65b00c8840
- Enable ufw and by default deny incoming traffic - in other roles: if ufw (role) is enabled, then allow necessary ports
94 lines
2 KiB
JSON
94 lines
2 KiB
JSON
[
|
|
{
|
|
"name": "invoke required repositories",
|
|
"become": true,
|
|
"ansible.builtin.copy": {
|
|
"src": "sources-bullseye-backports.list",
|
|
"dest": "/etc/apt/sources.list.d/bullseye-backports-for-synapse.list"
|
|
}
|
|
},
|
|
{
|
|
"name": "prepare package installation | server-name",
|
|
"become": true,
|
|
"ansible.builtin.debconf": {
|
|
"name": "matrix-synapse",
|
|
"question": "matrix-synapse/server-name",
|
|
"vtype": "string",
|
|
"value": "{{var_synapse_domain}}"
|
|
}
|
|
},
|
|
{
|
|
"name": "prepare package installation | report-stats",
|
|
"become": true,
|
|
"ansible.builtin.debconf": {
|
|
"name": "matrix-synapse",
|
|
"question": "matrix-synapse/report-stats",
|
|
"vtype": "boolean",
|
|
"value": false
|
|
}
|
|
},
|
|
{
|
|
"name": "install packages",
|
|
"become": true,
|
|
"ansible.builtin.apt": {
|
|
"update_cache": true,
|
|
"pkg": [
|
|
"python3-authlib",
|
|
"matrix-synapse"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"name": "directories",
|
|
"become": true,
|
|
"loop": [
|
|
"/var/synapse"
|
|
],
|
|
"ansible.builtin.file": {
|
|
"state": "directory",
|
|
"path": "{{item}}",
|
|
"owner": "matrix-synapse"
|
|
}
|
|
},
|
|
{
|
|
"name": "emplace configuration",
|
|
"become": true,
|
|
"ansible.builtin.template": {
|
|
"src": "homeserver.yaml.j2",
|
|
"dest": "/etc/matrix-synapse/homeserver.yaml"
|
|
}
|
|
},
|
|
{
|
|
"name": "Check wether enabling UFW would be considered a changed",
|
|
"check_mode": true,
|
|
"community.general.ufw": {
|
|
"state": "enabled",
|
|
"register": "ufw_enable_check"
|
|
}
|
|
},
|
|
{
|
|
"name": "Allow matrix federation port in ufw",
|
|
"community.general.ufw": {
|
|
"rule": "allow",
|
|
"port": "8448",
|
|
"proto": "tcp"
|
|
},
|
|
"when": "not ufw_enable_check.changed"
|
|
},
|
|
{
|
|
"name": "restart service",
|
|
"become": true,
|
|
"ansible.builtin.systemd_service": {
|
|
"state": "restarted",
|
|
"name": "matrix-synapse"
|
|
}
|
|
},
|
|
{
|
|
"name": "setup admin user",
|
|
"become": true,
|
|
"ansible.builtin.shell": {
|
|
"cmd": "synapse_register_new_matrix_user --config=/etc/matrix-synapse/homeserver.yaml --admin --user={{var_synapse_admin_user_name}} --password={{var_synapse_admin_user_password}} || true"
|
|
},
|
|
"when": "var_synapse_admin_user_define"
|
|
}
|
|
]
|