Configured synapse

ansible/roles/synapse/templates/docker-compose.yml

@@ -0,0 +1,68 @@
+version: "{{ docker_compose_version }}"
+
+networks:
+  traefik:
+    external: true
+
+services:
+  synapse:
+    container_name: "synapse"
+    image: matrixdotorg/synapse
+    restart: unless-stopped
+    depends_on:
+      - db
+    networks:
+      - traefik
+      - default
+    environment:
+      - "UID={{ service_user.uid }}"
+      - "GID={{ service_user.uid }}"
+      - "TZ={{ timezone }}"
+    volumes:
+      - "{{ data_dir }}/{{ role_name }}:/data"
+      - ./homeserver.yaml:/data/homeserver.yaml
+    labels:
+      traefik.enable: true
+      traefik.http.routers.synapse.rule: "Host(`matrix.{{ personal_domain }}`) || (Host(`{{ personal_domain }}`) && PathPrefix(`/_matrix/`))"
+
+  db:
+    image: postgres:14-alpine
+    restart: unless-stopped
+    networks:
+      - default
+    environment:
+      - POSTGRES_USER=synapse
+      - POSTGRES_PASSWORD=synapse
+      - POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C
+    volumes:
+      - "{{ data_dir }}/postgres/synapse:/var/lib/postgresql/data"
+
+  redis:
+    networks:
+      - default
+    image: redis:7-alpine
+    restart: unless-stopped
+    volumes:
+      - "{{ data_dir }}/redis/synapse:/data"
+
+  admin:
+    image: awesometechnologies/synapse-admin:latest
+    restart: unless-stopped
+    networks:
+      - traefik
+    labels:
+      traefik.enable: true
+      traefik.http.routers.synapse-admin.rule: "Host(`synapse-admin.local.{{ personal_domain }}`)"
+      traefik.http.routers.synapse-admin.middlewares: lan-whitelist@file
+
+  nginx:
+    image: nginx:latest
+    restart: unless-stopped
+    networks:
+      - traefik
+    volumes:
+      - "{{ data_dir }}/nginx/synapse/matrix.conf:/etc/nginx/conf.d/matrix.conf"
+      - "{{ data_dir }}/nginx/synapse/www:/var/www"
+    labels:
+      traefik.enable: true
+      traefik.http.routers.matrix.rule: "Host(`{{ personal_domain }}`)"

ansible/roles/synapse/templates/homeserver.yaml

@@ -0,0 +1,39 @@
+server_name: "{{ personal_domain }}"
+pid_file: /data/homeserver.pid
+public_baseurl: "https://matrix.{{ personal_domain }}"
+
+acme:
+  enabled: false
+
+database:
+  name: psycopg2
+  args:
+    user: synapse
+    password: synapse
+    database: synapse
+    host: db
+
+redis:
+  enabled: true
+  host: redis
+  port: 6379
+
+listeners:
+  - port: 8008
+    tls: false
+    type: http
+    x_forwarded: true
+    resources:
+      - names: [client, federation]
+        compress: false
+
+registration_shared_secret: "{{ synapse_registration_shared_secret }}"
+
+report_stats: true
+
+media_store_path: /data/media_store
+uploads_path: /data/uploads
+
+trusted_key_servers:
+  - server_name: matrix.org
+suppress_key_server_warning: true

ansible/roles/synapse/templates/nginx/client.json

@@ -0,0 +1,5 @@
+{
+  "m.homeserver": {
+    "base_url": "https://matrix.{{ personal_domain }}"
+  }
+}

ansible/roles/synapse/templates/nginx/matrix.conf

@@ -0,0 +1,17 @@
+server {
+  listen         80 default_server;
+  server_name    matrix.{{ personal_domain }};
+
+ # Traefik -> nginx -> synapse
+ location /_matrix {
+    proxy_pass http://synapse:8008;
+    proxy_set_header X-Forwarded-For $remote_addr;
+    client_max_body_size 128m;
+  }
+
+  location /.well-known/matrix/ {
+    root /var/www/;
+    default_type application/json;
+    add_header Access-Control-Allow-Origin  *;
+  }
+}

ansible/roles/synapse/templates/nginx/server.json

@@ -0,0 +1,4 @@
+{
+  "m.server": "matrix.mjwilson.org:443"
+}
+