From e78c943fb088cc1ff66a608366c21c70b4dfacfd Mon Sep 17 00:00:00 2001
From: Mike Wilson <contact@mjwilson.org>
Date: Mon, 27 Feb 2023 21:09:45 -0500
Subject: [PATCH] Configured synapse

---
 ansible/main.yml                              |  3 +-
 .../qbittorrent/files/qbitmanage/config.yml   | 27 ++++++-
 ansible/roles/qbittorrent/handlers/main.yml   |  4 +
 ansible/roles/qbittorrent/tasks/main.yml      |  2 +
 .../templates/cross-seed/config.js            |  3 +-
 .../qbittorrent/templates/docker-compose.yml  |  4 +-
 ansible/roles/qbittorrent/vars/main.yml       |  8 ++
 ansible/roles/synapse/handlers/main.yml       |  4 +
 ansible/roles/synapse/tasks/main.yml          | 77 +++++++++++++++++++
 .../synapse/templates/docker-compose.yml      | 68 ++++++++++++++++
 .../roles/synapse/templates/homeserver.yaml   | 39 ++++++++++
 .../roles/synapse/templates/nginx/client.json |  5 ++
 .../roles/synapse/templates/nginx/matrix.conf | 17 ++++
 .../roles/synapse/templates/nginx/server.json |  4 +
 ansible/roles/synapse/vars/main.yml           | 13 ++++
 15 files changed, 274 insertions(+), 4 deletions(-)
 create mode 100644 ansible/roles/qbittorrent/handlers/main.yml
 create mode 100644 ansible/roles/synapse/handlers/main.yml
 create mode 100644 ansible/roles/synapse/tasks/main.yml
 create mode 100644 ansible/roles/synapse/templates/docker-compose.yml
 create mode 100644 ansible/roles/synapse/templates/homeserver.yaml
 create mode 100644 ansible/roles/synapse/templates/nginx/client.json
 create mode 100644 ansible/roles/synapse/templates/nginx/matrix.conf
 create mode 100644 ansible/roles/synapse/templates/nginx/server.json
 create mode 100644 ansible/roles/synapse/vars/main.yml

diff --git a/ansible/main.yml b/ansible/main.yml
index 77a13e5..865b12e 100644
--- a/ansible/main.yml
+++ b/ansible/main.yml
@@ -18,4 +18,5 @@
     - nextcloud
     - tautulli
     - gitea
-      #- renovate
+    - name: synapse
+      tags: test
diff --git a/ansible/roles/qbittorrent/files/qbitmanage/config.yml b/ansible/roles/qbittorrent/files/qbitmanage/config.yml
index 6aab7e3..d10fab3 100755
--- a/ansible/roles/qbittorrent/files/qbitmanage/config.yml
+++ b/ansible/roles/qbittorrent/files/qbitmanage/config.yml
@@ -20,10 +20,12 @@ directory:
 
 cat:
   movies: /data/torrents/movies
+  movies.cross-seed: /data/torrents/movies
   tv: /data/torrents/tv
+  tv.cross-seed: /data/torrents/tv
   music: /data/torrents/music
+  music.cross-seed: /data/torrents/music
 
-  torrents: /data/torrents/
 tracker:
   digitalcore:
     tag: DigitalCore
@@ -52,6 +54,8 @@ tracker:
     tag: RuTracker
   rarbg:
     tag: RarBG
+  reelflix:
+    tag: ReelFlix
 
 nohardlinks:
   movies:
@@ -61,6 +65,13 @@ nohardlinks:
     min_seeding_time: 43200
     resume_torrent_after_untagging_noHL: true
     exclude_tags:
+  movies.cross-seed:
+    cleanup: true
+    max_ratio: 4.0
+    max_seeding_time: 43200 # 30 days
+    min_seeding_time: 43200
+    resume_torrent_after_untagging_noHL: true
+    exclude_tags:
   tv:
     cleanup: true
     max_ratio: 4.0
@@ -68,6 +79,13 @@ nohardlinks:
     min_seeding_time: 43200
     resume_torrent_after_untagging_noHL: true
     exclude_tags:
+  tv.cross-seed:
+    cleanup: true
+    max_ratio: 4.0
+    max_seeding_time: 43200
+    min_seeding_time: 43200
+    resume_torrent_after_untagging_noHL: true
+    exclude_tags:
   music:
     cleanup: true
     max_ratio: 4.0
@@ -75,6 +93,13 @@ nohardlinks:
     min_seeding_time: 43200
     resume_torrent_after_untagging_noHL: true
     exclude_tags:
+  music.cross-seed:
+    cleanup: true
+    max_ratio: 4.0
+    max_seeding_time: 43200
+    min_seeding_time: 43200
+    resume_torrent_after_untagging_noHL: true
+    exclude_tags:
 
 recyclebin:
   enabled: true
diff --git a/ansible/roles/qbittorrent/handlers/main.yml b/ansible/roles/qbittorrent/handlers/main.yml
new file mode 100644
index 0000000..7f30dd3
--- /dev/null
+++ b/ansible/roles/qbittorrent/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: restart qbittorrent
+  community.docker.docker_compose:
+    project_src: "{{ install_directory }}/qbittorrent"
+    restarted: true
diff --git a/ansible/roles/qbittorrent/tasks/main.yml b/ansible/roles/qbittorrent/tasks/main.yml
index fd69578..9e9ff5a 100644
--- a/ansible/roles/qbittorrent/tasks/main.yml
+++ b/ansible/roles/qbittorrent/tasks/main.yml
@@ -30,6 +30,7 @@
     dest: "{{ data_dir }}/qbitmanage/config.yml"
     owner: "{{ service_user.uid }}"
     mode: "{{ docker_compose_file_mask }}"
+  notify: restart qbittorrent
   become: true
 
 - name: Create cross-seed config directory
@@ -46,6 +47,7 @@
     dest: "{{ data_dir }}/cross-seed/config.js"
     owner: "{{ service_user.uid }}"
     mode: "{{ docker_compose_file_mask }}"
+  notify: restart qbittorrent
   become: true
 
 - name: Start docker containers
diff --git a/ansible/roles/qbittorrent/templates/cross-seed/config.js b/ansible/roles/qbittorrent/templates/cross-seed/config.js
index 8e388aa..acd6b0a 100644
--- a/ansible/roles/qbittorrent/templates/cross-seed/config.js
+++ b/ansible/roles/qbittorrent/templates/cross-seed/config.js
@@ -10,6 +10,7 @@ module.exports = {
 	    "http://prowlarr.local.{{ personal_domain }}/4/api?apikey={{ prowlarr_api_key }}", // TorrentSeeds
 	    "http://prowlarr.local.{{ personal_domain }}/5/api?apikey={{ prowlarr_api_key }}", // AnimeTosho
 	    "http://prowlarr.local.{{ personal_domain }}/6/api?apikey={{ prowlarr_api_key }}", // Aither
+	    "http://prowlarr.local.{{ personal_domain }}/7/api?apikey={{ prowlarr_api_key }}", // Reelflix
     ],
 
     torrentDir: "/torrents",
@@ -23,7 +24,7 @@ module.exports = {
     rtorrentRpcUrl: undefined,
     qbittorrentUrl: "https://qbittorrent.local.{{ personal_domain }}",
     duplicateCategories: true,
-    notificationWebhookUrl: undefined,
+    notificationWebhookUrl: "ntfy://push.{{ personal_domain }}/{{ ntfy_crossseed_topic }}",
     port: 2468,
     rssCadence: "2w",
     searchCadence: "6w",
diff --git a/ansible/roles/qbittorrent/templates/docker-compose.yml b/ansible/roles/qbittorrent/templates/docker-compose.yml
index fa914b8..9b4bb34 100644
--- a/ansible/roles/qbittorrent/templates/docker-compose.yml
+++ b/ansible/roles/qbittorrent/templates/docker-compose.yml
@@ -29,9 +29,11 @@ services:
     container_name: qbitmanage
     image: cr.hotio.dev/hotio/qbitmanage
     restart: unless-stopped
+    depends_on:
+      - qbittorrent
     environment:
       PUID: "{{ service_user.uid }}"
-      PGID: "{{ service_user.uid }}"
+      PGID: "{{ media_gid }}"
       UMASK: 002
       TZ: "{{ timezone }}"
       QBT_DRY_RUN: "False"
diff --git a/ansible/roles/qbittorrent/vars/main.yml b/ansible/roles/qbittorrent/vars/main.yml
index 7ebf7cc..f32325f 100644
--- a/ansible/roles/qbittorrent/vars/main.yml
+++ b/ansible/roles/qbittorrent/vars/main.yml
@@ -6,3 +6,11 @@ prowlarr_api_key: !vault |
   6236313433373065640a393262613061613739626636653162653963663236303834376366626234
   65316164613935376234356466333666316531353565393034353032653136376530663634383061
   6335326539333362316333353131303533353537623232343637
+
+ntfy_crossseed_topic: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  61393334343262366334353030356132383433333531643735316662386465636261333432623530
+  3435623363346365633331396163653737313330353464630a616438386338393063343863316664
+  34396438643564626662666138333535363365376661303462323735386166396633643530636439
+  6433346365653830340a383864643730313664306531613238363436346634393166373237623361
+  30613664643637323566323939666665323532383237353533653135343936303661
diff --git a/ansible/roles/synapse/handlers/main.yml b/ansible/roles/synapse/handlers/main.yml
new file mode 100644
index 0000000..c7395cd
--- /dev/null
+++ b/ansible/roles/synapse/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: restart synapse
+  community.docker.docker_compose:
+    project_src: "{{ install_directory }}/{{ role_name }}"
+    restarted: true
diff --git a/ansible/roles/synapse/tasks/main.yml b/ansible/roles/synapse/tasks/main.yml
new file mode 100644
index 0000000..32d06cd
--- /dev/null
+++ b/ansible/roles/synapse/tasks/main.yml
@@ -0,0 +1,77 @@
+- name: Create service user
+  user:
+    name: "{{ role_name }}"
+    system: true
+  register: service_user
+  become: true
+
+- name: Create install directory
+  file:
+    path: "{{ install_directory }}/{{ role_name }}"
+    state: directory
+    owner: "{{ docker_user }}"
+    mode: "{{ docker_compose_directory_mask }}"
+  become: true
+
+- name: Copy docker-compose file to destination
+  template:
+    src: docker-compose.yml
+    dest: "{{ install_directory }}/{{ role_name }}/docker-compose.yml"
+    owner: "{{ docker_user }}"
+    mode: "{{ docker_compose_file_mask }}"
+    validate: docker-compose -f %s config
+  become: true
+
+- name: Copy homeserver.yaml to destination
+  template:
+    src: homeserver.yaml
+    dest: "{{ install_directory }}/synapse/homeserver.yaml"
+    owner: "{{ service_user.uid }}"
+    mode: "{{ docker_compose_file_mask }}"
+  notify: restart synapse
+  become: true
+
+- name: Create config directory and set synapse user to owner
+  file:
+    path: "{{ data_dir }}/synapse"
+    state: directory
+    owner: "{{ service_user.uid }}"
+    mode: "{{ docker_compose_directory_mask }}"
+  become: true
+
+- name: Create nginx config directory
+  file:
+    path: "{{ data_dir }}/nginx/synapse/www/.well-known/matrix/"
+    state: directory
+    mode: "{{ docker_compose_directory_mask }}"
+  become: true
+
+- name: Install nginx config file
+  template:
+    src: nginx/matrix.conf
+    dest: "{{ data_dir }}/nginx/synapse/matrix.conf"
+    owner: "{{ docker_user }}"
+    mode: "{{ docker_compose_file_mask }}"
+  become: true
+
+- name: Install well known client file
+  template:
+    src: nginx/client.json
+    dest: "{{ data_dir }}/nginx/synapse/www/.well-known/matrix/client"
+    owner: "{{ docker_user }}"
+    mode: "{{ docker_compose_file_mask }}"
+  become: true
+
+- name: Install well known server file
+  template:
+    src: nginx/server.json
+    dest: "{{ data_dir }}/nginx/synapse/www/.well-known/matrix/server"
+    owner: "{{ docker_user }}"
+    mode: "{{ docker_compose_file_mask }}"
+  become: true
+
+- name: Start docker container
+  community.docker.docker_compose:
+    project_src: "{{ install_directory }}/{{ role_name }}"
+    pull: true
+    remove_orphans: yes
diff --git a/ansible/roles/synapse/templates/docker-compose.yml b/ansible/roles/synapse/templates/docker-compose.yml
new file mode 100644
index 0000000..99f2f4a
--- /dev/null
+++ b/ansible/roles/synapse/templates/docker-compose.yml
@@ -0,0 +1,68 @@
+version: "{{ docker_compose_version }}"
+
+networks:
+  traefik:
+    external: true
+
+services:
+  synapse:
+    container_name: "synapse"
+    image: matrixdotorg/synapse
+    restart: unless-stopped
+    depends_on:
+      - db
+    networks:
+      - traefik
+      - default
+    environment:
+      - "UID={{ service_user.uid }}"
+      - "GID={{ service_user.uid }}"
+      - "TZ={{ timezone }}"
+    volumes:
+      - "{{ data_dir }}/{{ role_name }}:/data"
+      - ./homeserver.yaml:/data/homeserver.yaml
+    labels:
+      traefik.enable: true
+      traefik.http.routers.synapse.rule: "Host(`matrix.{{ personal_domain }}`) || (Host(`{{ personal_domain }}`) && PathPrefix(`/_matrix/`))"
+
+  db:
+    image: postgres:14-alpine
+    restart: unless-stopped
+    networks:
+      - default
+    environment:
+      - POSTGRES_USER=synapse
+      - POSTGRES_PASSWORD=synapse
+      - POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C
+    volumes:
+      - "{{ data_dir }}/postgres/synapse:/var/lib/postgresql/data"
+
+  redis:
+    networks:
+      - default
+    image: redis:7-alpine
+    restart: unless-stopped
+    volumes:
+      - "{{ data_dir }}/redis/synapse:/data"
+
+  admin:
+    image: awesometechnologies/synapse-admin:latest
+    restart: unless-stopped
+    networks:
+      - traefik
+    labels:
+      traefik.enable: true
+      traefik.http.routers.synapse-admin.rule: "Host(`synapse-admin.local.{{ personal_domain }}`)"
+      traefik.http.routers.synapse-admin.middlewares: lan-whitelist@file
+
+  nginx:
+    image: nginx:latest
+    restart: unless-stopped
+    networks:
+      - traefik
+    volumes:
+      - "{{ data_dir }}/nginx/synapse/matrix.conf:/etc/nginx/conf.d/matrix.conf"
+      - "{{ data_dir }}/nginx/synapse/www:/var/www"
+    labels:
+      traefik.enable: true
+      traefik.http.routers.matrix.rule: "Host(`{{ personal_domain }}`)"
diff --git a/ansible/roles/synapse/templates/homeserver.yaml b/ansible/roles/synapse/templates/homeserver.yaml
new file mode 100644
index 0000000..3a14888
--- /dev/null
+++ b/ansible/roles/synapse/templates/homeserver.yaml
@@ -0,0 +1,39 @@
+server_name: "{{ personal_domain }}"
+pid_file: /data/homeserver.pid
+public_baseurl: "https://matrix.{{ personal_domain }}"
+
+acme:
+  enabled: false
+
+database:
+  name: psycopg2
+  args:
+    user: synapse
+    password: synapse
+    database: synapse
+    host: db
+
+redis:
+  enabled: true
+  host: redis
+  port: 6379
+
+listeners:
+  - port: 8008
+    tls: false
+    type: http
+    x_forwarded: true
+    resources:
+      - names: [client, federation]
+        compress: false
+
+registration_shared_secret: "{{ synapse_registration_shared_secret }}"
+
+report_stats: true
+
+media_store_path: /data/media_store
+uploads_path: /data/uploads
+
+trusted_key_servers:
+  - server_name: matrix.org
+suppress_key_server_warning: true
diff --git a/ansible/roles/synapse/templates/nginx/client.json b/ansible/roles/synapse/templates/nginx/client.json
new file mode 100644
index 0000000..939a0e0
--- /dev/null
+++ b/ansible/roles/synapse/templates/nginx/client.json
@@ -0,0 +1,5 @@
+{
+  "m.homeserver": {
+    "base_url": "https://matrix.{{ personal_domain }}"
+  }
+}
diff --git a/ansible/roles/synapse/templates/nginx/matrix.conf b/ansible/roles/synapse/templates/nginx/matrix.conf
new file mode 100644
index 0000000..9192ec7
--- /dev/null
+++ b/ansible/roles/synapse/templates/nginx/matrix.conf
@@ -0,0 +1,17 @@
+server {
+  listen         80 default_server;
+  server_name    matrix.{{ personal_domain }};
+
+ # Traefik -> nginx -> synapse
+ location /_matrix {
+    proxy_pass http://synapse:8008;
+    proxy_set_header X-Forwarded-For $remote_addr;
+    client_max_body_size 128m;
+  }
+
+  location /.well-known/matrix/ {
+    root /var/www/;
+    default_type application/json;
+    add_header Access-Control-Allow-Origin  *;
+  }
+}
diff --git a/ansible/roles/synapse/templates/nginx/server.json b/ansible/roles/synapse/templates/nginx/server.json
new file mode 100644
index 0000000..769ee70
--- /dev/null
+++ b/ansible/roles/synapse/templates/nginx/server.json
@@ -0,0 +1,4 @@
+{
+  "m.server": "matrix.mjwilson.org:443"
+}
+
diff --git a/ansible/roles/synapse/vars/main.yml b/ansible/roles/synapse/vars/main.yml
new file mode 100644
index 0000000..a445dd6
--- /dev/null
+++ b/ansible/roles/synapse/vars/main.yml
@@ -0,0 +1,13 @@
+synapse_registration_shared_secret: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  65393839306334366466313761336630626238333832636161646464386333363363633562656232
+  3066613635656566656266616138323539366665313962340a366366383262353365326339633039
+  66646531313534336335666461656663376566626332633534303065646136623437313463616535
+  3466376465313533650a663639346638626634343536333030383763383563303738616135303135
+  33623766343365626139323238373765363162373066396361303636656264363337393232306530
+  35633363656164636535616435393131333634343764653535316238616631623563363266653262
+  36646261623832343232623064653436616365613539616262613937336138666462353139663363
+  30313237666630346638386132616331323930383638353365343439383166333365316539643731
+  36343636343434373466306237316163613363353063613261373135623037366537353065623961
+  63396132306132333162316165393463396136303161373064376237303137373766383632643965
+  383035353564306238663965653166336566