Configured synapse

2023-02-27 21:09:45 -05:00
parent 45eb75773a
commit e78c943fb0
15 changed files with 274 additions and 4 deletions
--- a/ansible/main.yml
+++ b/ansible/main.yml
@@ -18,4 +18,5 @@
    - nextcloud
    - tautulli
    - gitea
-      #- renovate
+    - name: synapse
      tags: test
--- a/ansible/roles/qbittorrent/files/qbitmanage/config.yml
+++ b/ansible/roles/qbittorrent/files/qbitmanage/config.yml
@@ -20,10 +20,12 @@ directory:
 cat:
  movies: /data/torrents/movies
  movies.cross-seed: /data/torrents/movies
  tv: /data/torrents/tv
  tv.cross-seed: /data/torrents/tv
  music: /data/torrents/music
  music.cross-seed: /data/torrents/music
  torrents: /data/torrents/
 tracker:
  digitalcore:
    tag: DigitalCore
@@ -52,6 +54,8 @@ tracker:
    tag: RuTracker
  rarbg:
    tag: RarBG
  reelflix:
    tag: ReelFlix
 nohardlinks:
  movies:
@@ -61,6 +65,13 @@ nohardlinks:
    min_seeding_time: 43200
    resume_torrent_after_untagging_noHL: true
    exclude_tags:
  movies.cross-seed:
    cleanup: true
    max_ratio: 4.0
    max_seeding_time: 43200 # 30 days
    min_seeding_time: 43200
    resume_torrent_after_untagging_noHL: true
    exclude_tags:
  tv:
    cleanup: true
    max_ratio: 4.0
@@ -68,6 +79,13 @@ nohardlinks:
    min_seeding_time: 43200
    resume_torrent_after_untagging_noHL: true
    exclude_tags:
  tv.cross-seed:
    cleanup: true
    max_ratio: 4.0
    max_seeding_time: 43200
    min_seeding_time: 43200
    resume_torrent_after_untagging_noHL: true
    exclude_tags:
  music:
    cleanup: true
    max_ratio: 4.0
@@ -75,6 +93,13 @@ nohardlinks:
    min_seeding_time: 43200
    resume_torrent_after_untagging_noHL: true
    exclude_tags:
  music.cross-seed:
    cleanup: true
    max_ratio: 4.0
    max_seeding_time: 43200
    min_seeding_time: 43200
    resume_torrent_after_untagging_noHL: true
    exclude_tags:
 recyclebin:
  enabled: true
--- a/ansible/roles/qbittorrent/handlers/main.yml
+++ b/ansible/roles/qbittorrent/handlers/main.yml
@@ -0,0 +1,4 @@
 - name: restart qbittorrent
  community.docker.docker_compose:
    project_src: "{{ install_directory }}/qbittorrent"
    restarted: true
--- a/ansible/roles/qbittorrent/tasks/main.yml
+++ b/ansible/roles/qbittorrent/tasks/main.yml
@@ -30,6 +30,7 @@
    dest: "{{ data_dir }}/qbitmanage/config.yml"
    owner: "{{ service_user.uid }}"
    mode: "{{ docker_compose_file_mask }}"
  notify: restart qbittorrent
  become: true
 - name: Create cross-seed config directory
@@ -46,6 +47,7 @@
    dest: "{{ data_dir }}/cross-seed/config.js"
    owner: "{{ service_user.uid }}"
    mode: "{{ docker_compose_file_mask }}"
  notify: restart qbittorrent
  become: true
 - name: Start docker containers
--- a/ansible/roles/qbittorrent/templates/cross-seed/config.js
+++ b/ansible/roles/qbittorrent/templates/cross-seed/config.js
@@ -10,6 +10,7 @@ module.exports = {
 	    "http://prowlarr.local.{{ personal_domain }}/4/api?apikey={{ prowlarr_api_key }}", // TorrentSeeds
 	    "http://prowlarr.local.{{ personal_domain }}/5/api?apikey={{ prowlarr_api_key }}", // AnimeTosho
 	    "http://prowlarr.local.{{ personal_domain }}/6/api?apikey={{ prowlarr_api_key }}", // Aither
 	    "http://prowlarr.local.{{ personal_domain }}/7/api?apikey={{ prowlarr_api_key }}", // Reelflix
    ],
    torrentDir: "/torrents",
@@ -23,7 +24,7 @@ module.exports = {
    rtorrentRpcUrl: undefined,
    qbittorrentUrl: "https://qbittorrent.local.{{ personal_domain }}",
    duplicateCategories: true,
-    notificationWebhookUrl: undefined,
+    notificationWebhookUrl: "ntfy://push.{{ personal_domain }}/{{ ntfy_crossseed_topic }}",
    port: 2468,
    rssCadence: "2w",
    searchCadence: "6w",
--- a/ansible/roles/qbittorrent/templates/docker-compose.yml
+++ b/ansible/roles/qbittorrent/templates/docker-compose.yml
@@ -29,9 +29,11 @@ services:
    container_name: qbitmanage
    image: cr.hotio.dev/hotio/qbitmanage
    restart: unless-stopped
    depends_on:
      - qbittorrent
    environment:
      PUID: "{{ service_user.uid }}"
-      PGID: "{{ service_user.uid }}"
+      PGID: "{{ media_gid }}"
      UMASK: 002
      TZ: "{{ timezone }}"
      QBT_DRY_RUN: "False"
--- a/ansible/roles/qbittorrent/vars/main.yml
+++ b/ansible/roles/qbittorrent/vars/main.yml
@@ -6,3 +6,11 @@ prowlarr_api_key: !vault |
  6236313433373065640a393262613061613739626636653162653963663236303834376366626234
  65316164613935376234356466333666316531353565393034353032653136376530663634383061
  6335326539333362316333353131303533353537623232343637
 ntfy_crossseed_topic: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  61393334343262366334353030356132383433333531643735316662386465636261333432623530
  3435623363346365633331396163653737313330353464630a616438386338393063343863316664
  34396438643564626662666138333535363365376661303462323735386166396633643530636439
  6433346365653830340a383864643730313664306531613238363436346634393166373237623361
  30613664643637323566323939666665323532383237353533653135343936303661
--- a/ansible/roles/synapse/handlers/main.yml
+++ b/ansible/roles/synapse/handlers/main.yml
@@ -0,0 +1,4 @@
 - name: restart synapse
  community.docker.docker_compose:
    project_src: "{{ install_directory }}/{{ role_name }}"
    restarted: true
--- a/ansible/roles/synapse/tasks/main.yml
+++ b/ansible/roles/synapse/tasks/main.yml
@@ -0,0 +1,77 @@
 - name: Create service user
  user:
    name: "{{ role_name }}"
    system: true
  register: service_user
  become: true
 - name: Create install directory
  file:
    path: "{{ install_directory }}/{{ role_name }}"
    state: directory
    owner: "{{ docker_user }}"
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Copy docker-compose file to destination
  template:
    src: docker-compose.yml
    dest: "{{ install_directory }}/{{ role_name }}/docker-compose.yml"
    owner: "{{ docker_user }}"
    mode: "{{ docker_compose_file_mask }}"
    validate: docker-compose -f %s config
  become: true
 - name: Copy homeserver.yaml to destination
  template:
    src: homeserver.yaml
    dest: "{{ install_directory }}/synapse/homeserver.yaml"
    owner: "{{ service_user.uid }}"
    mode: "{{ docker_compose_file_mask }}"
  notify: restart synapse
  become: true
 - name: Create config directory and set synapse user to owner
  file:
    path: "{{ data_dir }}/synapse"
    state: directory
    owner: "{{ service_user.uid }}"
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Create nginx config directory
  file:
    path: "{{ data_dir }}/nginx/synapse/www/.well-known/matrix/"
    state: directory
    mode: "{{ docker_compose_directory_mask }}"
  become: true
 - name: Install nginx config file
  template:
    src: nginx/matrix.conf
    dest: "{{ data_dir }}/nginx/synapse/matrix.conf"
    owner: "{{ docker_user }}"
    mode: "{{ docker_compose_file_mask }}"
  become: true
 - name: Install well known client file
  template:
    src: nginx/client.json
    dest: "{{ data_dir }}/nginx/synapse/www/.well-known/matrix/client"
    owner: "{{ docker_user }}"
    mode: "{{ docker_compose_file_mask }}"
  become: true
 - name: Install well known server file
  template:
    src: nginx/server.json
    dest: "{{ data_dir }}/nginx/synapse/www/.well-known/matrix/server"
    owner: "{{ docker_user }}"
    mode: "{{ docker_compose_file_mask }}"
  become: true
 - name: Start docker container
  community.docker.docker_compose:
    project_src: "{{ install_directory }}/{{ role_name }}"
    pull: true
    remove_orphans: yes
--- a/ansible/roles/synapse/templates/docker-compose.yml
+++ b/ansible/roles/synapse/templates/docker-compose.yml
@@ -0,0 +1,68 @@
 version: "{{ docker_compose_version }}"
 networks:
  traefik:
    external: true
 services:
  synapse:
    container_name: "synapse"
    image: matrixdotorg/synapse
    restart: unless-stopped
    depends_on:
      - db
    networks:
      - traefik
      - default
    environment:
      - "UID={{ service_user.uid }}"
      - "GID={{ service_user.uid }}"
      - "TZ={{ timezone }}"
    volumes:
      - "{{ data_dir }}/{{ role_name }}:/data"
      - ./homeserver.yaml:/data/homeserver.yaml
    labels:
      traefik.enable: true
      traefik.http.routers.synapse.rule: "Host(`matrix.{{ personal_domain }}`) || (Host(`{{ personal_domain }}`) && PathPrefix(`/_matrix/`))"
  db:
    image: postgres:14-alpine
    restart: unless-stopped
    networks:
      - default
    environment:
      - POSTGRES_USER=synapse
      - POSTGRES_PASSWORD=synapse
      - POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C
    volumes:
      - "{{ data_dir }}/postgres/synapse:/var/lib/postgresql/data"
  redis:
    networks:
      - default
    image: redis:7-alpine
    restart: unless-stopped
    volumes:
      - "{{ data_dir }}/redis/synapse:/data"
  admin:
    image: awesometechnologies/synapse-admin:latest
    restart: unless-stopped
    networks:
      - traefik
    labels:
      traefik.enable: true
      traefik.http.routers.synapse-admin.rule: "Host(`synapse-admin.local.{{ personal_domain }}`)"
      traefik.http.routers.synapse-admin.middlewares: lan-whitelist@file
  nginx:
    image: nginx:latest
    restart: unless-stopped
    networks:
      - traefik
    volumes:
      - "{{ data_dir }}/nginx/synapse/matrix.conf:/etc/nginx/conf.d/matrix.conf"
      - "{{ data_dir }}/nginx/synapse/www:/var/www"
    labels:
      traefik.enable: true
      traefik.http.routers.matrix.rule: "Host(`{{ personal_domain }}`)"
--- a/ansible/roles/synapse/templates/homeserver.yaml
+++ b/ansible/roles/synapse/templates/homeserver.yaml
@@ -0,0 +1,39 @@
 server_name: "{{ personal_domain }}"
 pid_file: /data/homeserver.pid
 public_baseurl: "https://matrix.{{ personal_domain }}"
 acme:
  enabled: false
 database:
  name: psycopg2
  args:
    user: synapse
    password: synapse
    database: synapse
    host: db
 redis:
  enabled: true
  host: redis
  port: 6379
 listeners:
  - port: 8008
    tls: false
    type: http
    x_forwarded: true
    resources:
      - names: [client, federation]
        compress: false
 registration_shared_secret: "{{ synapse_registration_shared_secret }}"
 report_stats: true
 media_store_path: /data/media_store
 uploads_path: /data/uploads
 trusted_key_servers:
  - server_name: matrix.org
 suppress_key_server_warning: true
--- a/ansible/roles/synapse/templates/nginx/client.json
+++ b/ansible/roles/synapse/templates/nginx/client.json
@@ -0,0 +1,5 @@
 {
  "m.homeserver": {
    "base_url": "https://matrix.{{ personal_domain }}"
  }
 }
--- a/ansible/roles/synapse/templates/nginx/matrix.conf
+++ b/ansible/roles/synapse/templates/nginx/matrix.conf
@@ -0,0 +1,17 @@
 server {
  listen         80 default_server;
  server_name    matrix.{{ personal_domain }};
 # Traefik -> nginx -> synapse
 location /_matrix {
    proxy_pass http://synapse:8008;
    proxy_set_header X-Forwarded-For $remote_addr;
    client_max_body_size 128m;
  }
  location /.well-known/matrix/ {
    root /var/www/;
    default_type application/json;
    add_header Access-Control-Allow-Origin  *;
  }
 }
--- a/ansible/roles/synapse/templates/nginx/server.json
+++ b/ansible/roles/synapse/templates/nginx/server.json
@@ -0,0 +1,4 @@
 {
  "m.server": "matrix.mjwilson.org:443"
 }
--- a/ansible/roles/synapse/vars/main.yml
+++ b/ansible/roles/synapse/vars/main.yml
@@ -0,0 +1,13 @@
 synapse_registration_shared_secret: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  65393839306334366466313761336630626238333832636161646464386333363363633562656232
  3066613635656566656266616138323539366665313962340a366366383262353365326339633039
  66646531313534336335666461656663376566626332633534303065646136623437313463616535
  3466376465313533650a663639346638626634343536333030383763383563303738616135303135
  33623766343365626139323238373765363162373066396361303636656264363337393232306530
  35633363656164636535616435393131333634343764653535316238616631623563363266653262
  36646261623832343232623064653436616365613539616262613937336138666462353139663363
  30313237666630346638386132616331323930383638353365343439383166333365316539643731
  36343636343434373466306237316163613363353063613261373135623037366537353065623961
  63396132306132333162316165393463396136303161373064376237303137373766383632643965
  383035353564306238663965653166336566