Simplify Matrix appservices

2019-03-29 19:25:11 +01:00 · 2019-03-29 19:25:11 +01:00 · 5ccb94e621
commit 5ccb94e621
parent d9aab6cfd2
12 changed files with 192 additions and 145 deletions
--- a/roles/matrix-appservice-discord/defaults/main.yml
+++ b/roles/matrix-appservice-discord/defaults/main.yml
@ -0,0 +1,15 @@
 ---
 # appservice_name is the name of the project on GitHub
 appservice_name: matrix-appservice-discord
 # URL to clone
 appservice_repo: https://github.com/Half-Shot/matrix-appservice-discord.git
 # name of the service user
 # It means that you will have to `sudo -u THISUSER zsh` to debug
 appservice_user: "{{ appservice_name }}"
 appservice_homedir: "/var/local/{{ appservice_name }}"
 # appservice_path is where the project is cloned
 # It can't be the home directory because of user hidden files.
 appservice_path: "{{ appservice_homedir }}/{{ appservice_name }}"
--- a/roles/matrix-appservice-discord/tasks/1_user_group.yml
+++ b/roles/matrix-appservice-discord/tasks/1_user_group.yml
@ -1,26 +0,0 @@
 ---
 # Security #1
 - name: Create matrix-appservice-discord system group
  group:
    name: matrix-appservice-discord
    system: true
    state: present
 # Security #2
 - name: Create matrix-appservice-discord user
  user:
    name: matrix-appservice-discord
    group: matrix-appservice-discord
    home: /var/local/matrix-appservice-discord
    comment: Matrix Appservice Discord
    system: true
    state: present
 # Security #3
 - name: Secure matrix-appservice-discord home directory
  file:
    path: /var/local/matrix-appservice-discord
    state: directory
    owner: matrix-appservice-discord
    group: matrix-appservice-discord
    mode: 0750
--- a/roles/matrix-appservice-discord/tasks/main.yml
+++ b/roles/matrix-appservice-discord/tasks/main.yml
@ -1,23 +1,23 @@
 ---
-# Create CodiMD user and group
+# Create service user
- include_tasks: 1_user_group.yml
+- include_tasks: service_user.yml
-# Download CodiMD
+- name: "Clone {{ appservice_name }} project"
 - name: Clone matrix-appservice-discord project
  git:
-    repo: https://github.com/Half-Shot/matrix-appservice-discord.git
+    repo: "{{ appservice_repo }}"
-    dest: /var/local/matrix-appservice-discord/matrix-appservice-discord
+    dest: "{{ appservice_path }}"
    version: 14cf2829510e8b7b99b3238e2deaddf296ab4b76
  become: true
-  become_user: matrix-appservice-discord
+  become_user: "{{ appservice_user }}"
 # Setup dependencies
 # May create issues with package-lock.json not in gitignore
- name: Install matrix-appservice-discord dependencies
+- name: "Install {{ appservice_name }} dependencies"
  npm:
-    path: /var/local/matrix-appservice-discord/matrix-appservice-discord
+    path: "{{ appservice_path }}"
    production: true
  become: true
-  become_user: matrix-appservice-discord
+  become_user: "{{ appservice_user }}"
  register: npm_result
  retries: 3
  until: npm_result is succeeded
@ -26,34 +26,44 @@
 - name: Compile matrix-appservice-discord
  command: ./node_modules/.bin/tsc
  args:
-    chdir: /var/local/matrix-appservice-discord/matrix-appservice-discord
+    chdir: "{{ appservice_path }}"
  register: npm_build_result
  changed_when: npm_build_result
  become: true
-  become_user: matrix-appservice-discord
+  become_user: "{{ appservice_user }}"
-# Configure
+- name: "Configure {{ appservice_name }}"
 - name: Configure matrix-appservice-discord
  template:
    src: config.yaml.j2
-    dest: /var/local/matrix-appservice-discord/matrix-appservice-discord/config.yaml
+    dest: "{{ appservice_path }}/config.yaml"
-    owner: matrix-appservice-discord
+    owner: "{{ appservice_user }}"
-    group: matrix-appservice-discord
+    group: nogroup
    mode: 0600
 # Service file
- name: Install matrix-appservice-discord systemd unit
+- name: "Install {{ appservice_name }} systemd unit"
  template:
    src: systemd/matrix-appservice-discord.service.j2
-    dest: /etc/systemd/system/matrix-appservice-discord.service
+    dest: "/etc/systemd/system/{{ appservice_name }}.service"
    owner: root
    group: root
    mode: 0644
  notify: Reload systemd daemons
 # TODO generate registration
 - name: Copy appservice registration file
  copy:
    src: "{{ appservice_path }}/discord-registration.yaml"
    dest: "/etc/matrix-synapse/{{ appservice_name }}-registration.yaml"
    owner: matrix-synapse
    group: nogroup
    mode: 0600
    remote_src: yes
 # Run
-#- name: Ensure that matrix-appservice-discord is started
+- name: "Ensure that {{ appservice_name }} is started"
-#  service:
+  service:
-#    name: matrix-appservice-discord
+    name: "{{ appservice_name }}"
-#    state: started
+    state: started
-#    enabled: true
+    enabled: true
--- a/roles/matrix-appservice-discord/tasks/service_user.yml
+++ b/roles/matrix-appservice-discord/tasks/service_user.yml
@ -0,0 +1,19 @@
 ---
 # Having a custom group is useless so use nogroup
 - name: "Create {{ appservice_user }} user"
  user:
    name: "{{ appservice_user }}"
    group: nogroup
    home: "{{ appservice_homedir }}"
    system: true
    shell: /bin/false
    state: present
 # Only service user should be able to go there
 - name: "Secure {{ appservice_user }} home directory"
  file:
    path: "{{ appservice_homedir }}"
    state: directory
    owner: "{{ appservice_user }}"
    group: nogroup
    mode: 0700
--- a/roles/matrix-appservice-irc/defaults/main.yml
+++ b/roles/matrix-appservice-irc/defaults/main.yml
@ -0,0 +1,15 @@
 ---
 # appservice_name is the name of the project on GitHub
 appservice_name: matrix-appservice-irc
 # URL to clone
 appservice_repo: https://github.com/matrix-org/matrix-appservice-irc.git
 # name of the service user
 # It means that you will have to `sudo -u THISUSER zsh` to debug
 appservice_user: "{{ appservice_name }}"
 appservice_homedir: "/var/local/{{ appservice_name }}"
 # appservice_path is where the project is cloned
 # It can't be the home directory because of user hidden files.
 appservice_path: "{{ appservice_homedir }}/{{ appservice_name }}"
--- a/roles/matrix-appservice-irc/tasks/1_user_group.yml
+++ b/roles/matrix-appservice-irc/tasks/1_user_group.yml
@ -1,26 +0,0 @@
 ---
 # Security #1
 - name: Create matrix-appservice-irc system group
  group:
    name: matrix-appservice-irc
    system: true
    state: present
 # Security #2
 - name: Create matrix-appservice-irc user
  user:
    name: matrix-appservice-irc
    group: matrix-appservice-irc
    home: /var/local/matrix-appservice-irc
    comment: Matrix Appservice IRC
    system: true
    state: present
 # Security #3
 - name: Secure matrix-appservice-irc home directory
  file:
    path: /var/local/matrix-appservice-irc
    state: directory
    owner: matrix-appservice-irc
    group: matrix-appservice-irc
    mode: 0750
--- a/roles/matrix-appservice-irc/tasks/main.yml
+++ b/roles/matrix-appservice-irc/tasks/main.yml
@ -1,45 +1,55 @@
 ---
-# Create matrix-appservice-irc user and group
+# Create service user
- include_tasks: 1_user_group.yml
+- include_tasks: service_user.yml
- name: Clone matrix-appservice-irc project
+- name: "Clone {{ appservice_name }} project"
  git:
-    repo: https://github.com/matrix-org/matrix-appservice-irc.git
+    repo: "{{ appservice_repo }}"
-    dest: /var/local/matrix-appservice-irc/matrix-appservice-irc
+    dest: "{{ appservice_path }}"
    version: 0.11.2
  become: true
-  become_user: matrix-appservice-irc
+  become_user: "{{ appservice_user }}"
 # Setup dependencies
- name: Install matrix-appservice-irc dependencies
+- name: "Install {{ appservice_name }} dependencies"
  npm:
-    path: /var/local/matrix-appservice-irc/matrix-appservice-irc
+    path: "{{ appservice_path }}"
    production: true
  become: true
-  become_user: matrix-appservice-irc
+  become_user: "{{ appservice_user }}"
  register: npm_result
  retries: 3
  until: npm_result is succeeded
-# Configure
+- name: "Configure {{ appservice_name }}"
 - name: Configure matrix-appservice-irc
  template:
    src: config.yaml.j2
-    dest: /var/local/matrix-appservice-irc/matrix-appservice-irc/config.yaml
+    dest: "{{ appservice_path }}/config.yaml"
-    owner: matrix-appservice-irc
+    owner: "{{ appservice_user }}"
-    group: matrix-appservice-irc
+    group: nogroup
    mode: 0600
 # Service file
- name: Install matrix-appservice-irc systemd unit
+- name: "Install {{ appservice_name }} systemd unit"
  template:
    src: systemd/matrix-appservice-irc.service.j2
-    dest: /etc/systemd/system/matrix-appservice-irc.service
+    dest: "/etc/systemd/system/{{ appservice_name }}.service"
    owner: root
    group: root
    mode: 0644
  notify: Reload systemd daemons
 # TODO generate registration
 #- name: Copy appservice registration file
 #  copy:
 #    src: "{{ appservice_path }}/discord-registration.yaml"
 #    dest: "/etc/matrix-synapse/{{ appservice_name }}-registration.yaml"
 #    owner: matrix-synapse
 #    group: nogroup
 #    mode: 0600
 #    remote_src: yes
 # Run
 #- name: Ensure that matrix-appservice-irc is started
 #  service:
--- a/roles/matrix-appservice-irc/tasks/service_user.yml
+++ b/roles/matrix-appservice-irc/tasks/service_user.yml
@ -0,0 +1,19 @@
 ---
 # Having a custom group is useless so use nogroup
 - name: "Create {{ appservice_user }} user"
  user:
    name: "{{ appservice_user }}"
    group: nogroup
    home: "{{ appservice_homedir }}"
    system: true
    shell: /bin/false
    state: present
 # Only service user should be able to go there
 - name: "Secure {{ appservice_user }} home directory"
  file:
    path: "{{ appservice_homedir }}"
    state: directory
    owner: "{{ appservice_user }}"
    group: nogroup
    mode: 0700
--- a/roles/matrix-appservice-webhooks/defaults/main.yml
+++ b/roles/matrix-appservice-webhooks/defaults/main.yml
@ -0,0 +1,15 @@
 ---
 # appservice_name is the name of the project on GitHub
 appservice_name: matrix-appservice-webhooks
 # URL to clone
 appservice_repo: https://github.com/turt2live/matrix-appservice-webhooks.git
 # name of the service user
 # It means that you will have to `sudo -u THISUSER zsh` to debug
 appservice_user: "{{ appservice_name }}"
 appservice_homedir: "/var/local/{{ appservice_name }}"
 # appservice_path is where the project is cloned
 # It can't be the home directory because of user hidden files.
 appservice_path: "{{ appservice_homedir }}/{{ appservice_name }}"
--- a/roles/matrix-appservice-webhooks/tasks/1_user_group.yml
+++ b/roles/matrix-appservice-webhooks/tasks/1_user_group.yml
@ -1,26 +0,0 @@
 ---
 # Security #1
 - name: Create matrix-appservice-webhooks system group
  group:
    name: matrix-appservice-webhooks
    system: true
    state: present
 # Security #2
 - name: Create matrix-appservice-webhooks user
  user:
    name: matrix-appservice-webhooks
    group: matrix-appservice-webhooks
    home: /var/local/matrix-appservice-webhooks
    comment: Matrix Appservice WebHooks
    system: true
    state: present
 # Security #3
 - name: Secure matrix-appservice-webhooks home directory
  file:
    path: /var/local/matrix-appservice-webhooks
    state: directory
    owner: matrix-appservice-webhooks
    group: matrix-appservice-webhooks
    mode: 0750
--- a/roles/matrix-appservice-webhooks/tasks/main.yml
+++ b/roles/matrix-appservice-webhooks/tasks/main.yml
@ -1,55 +1,58 @@
 ---
-# Create matrix-appservice-webhooks user and group
+# Create service user
- include_tasks: 1_user_group.yml
+- include_tasks: service_user.yml
- name: Clone matrix-appservice-webhooks project
+- name: "Clone {{ appservice_name }} project"
  git:
-    repo: https://github.com/turt2live/matrix-appservice-webhooks.git
+    repo: "{{ appservice_repo }}"
-    dest: /var/local/matrix-appservice-webhooks/matrix-appservice-webhooks
+    dest: "{{ appservice_path }}"
    version: master
  become: true
-  become_user: matrix-appservice-webhooks
+  become_user: "{{ appservice_user }}"
 # Setup dependencies
- name: Install matrix-appservice-webhooks dependencies
+- name: "Install {{ appservice_name }} dependencies"
  npm:
-    path: /var/local/matrix-appservice-webhooks/matrix-appservice-webhooks
+    path: "{{ appservice_path }}"
    production: true
  become: true
-  become_user: matrix-appservice-webhooks
+  become_user: "{{ appservice_user }}"
  register: npm_result
  retries: 3
  until: npm_result is succeeded
-# Configure
+- name: "Configure {{ appservice_name }}"
 - name: Configure matrix-appservice-webhooks
  template:
    src: config.yaml.j2
-    dest: /var/local/matrix-appservice-webhooks/matrix-appservice-webhooks/config/config.yaml
+    dest: "{{ appservice_path }}/config/config.yaml"
-    owner: matrix-appservice-webhooks
+    owner: "{{ appservice_user }}"
-    group: matrix-appservice-webhooks
+    group: nogroup
    mode: 0600
 # Service file
- name: Install matrix-appservice-webhooks systemd unit
+- name: "Install {{ appservice_name }} systemd unit"
  template:
    src: systemd/matrix-appservice-webhooks.service.j2
-    dest: /etc/systemd/system/matrix-appservice-webhooks.service
+    dest: "/etc/systemd/system/{{ appservice_name }}.service"
    owner: root
    group: root
    mode: 0644
  notify: Reload systemd daemons
-# TODO
+# TODO generate registration
-# node index.js -r -u "http://localhost:9000" -c config/config.yaml
+
-# cp /var/local/matrix-appservice-webhooks/matrix-appservice-webhooks/appservice-registration-webhooks.yaml
+- name: Copy appservice registration file
-# > /etc/matrix-synapse/appservice-registration-webhooks.yaml
+  copy:
-# chown matrix-synapse:nogroup /etc/matrix-synapse/appservice-registration-webhooks.yaml 440
+    src: "{{ appservice_path }}/appservice-registration-webhooks.yaml"
-# /etc/matrix-synapse/conf.d/app_service_config_files.yaml
+    dest: "/etc/matrix-synapse/{{ appservice_name }}-registration.yaml"
    owner: matrix-synapse
    group: nogroup
    mode: 0600
    remote_src: yes
 # Run
-#- name: Ensure that matrix-appservice-webhooks is started
+- name: "Ensure that {{ appservice_name }} is started"
-#  service:
+  service:
-#    name: matrix-appservice-webhooks
+    name: "{{ appservice_name }}"
-#    state: started
+    state: started
-#    enabled: true
+    enabled: true
--- a/roles/matrix-appservice-webhooks/tasks/service_user.yml
+++ b/roles/matrix-appservice-webhooks/tasks/service_user.yml
@ -0,0 +1,19 @@
 ---
 # Having a custom group is useless so use nogroup
 - name: "Create {{ appservice_user }} user"
  user:
    name: "{{ appservice_user }}"
    group: nogroup
    home: "{{ appservice_homedir }}"
    system: true
    shell: /bin/false
    state: present
 # Only service user should be able to go there
 - name: "Secure {{ appservice_user }} home directory"
  file:
    path: "{{ appservice_homedir }}"
    state: directory
    owner: "{{ appservice_user }}"
    group: nogroup
    mode: 0700