Configured synapse

2023-02-27 21:09:45 -05:00
parent 45eb75773a
commit e78c943fb0
15 changed files with 274 additions and 4 deletions
--- a/ansible/main.yml
+++ b/ansible/main.yml
@@ -18,4 +18,5 @@
    - nextcloud
    - tautulli
    - gitea
-      #- renovate
+    - name: synapse
+      tags: test
--- a/ansible/roles/qbittorrent/files/qbitmanage/config.yml
+++ b/ansible/roles/qbittorrent/files/qbitmanage/config.yml
@@ -20,10 +20,12 @@ directory:

 cat:
  movies: /data/torrents/movies
+  movies.cross-seed: /data/torrents/movies
  tv: /data/torrents/tv
+  tv.cross-seed: /data/torrents/tv
  music: /data/torrents/music
+  music.cross-seed: /data/torrents/music

-  torrents: /data/torrents/
 tracker:
  digitalcore:
    tag: DigitalCore
@@ -52,6 +54,8 @@ tracker:
    tag: RuTracker
  rarbg:
    tag: RarBG
+  reelflix:
+    tag: ReelFlix

 nohardlinks:
  movies:
@@ -61,6 +65,13 @@ nohardlinks:
    min_seeding_time: 43200
    resume_torrent_after_untagging_noHL: true
    exclude_tags:
+  movies.cross-seed:
+    cleanup: true
+    max_ratio: 4.0
+    max_seeding_time: 43200 # 30 days
+    min_seeding_time: 43200
+    resume_torrent_after_untagging_noHL: true
+    exclude_tags:
  tv:
    cleanup: true
    max_ratio: 4.0
@@ -68,6 +79,13 @@ nohardlinks:
    min_seeding_time: 43200
    resume_torrent_after_untagging_noHL: true
    exclude_tags:
+  tv.cross-seed:
+    cleanup: true
+    max_ratio: 4.0
+    max_seeding_time: 43200
+    min_seeding_time: 43200
+    resume_torrent_after_untagging_noHL: true
+    exclude_tags:
  music:
    cleanup: true
    max_ratio: 4.0
@@ -75,6 +93,13 @@ nohardlinks:
    min_seeding_time: 43200
    resume_torrent_after_untagging_noHL: true
    exclude_tags:
+  music.cross-seed:
+    cleanup: true
+    max_ratio: 4.0
+    max_seeding_time: 43200
+    min_seeding_time: 43200
+    resume_torrent_after_untagging_noHL: true
+    exclude_tags:

 recyclebin:
  enabled: true
--- a/ansible/roles/qbittorrent/handlers/main.yml
+++ b/ansible/roles/qbittorrent/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: restart qbittorrent
+  community.docker.docker_compose:
+    project_src: "{{ install_directory }}/qbittorrent"
+    restarted: true
--- a/ansible/roles/qbittorrent/tasks/main.yml
+++ b/ansible/roles/qbittorrent/tasks/main.yml
@@ -30,6 +30,7 @@
    dest: "{{ data_dir }}/qbitmanage/config.yml"
    owner: "{{ service_user.uid }}"
    mode: "{{ docker_compose_file_mask }}"
+  notify: restart qbittorrent
  become: true

 - name: Create cross-seed config directory
@@ -46,6 +47,7 @@
    dest: "{{ data_dir }}/cross-seed/config.js"
    owner: "{{ service_user.uid }}"
    mode: "{{ docker_compose_file_mask }}"
+  notify: restart qbittorrent
  become: true

 - name: Start docker containers
--- a/ansible/roles/qbittorrent/templates/cross-seed/config.js
+++ b/ansible/roles/qbittorrent/templates/cross-seed/config.js
@@ -10,6 +10,7 @@ module.exports = {
 	    "http://prowlarr.local.{{ personal_domain }}/4/api?apikey={{ prowlarr_api_key }}", // TorrentSeeds
 	    "http://prowlarr.local.{{ personal_domain }}/5/api?apikey={{ prowlarr_api_key }}", // AnimeTosho
 	    "http://prowlarr.local.{{ personal_domain }}/6/api?apikey={{ prowlarr_api_key }}", // Aither
+	    "http://prowlarr.local.{{ personal_domain }}/7/api?apikey={{ prowlarr_api_key }}", // Reelflix
    ],

    torrentDir: "/torrents",
@@ -23,7 +24,7 @@ module.exports = {
    rtorrentRpcUrl: undefined,
    qbittorrentUrl: "https://qbittorrent.local.{{ personal_domain }}",
    duplicateCategories: true,
-    notificationWebhookUrl: undefined,
+    notificationWebhookUrl: "ntfy://push.{{ personal_domain }}/{{ ntfy_crossseed_topic }}",
    port: 2468,
    rssCadence: "2w",
    searchCadence: "6w",
--- a/ansible/roles/qbittorrent/templates/docker-compose.yml
+++ b/ansible/roles/qbittorrent/templates/docker-compose.yml
@@ -29,9 +29,11 @@ services:
    container_name: qbitmanage
    image: cr.hotio.dev/hotio/qbitmanage
    restart: unless-stopped
+    depends_on:
+      - qbittorrent
    environment:
      PUID: "{{ service_user.uid }}"
-      PGID: "{{ service_user.uid }}"
+      PGID: "{{ media_gid }}"
      UMASK: 002
      TZ: "{{ timezone }}"
      QBT_DRY_RUN: "False"
--- a/ansible/roles/qbittorrent/vars/main.yml
+++ b/ansible/roles/qbittorrent/vars/main.yml
@@ -6,3 +6,11 @@ prowlarr_api_key: !vault |
  6236313433373065640a393262613061613739626636653162653963663236303834376366626234
  65316164613935376234356466333666316531353565393034353032653136376530663634383061
  6335326539333362316333353131303533353537623232343637
+
+ntfy_crossseed_topic: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  61393334343262366334353030356132383433333531643735316662386465636261333432623530
+  3435623363346365633331396163653737313330353464630a616438386338393063343863316664
+  34396438643564626662666138333535363365376661303462323735386166396633643530636439
+  6433346365653830340a383864643730313664306531613238363436346634393166373237623361
+  30613664643637323566323939666665323532383237353533653135343936303661
--- a/ansible/roles/synapse/handlers/main.yml
+++ b/ansible/roles/synapse/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: restart synapse
+  community.docker.docker_compose:
+    project_src: "{{ install_directory }}/{{ role_name }}"
+    restarted: true
--- a/ansible/roles/synapse/tasks/main.yml
+++ b/ansible/roles/synapse/tasks/main.yml
@@ -0,0 +1,77 @@
+- name: Create service user
+  user:
+    name: "{{ role_name }}"
+    system: true
+  register: service_user
+  become: true
+
+- name: Create install directory
+  file:
+    path: "{{ install_directory }}/{{ role_name }}"
+    state: directory
+    owner: "{{ docker_user }}"
+    mode: "{{ docker_compose_directory_mask }}"
+  become: true
+
+- name: Copy docker-compose file to destination
+  template:
+    src: docker-compose.yml
+    dest: "{{ install_directory }}/{{ role_name }}/docker-compose.yml"
+    owner: "{{ docker_user }}"
+    mode: "{{ docker_compose_file_mask }}"
+    validate: docker-compose -f %s config
+  become: true
+
+- name: Copy homeserver.yaml to destination
+  template:
+    src: homeserver.yaml
+    dest: "{{ install_directory }}/synapse/homeserver.yaml"
+    owner: "{{ service_user.uid }}"
+    mode: "{{ docker_compose_file_mask }}"
+  notify: restart synapse
+  become: true
+
+- name: Create config directory and set synapse user to owner
+  file:
+    path: "{{ data_dir }}/synapse"
+    state: directory
+    owner: "{{ service_user.uid }}"
+    mode: "{{ docker_compose_directory_mask }}"
+  become: true
+
+- name: Create nginx config directory
+  file:
+    path: "{{ data_dir }}/nginx/synapse/www/.well-known/matrix/"
+    state: directory
+    mode: "{{ docker_compose_directory_mask }}"
+  become: true
+
+- name: Install nginx config file
+  template:
+    src: nginx/matrix.conf
+    dest: "{{ data_dir }}/nginx/synapse/matrix.conf"
+    owner: "{{ docker_user }}"
+    mode: "{{ docker_compose_file_mask }}"
+  become: true
+
+- name: Install well known client file
+  template:
+    src: nginx/client.json
+    dest: "{{ data_dir }}/nginx/synapse/www/.well-known/matrix/client"
+    owner: "{{ docker_user }}"
+    mode: "{{ docker_compose_file_mask }}"
+  become: true
+
+- name: Install well known server file
+  template:
+    src: nginx/server.json
+    dest: "{{ data_dir }}/nginx/synapse/www/.well-known/matrix/server"
+    owner: "{{ docker_user }}"
+    mode: "{{ docker_compose_file_mask }}"
+  become: true
+
+- name: Start docker container
+  community.docker.docker_compose:
+    project_src: "{{ install_directory }}/{{ role_name }}"
+    pull: true
+    remove_orphans: yes
--- a/ansible/roles/synapse/templates/docker-compose.yml
+++ b/ansible/roles/synapse/templates/docker-compose.yml
@@ -0,0 +1,68 @@
+version: "{{ docker_compose_version }}"
+
+networks:
+  traefik:
+    external: true
+
+services:
+  synapse:
+    container_name: "synapse"
+    image: matrixdotorg/synapse
+    restart: unless-stopped
+    depends_on:
+      - db
+    networks:
+      - traefik
+      - default
+    environment:
+      - "UID={{ service_user.uid }}"
+      - "GID={{ service_user.uid }}"
+      - "TZ={{ timezone }}"
+    volumes:
+      - "{{ data_dir }}/{{ role_name }}:/data"
+      - ./homeserver.yaml:/data/homeserver.yaml
+    labels:
+      traefik.enable: true
+      traefik.http.routers.synapse.rule: "Host(`matrix.{{ personal_domain }}`) || (Host(`{{ personal_domain }}`) && PathPrefix(`/_matrix/`))"
+
+  db:
+    image: postgres:14-alpine
+    restart: unless-stopped
+    networks:
+      - default
+    environment:
+      - POSTGRES_USER=synapse
+      - POSTGRES_PASSWORD=synapse
+      - POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C
+    volumes:
+      - "{{ data_dir }}/postgres/synapse:/var/lib/postgresql/data"
+
+  redis:
+    networks:
+      - default
+    image: redis:7-alpine
+    restart: unless-stopped
+    volumes:
+      - "{{ data_dir }}/redis/synapse:/data"
+
+  admin:
+    image: awesometechnologies/synapse-admin:latest
+    restart: unless-stopped
+    networks:
+      - traefik
+    labels:
+      traefik.enable: true
+      traefik.http.routers.synapse-admin.rule: "Host(`synapse-admin.local.{{ personal_domain }}`)"
+      traefik.http.routers.synapse-admin.middlewares: lan-whitelist@file
+
+  nginx:
+    image: nginx:latest
+    restart: unless-stopped
+    networks:
+      - traefik
+    volumes:
+      - "{{ data_dir }}/nginx/synapse/matrix.conf:/etc/nginx/conf.d/matrix.conf"
+      - "{{ data_dir }}/nginx/synapse/www:/var/www"
+    labels:
+      traefik.enable: true
+      traefik.http.routers.matrix.rule: "Host(`{{ personal_domain }}`)"
--- a/ansible/roles/synapse/templates/homeserver.yaml
+++ b/ansible/roles/synapse/templates/homeserver.yaml
@@ -0,0 +1,39 @@
+server_name: "{{ personal_domain }}"
+pid_file: /data/homeserver.pid
+public_baseurl: "https://matrix.{{ personal_domain }}"
+
+acme:
+  enabled: false
+
+database:
+  name: psycopg2
+  args:
+    user: synapse
+    password: synapse
+    database: synapse
+    host: db
+
+redis:
+  enabled: true
+  host: redis
+  port: 6379
+
+listeners:
+  - port: 8008
+    tls: false
+    type: http
+    x_forwarded: true
+    resources:
+      - names: [client, federation]
+        compress: false
+
+registration_shared_secret: "{{ synapse_registration_shared_secret }}"
+
+report_stats: true
+
+media_store_path: /data/media_store
+uploads_path: /data/uploads
+
+trusted_key_servers:
+  - server_name: matrix.org
+suppress_key_server_warning: true
--- a/ansible/roles/synapse/templates/nginx/client.json
+++ b/ansible/roles/synapse/templates/nginx/client.json
@@ -0,0 +1,5 @@
+{
+  "m.homeserver": {
+    "base_url": "https://matrix.{{ personal_domain }}"
+  }
+}
--- a/ansible/roles/synapse/templates/nginx/matrix.conf
+++ b/ansible/roles/synapse/templates/nginx/matrix.conf
@@ -0,0 +1,17 @@
+server {
+  listen         80 default_server;
+  server_name    matrix.{{ personal_domain }};
+
+ # Traefik -> nginx -> synapse
+ location /_matrix {
+    proxy_pass http://synapse:8008;
+    proxy_set_header X-Forwarded-For $remote_addr;
+    client_max_body_size 128m;
+  }
+
+  location /.well-known/matrix/ {
+    root /var/www/;
+    default_type application/json;
+    add_header Access-Control-Allow-Origin  *;
+  }
+}
--- a/ansible/roles/synapse/templates/nginx/server.json
+++ b/ansible/roles/synapse/templates/nginx/server.json
@@ -0,0 +1,4 @@
+{
+  "m.server": "matrix.mjwilson.org:443"
+}
+
--- a/ansible/roles/synapse/vars/main.yml
+++ b/ansible/roles/synapse/vars/main.yml
@@ -0,0 +1,13 @@
+synapse_registration_shared_secret: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  65393839306334366466313761336630626238333832636161646464386333363363633562656232
+  3066613635656566656266616138323539366665313962340a366366383262353365326339633039
+  66646531313534336335666461656663376566626332633534303065646136623437313463616535
+  3466376465313533650a663639346638626634343536333030383763383563303738616135303135
+  33623766343365626139323238373765363162373066396361303636656264363337393232306530
+  35633363656164636535616435393131333634343764653535316238616631623563363266653262
+  36646261623832343232623064653436616365613539616262613937336138666462353139663363
+  30313237666630346638386132616331323930383638353365343439383166333365316539643731
+  36343636343434373466306237316163613363353063613261373135623037366537353065623961
+  63396132306132333162316165393463396136303161373064376237303137373766383632643965
+  383035353564306238663965653166336566