psycopg2
+  args:
+    host: {{var_synapse_database_postgresql_host}}
+    port: {{var_synapse_database_postgresql_port}}
+    database: "{{var_synapse_database_postgresql_schema}}"
+    user: "{{var_synapse_database_postgresql_username}}"
+    password: "{{var_synapse_database_postgresql_password}}"
+    cp_min: 5
+    cp_max: 10
+{% endif %}
+
 no_tls: True

 tls_fingerprints: []
--- a/ansible/roles/tlscert_acme_inwx/tasks/main.json
+++ b/ansible/roles/tlscert_acme_inwx/tasks/main.json
@ -10,39 +10,21 @@
 		}
 	},
 	{
-		"name": "setup directories | keys",
+		"name": "directories | ssl",
 		"become": true,
+		"loop": [
+			"{{var_tlscert_acme_inwx_ssl_directory}}/private",
+			"{{var_tlscert_acme_inwx_ssl_directory}}/csr",
+			"{{var_tlscert_acme_inwx_ssl_directory}}/certs",
+			"{{var_tlscert_acme_inwx_ssl_directory}}/fullchains"
+		],
 		"ansible.builtin.file": {
 			"state": "directory",
-			"path": "{{var_tlscert_acme_inwx_ssl_directory}}/private"
+			"path": "{{item}}"
 		}
 	},
 	{
-		"name": "setup directories | certs",
-		"become": true,
-		"ansible.builtin.file": {
-			"state": "directory",
-			"path": "{{var_tlscert_acme_inwx_ssl_directory}}/certs"
-		}
-	},
-	{
-		"name": "setup directories | csr",
-		"become": true,
-		"ansible.builtin.file": {
-			"state": "directory",
-			"path": "{{var_tlscert_acme_inwx_ssl_directory}}/csr"
-		}
-	},
-	{
-		"name": "setup directories | fullchains",
-		"become": true,
-		"ansible.builtin.file": {
-			"state": "directory",
-			"path": "{{var_tlscert_acme_inwx_ssl_directory}}/fullchains"
-		}
-	},
-	{
-		"name": "setup directories | Let's Encrypt account key",
+		"name": "directories | Let's Encrypt account key",
 		"become": true,
 		"ansible.builtin.file": {
 			"state": "directory",
@ -50,14 +32,14 @@
 		}
 	},
 	{
-		"name": "csr | generate private key",
+		"name": "key",
 		"become": true,
 		"community.crypto.openssl_privatekey": {
 			"path": "{{var_tlscert_acme_inwx_ssl_directory}}/private/{{var_tlscert_acme_inwx_domain_path}}.{{var_tlscert_acme_inwx_domain_base}}.pem"
 		}
 	},
 	{
-		"name": "csr | execute",
+		"name": "csr",
 		"become": true,
 		"community.crypto.openssl_csr": {
 			"common_name": "{{var_tlscert_acme_inwx_domain_path}}.{{var_tlscert_acme_inwx_domain_base}}",
@ -66,7 +48,7 @@
 		}
 	},
 	{
-		"name": "acme | generate account key",
+		"name": "acme | account key",
 		"become": true,
 		"ansible.builtin.shell": {
 			"cmd": "test -f {{var_tlscert_acme_inwx_acme_account_key_path}} || openssl genrsa 4096 > {{var_tlscert_acme_inwx_acme_account_key_path}}"
--- a/ansible/roles/tlscert_acme_netcup/defaults/main.json
+++ b/ansible/roles/tlscert_acme_netcup/defaults/main.json
@ -6,5 +6,6 @@
 	"var_tlscert_acme_netcup_netcup_api_key": "REPLACE_ME",
 	"var_tlscert_acme_netcup_domain_base": "example.org",
 	"var_tlscert_acme_netcup_domain_path": "foo",
+	"var_tlscert_acme_netcup_challenge_delay": 300,
 	"var_tlscert_acme_netcup_ssl_directory": "/etc/ssl"
 }
--- a/ansible/roles/tlscert_acme_netcup/tasks/main.json
+++ b/ansible/roles/tlscert_acme_netcup/tasks/main.json
@ -20,39 +20,21 @@
 		}
 	},
 	{
-		"name": "setup directories | keys",
+		"name": "directories | ssl",
 		"become": true,
+		"loop": [
+			"{{var_tlscert_acme_netcup_ssl_directory}}/private",
+			"{{var_tlscert_acme_netcup_ssl_directory}}/csr",
+			"{{var_tlscert_acme_netcup_ssl_directory}}/certs",
+			"{{var_tlscert_acme_netcup_ssl_directory}}/fullchains"
+		],
 		"ansible.builtin.file": {
 			"state": "directory",
-			"path": "{{var_tlscert_acme_netcup_ssl_directory}}/private"
+			"path": "{{item}}"
 		}
 	},
 	{
-		"name": "setup directories | certs",
-		"become": true,
-		"ansible.builtin.file": {
-			"state": "directory",
-			"path": "{{var_tlscert_acme_netcup_ssl_directory}}/certs"
-		}
-	},
-	{
-		"name": "setup directories | csr",
-		"become": true,
-		"ansible.builtin.file": {
-			"state": "directory",
-			"path": "{{var_tlscert_acme_netcup_ssl_directory}}/csr"
-		}
-	},
-	{
-		"name": "setup directories | fullchains",
-		"become": true,
-		"ansible.builtin.file": {
-			"state": "directory",
-			"path": "{{var_tlscert_acme_netcup_ssl_directory}}/fullchains"
-		}
-	},
-	{
-		"name": "setup directories | Let's Encrypt account key",
+		"name": "directories | Let's Encrypt account key",
 		"become": true,
 		"ansible.builtin.file": {
 			"state": "directory",
@ -60,14 +42,14 @@
 		}
 	},
 	{
-		"name": "csr | generate private key",
+		"name": "key",
 		"become": true,
 		"community.crypto.openssl_privatekey": {
 			"path": "{{var_tlscert_acme_netcup_ssl_directory}}/private/{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}.pem"
 		}
 	},
 	{
-		"name": "csr | execute",
+		"name": "csr",
 		"become": true,
 		"community.crypto.openssl_csr": {
 			"common_name": "{{var_tlscert_acme_netcup_domain_path}}.{{var_tlscert_acme_netcup_domain_base}}",
@ -115,7 +97,7 @@
 		"name": "dns challenge | wait",
 		"when": "'challenge_data' in temp_acme_data",
 		"ansible.builtin.pause": {
-			"seconds": 300
+			"seconds": "{{var_tlscert_acme_netcup_challenge_delay}}"
 		}
 	},
 	{
--- a/ansible/roles/tlscert_existing/defaults/main.json
+++ b/ansible/roles/tlscert_existing/defaults/main.json
@ -0,0 +1,7 @@
+{
+	"var_tlscert_existing_key_path": "/tmp/key.pem",
+	"var_tlscert_existing_cert_path": "/tmp/cert.pem",
+	"var_tlscert_existing_domain_base": "example.org",
+	"var_tlscert_existing_domain_path": "foo",
+	"var_tlscert_existing_ssl_directory": "/etc/ssl"
+}
--- a/ansible/roles/tlscert_existing/tasks/main.json
+++ b/ansible/roles/tlscert_existing/tasks/main.json
@ -0,0 +1,32 @@
+[
+	{
+		"name": "directories",
+		"become": true,
+		"loop": [
+			"{{var_tlscert_existing_ssl_directory}}/private",
+			"{{var_tlscert_existing_ssl_directory}}/csr",
+			"{{var_tlscert_existing_ssl_directory}}/certs",
+			"{{var_tlscert_existing_ssl_directory}}/fullchains"
+		],
+		"ansible.builtin.file": {
+			"state": "directory",
+			"path": "{{item}}"
+		}
+	},
+	{
+		"name": "key",
+		"become": true,
+		"ansible.builtin.copy": {
+			"src": "{{var_tlscert_existing_key_path}}",
+			"dest": "{{var_tlscert_existing_ssl_directory}}/private/{{var_tlscert_existing_domain_path}}.{{var_tlscert_existing_domain_base}}.pem"
+		}
+	},
+	{
+		"name": "cert",
+		"become": true,
+		"ansible.builtin.copy": {
+			"src": "{{var_tlscert_existing_cert_path}}",
+			"dest": "{{var_tlscert_existing_ssl_directory}}/certs/{{var_tlscert_existing_domain_path}}.{{var_tlscert_existing_domain_base}}.pem"
+		}
+	}
+]
--- a/ansible/roles/tlscert_selfsigned/tasks/main.json
+++ b/ansible/roles/tlscert_selfsigned/tasks/main.json
@ -10,35 +10,17 @@
 		}
 	},
 	{
-		"name": "setup directories | keys",
+		"name": "setup directories",
 		"become": true,
+		"loop": [
+			"{{var_tlscert_selfsigned_ssl_directory}}/private",
+			"{{var_tlscert_selfsigned_ssl_directory}}/csr",
+			"{{var_tlscert_selfsigned_ssl_directory}}/certs",
+			"{{var_tlscert_selfsigned_ssl_directory}}/fullchains"
+		],
 		"ansible.builtin.file": {
 			"state": "directory",
-			"path": "{{var_tlscert_selfsigned_ssl_directory}}/private"
-		}
-	},
-	{
-		"name": "setup directories | certs",
-		"become": true,
-		"ansible.builtin.file": {
-			"state": "directory",
-			"path": "{{var_tlscert_selfsigned_ssl_directory}}/certs"
-		}
-	},
-	{
-		"name": "setup directories | csr",
-		"become": true,
-		"ansible.builtin.file": {
-			"state": "directory",
-			"path": "{{var_tlscert_selfsigned_ssl_directory}}/csr"
-		}
-	},
-	{
-		"name": "setup directories | fullchains",
-		"become": true,
-		"ansible.builtin.file": {
-			"state": "directory",
-			"path": "{{var_tlscert_selfsigned_ssl_directory}}/fullchains"
+			"path": "{{item}}"
 		}
 	},
 	{