Simplify Matrix appservices
This commit is contained in:
parent
d9aab6cfd2
commit
5ccb94e621
12 changed files with 192 additions and 145 deletions
15
roles/matrix-appservice-discord/defaults/main.yml
Normal file
15
roles/matrix-appservice-discord/defaults/main.yml
Normal file
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
# appservice_name is the name of the project on GitHub
|
||||
appservice_name: matrix-appservice-discord
|
||||
|
||||
# URL to clone
|
||||
appservice_repo: https://github.com/Half-Shot/matrix-appservice-discord.git
|
||||
|
||||
# name of the service user
|
||||
# It means that you will have to `sudo -u THISUSER zsh` to debug
|
||||
appservice_user: "{{ appservice_name }}"
|
||||
appservice_homedir: "/var/local/{{ appservice_name }}"
|
||||
|
||||
# appservice_path is where the project is cloned
|
||||
# It can't be the home directory because of user hidden files.
|
||||
appservice_path: "{{ appservice_homedir }}/{{ appservice_name }}"
|
|
@ -1,26 +0,0 @@
|
|||
---
|
||||
# Security #1
|
||||
- name: Create matrix-appservice-discord system group
|
||||
group:
|
||||
name: matrix-appservice-discord
|
||||
system: true
|
||||
state: present
|
||||
|
||||
# Security #2
|
||||
- name: Create matrix-appservice-discord user
|
||||
user:
|
||||
name: matrix-appservice-discord
|
||||
group: matrix-appservice-discord
|
||||
home: /var/local/matrix-appservice-discord
|
||||
comment: Matrix Appservice Discord
|
||||
system: true
|
||||
state: present
|
||||
|
||||
# Security #3
|
||||
- name: Secure matrix-appservice-discord home directory
|
||||
file:
|
||||
path: /var/local/matrix-appservice-discord
|
||||
state: directory
|
||||
owner: matrix-appservice-discord
|
||||
group: matrix-appservice-discord
|
||||
mode: 0750
|
|
@ -1,23 +1,23 @@
|
|||
---
|
||||
# Create CodiMD user and group
|
||||
- include_tasks: 1_user_group.yml
|
||||
# Create service user
|
||||
- include_tasks: service_user.yml
|
||||
|
||||
# Download CodiMD
|
||||
- name: Clone matrix-appservice-discord project
|
||||
- name: "Clone {{ appservice_name }} project"
|
||||
git:
|
||||
repo: https://github.com/Half-Shot/matrix-appservice-discord.git
|
||||
dest: /var/local/matrix-appservice-discord/matrix-appservice-discord
|
||||
repo: "{{ appservice_repo }}"
|
||||
dest: "{{ appservice_path }}"
|
||||
version: 14cf2829510e8b7b99b3238e2deaddf296ab4b76
|
||||
become: true
|
||||
become_user: matrix-appservice-discord
|
||||
become_user: "{{ appservice_user }}"
|
||||
|
||||
# Setup dependencies
|
||||
# May create issues with package-lock.json not in gitignore
|
||||
- name: Install matrix-appservice-discord dependencies
|
||||
- name: "Install {{ appservice_name }} dependencies"
|
||||
npm:
|
||||
path: /var/local/matrix-appservice-discord/matrix-appservice-discord
|
||||
path: "{{ appservice_path }}"
|
||||
production: true
|
||||
become: true
|
||||
become_user: matrix-appservice-discord
|
||||
become_user: "{{ appservice_user }}"
|
||||
register: npm_result
|
||||
retries: 3
|
||||
until: npm_result is succeeded
|
||||
|
@ -26,34 +26,44 @@
|
|||
- name: Compile matrix-appservice-discord
|
||||
command: ./node_modules/.bin/tsc
|
||||
args:
|
||||
chdir: /var/local/matrix-appservice-discord/matrix-appservice-discord
|
||||
chdir: "{{ appservice_path }}"
|
||||
register: npm_build_result
|
||||
changed_when: npm_build_result
|
||||
become: true
|
||||
become_user: matrix-appservice-discord
|
||||
become_user: "{{ appservice_user }}"
|
||||
|
||||
# Configure
|
||||
- name: Configure matrix-appservice-discord
|
||||
- name: "Configure {{ appservice_name }}"
|
||||
template:
|
||||
src: config.yaml.j2
|
||||
dest: /var/local/matrix-appservice-discord/matrix-appservice-discord/config.yaml
|
||||
owner: matrix-appservice-discord
|
||||
group: matrix-appservice-discord
|
||||
dest: "{{ appservice_path }}/config.yaml"
|
||||
owner: "{{ appservice_user }}"
|
||||
group: nogroup
|
||||
mode: 0600
|
||||
|
||||
# Service file
|
||||
- name: Install matrix-appservice-discord systemd unit
|
||||
- name: "Install {{ appservice_name }} systemd unit"
|
||||
template:
|
||||
src: systemd/matrix-appservice-discord.service.j2
|
||||
dest: /etc/systemd/system/matrix-appservice-discord.service
|
||||
dest: "/etc/systemd/system/{{ appservice_name }}.service"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify: Reload systemd daemons
|
||||
|
||||
# TODO generate registration
|
||||
|
||||
- name: Copy appservice registration file
|
||||
copy:
|
||||
src: "{{ appservice_path }}/discord-registration.yaml"
|
||||
dest: "/etc/matrix-synapse/{{ appservice_name }}-registration.yaml"
|
||||
owner: matrix-synapse
|
||||
group: nogroup
|
||||
mode: 0600
|
||||
remote_src: yes
|
||||
|
||||
# Run
|
||||
#- name: Ensure that matrix-appservice-discord is started
|
||||
# service:
|
||||
# name: matrix-appservice-discord
|
||||
# state: started
|
||||
# enabled: true
|
||||
- name: "Ensure that {{ appservice_name }} is started"
|
||||
service:
|
||||
name: "{{ appservice_name }}"
|
||||
state: started
|
||||
enabled: true
|
||||
|
|
19
roles/matrix-appservice-discord/tasks/service_user.yml
Normal file
19
roles/matrix-appservice-discord/tasks/service_user.yml
Normal file
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
# Having a custom group is useless so use nogroup
|
||||
- name: "Create {{ appservice_user }} user"
|
||||
user:
|
||||
name: "{{ appservice_user }}"
|
||||
group: nogroup
|
||||
home: "{{ appservice_homedir }}"
|
||||
system: true
|
||||
shell: /bin/false
|
||||
state: present
|
||||
|
||||
# Only service user should be able to go there
|
||||
- name: "Secure {{ appservice_user }} home directory"
|
||||
file:
|
||||
path: "{{ appservice_homedir }}"
|
||||
state: directory
|
||||
owner: "{{ appservice_user }}"
|
||||
group: nogroup
|
||||
mode: 0700
|
15
roles/matrix-appservice-irc/defaults/main.yml
Normal file
15
roles/matrix-appservice-irc/defaults/main.yml
Normal file
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
# appservice_name is the name of the project on GitHub
|
||||
appservice_name: matrix-appservice-irc
|
||||
|
||||
# URL to clone
|
||||
appservice_repo: https://github.com/matrix-org/matrix-appservice-irc.git
|
||||
|
||||
# name of the service user
|
||||
# It means that you will have to `sudo -u THISUSER zsh` to debug
|
||||
appservice_user: "{{ appservice_name }}"
|
||||
appservice_homedir: "/var/local/{{ appservice_name }}"
|
||||
|
||||
# appservice_path is where the project is cloned
|
||||
# It can't be the home directory because of user hidden files.
|
||||
appservice_path: "{{ appservice_homedir }}/{{ appservice_name }}"
|
|
@ -1,26 +0,0 @@
|
|||
---
|
||||
# Security #1
|
||||
- name: Create matrix-appservice-irc system group
|
||||
group:
|
||||
name: matrix-appservice-irc
|
||||
system: true
|
||||
state: present
|
||||
|
||||
# Security #2
|
||||
- name: Create matrix-appservice-irc user
|
||||
user:
|
||||
name: matrix-appservice-irc
|
||||
group: matrix-appservice-irc
|
||||
home: /var/local/matrix-appservice-irc
|
||||
comment: Matrix Appservice IRC
|
||||
system: true
|
||||
state: present
|
||||
|
||||
# Security #3
|
||||
- name: Secure matrix-appservice-irc home directory
|
||||
file:
|
||||
path: /var/local/matrix-appservice-irc
|
||||
state: directory
|
||||
owner: matrix-appservice-irc
|
||||
group: matrix-appservice-irc
|
||||
mode: 0750
|
|
@ -1,45 +1,55 @@
|
|||
---
|
||||
# Create matrix-appservice-irc user and group
|
||||
- include_tasks: 1_user_group.yml
|
||||
# Create service user
|
||||
- include_tasks: service_user.yml
|
||||
|
||||
- name: Clone matrix-appservice-irc project
|
||||
- name: "Clone {{ appservice_name }} project"
|
||||
git:
|
||||
repo: https://github.com/matrix-org/matrix-appservice-irc.git
|
||||
dest: /var/local/matrix-appservice-irc/matrix-appservice-irc
|
||||
repo: "{{ appservice_repo }}"
|
||||
dest: "{{ appservice_path }}"
|
||||
version: 0.11.2
|
||||
become: true
|
||||
become_user: matrix-appservice-irc
|
||||
become_user: "{{ appservice_user }}"
|
||||
|
||||
# Setup dependencies
|
||||
- name: Install matrix-appservice-irc dependencies
|
||||
- name: "Install {{ appservice_name }} dependencies"
|
||||
npm:
|
||||
path: /var/local/matrix-appservice-irc/matrix-appservice-irc
|
||||
path: "{{ appservice_path }}"
|
||||
production: true
|
||||
become: true
|
||||
become_user: matrix-appservice-irc
|
||||
become_user: "{{ appservice_user }}"
|
||||
register: npm_result
|
||||
retries: 3
|
||||
until: npm_result is succeeded
|
||||
|
||||
# Configure
|
||||
- name: Configure matrix-appservice-irc
|
||||
- name: "Configure {{ appservice_name }}"
|
||||
template:
|
||||
src: config.yaml.j2
|
||||
dest: /var/local/matrix-appservice-irc/matrix-appservice-irc/config.yaml
|
||||
owner: matrix-appservice-irc
|
||||
group: matrix-appservice-irc
|
||||
dest: "{{ appservice_path }}/config.yaml"
|
||||
owner: "{{ appservice_user }}"
|
||||
group: nogroup
|
||||
mode: 0600
|
||||
|
||||
# Service file
|
||||
- name: Install matrix-appservice-irc systemd unit
|
||||
- name: "Install {{ appservice_name }} systemd unit"
|
||||
template:
|
||||
src: systemd/matrix-appservice-irc.service.j2
|
||||
dest: /etc/systemd/system/matrix-appservice-irc.service
|
||||
dest: "/etc/systemd/system/{{ appservice_name }}.service"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify: Reload systemd daemons
|
||||
|
||||
# TODO generate registration
|
||||
|
||||
#- name: Copy appservice registration file
|
||||
# copy:
|
||||
# src: "{{ appservice_path }}/discord-registration.yaml"
|
||||
# dest: "/etc/matrix-synapse/{{ appservice_name }}-registration.yaml"
|
||||
# owner: matrix-synapse
|
||||
# group: nogroup
|
||||
# mode: 0600
|
||||
# remote_src: yes
|
||||
|
||||
# Run
|
||||
#- name: Ensure that matrix-appservice-irc is started
|
||||
# service:
|
||||
|
|
19
roles/matrix-appservice-irc/tasks/service_user.yml
Normal file
19
roles/matrix-appservice-irc/tasks/service_user.yml
Normal file
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
# Having a custom group is useless so use nogroup
|
||||
- name: "Create {{ appservice_user }} user"
|
||||
user:
|
||||
name: "{{ appservice_user }}"
|
||||
group: nogroup
|
||||
home: "{{ appservice_homedir }}"
|
||||
system: true
|
||||
shell: /bin/false
|
||||
state: present
|
||||
|
||||
# Only service user should be able to go there
|
||||
- name: "Secure {{ appservice_user }} home directory"
|
||||
file:
|
||||
path: "{{ appservice_homedir }}"
|
||||
state: directory
|
||||
owner: "{{ appservice_user }}"
|
||||
group: nogroup
|
||||
mode: 0700
|
15
roles/matrix-appservice-webhooks/defaults/main.yml
Normal file
15
roles/matrix-appservice-webhooks/defaults/main.yml
Normal file
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
# appservice_name is the name of the project on GitHub
|
||||
appservice_name: matrix-appservice-webhooks
|
||||
|
||||
# URL to clone
|
||||
appservice_repo: https://github.com/turt2live/matrix-appservice-webhooks.git
|
||||
|
||||
# name of the service user
|
||||
# It means that you will have to `sudo -u THISUSER zsh` to debug
|
||||
appservice_user: "{{ appservice_name }}"
|
||||
appservice_homedir: "/var/local/{{ appservice_name }}"
|
||||
|
||||
# appservice_path is where the project is cloned
|
||||
# It can't be the home directory because of user hidden files.
|
||||
appservice_path: "{{ appservice_homedir }}/{{ appservice_name }}"
|
|
@ -1,26 +0,0 @@
|
|||
---
|
||||
# Security #1
|
||||
- name: Create matrix-appservice-webhooks system group
|
||||
group:
|
||||
name: matrix-appservice-webhooks
|
||||
system: true
|
||||
state: present
|
||||
|
||||
# Security #2
|
||||
- name: Create matrix-appservice-webhooks user
|
||||
user:
|
||||
name: matrix-appservice-webhooks
|
||||
group: matrix-appservice-webhooks
|
||||
home: /var/local/matrix-appservice-webhooks
|
||||
comment: Matrix Appservice WebHooks
|
||||
system: true
|
||||
state: present
|
||||
|
||||
# Security #3
|
||||
- name: Secure matrix-appservice-webhooks home directory
|
||||
file:
|
||||
path: /var/local/matrix-appservice-webhooks
|
||||
state: directory
|
||||
owner: matrix-appservice-webhooks
|
||||
group: matrix-appservice-webhooks
|
||||
mode: 0750
|
|
@ -1,55 +1,58 @@
|
|||
---
|
||||
# Create matrix-appservice-webhooks user and group
|
||||
- include_tasks: 1_user_group.yml
|
||||
# Create service user
|
||||
- include_tasks: service_user.yml
|
||||
|
||||
- name: Clone matrix-appservice-webhooks project
|
||||
- name: "Clone {{ appservice_name }} project"
|
||||
git:
|
||||
repo: https://github.com/turt2live/matrix-appservice-webhooks.git
|
||||
dest: /var/local/matrix-appservice-webhooks/matrix-appservice-webhooks
|
||||
repo: "{{ appservice_repo }}"
|
||||
dest: "{{ appservice_path }}"
|
||||
version: master
|
||||
become: true
|
||||
become_user: matrix-appservice-webhooks
|
||||
become_user: "{{ appservice_user }}"
|
||||
|
||||
# Setup dependencies
|
||||
- name: Install matrix-appservice-webhooks dependencies
|
||||
- name: "Install {{ appservice_name }} dependencies"
|
||||
npm:
|
||||
path: /var/local/matrix-appservice-webhooks/matrix-appservice-webhooks
|
||||
path: "{{ appservice_path }}"
|
||||
production: true
|
||||
become: true
|
||||
become_user: matrix-appservice-webhooks
|
||||
become_user: "{{ appservice_user }}"
|
||||
register: npm_result
|
||||
retries: 3
|
||||
until: npm_result is succeeded
|
||||
|
||||
# Configure
|
||||
- name: Configure matrix-appservice-webhooks
|
||||
- name: "Configure {{ appservice_name }}"
|
||||
template:
|
||||
src: config.yaml.j2
|
||||
dest: /var/local/matrix-appservice-webhooks/matrix-appservice-webhooks/config/config.yaml
|
||||
owner: matrix-appservice-webhooks
|
||||
group: matrix-appservice-webhooks
|
||||
dest: "{{ appservice_path }}/config/config.yaml"
|
||||
owner: "{{ appservice_user }}"
|
||||
group: nogroup
|
||||
mode: 0600
|
||||
|
||||
# Service file
|
||||
- name: Install matrix-appservice-webhooks systemd unit
|
||||
- name: "Install {{ appservice_name }} systemd unit"
|
||||
template:
|
||||
src: systemd/matrix-appservice-webhooks.service.j2
|
||||
dest: /etc/systemd/system/matrix-appservice-webhooks.service
|
||||
dest: "/etc/systemd/system/{{ appservice_name }}.service"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify: Reload systemd daemons
|
||||
|
||||
# TODO
|
||||
# node index.js -r -u "http://localhost:9000" -c config/config.yaml
|
||||
# cp /var/local/matrix-appservice-webhooks/matrix-appservice-webhooks/appservice-registration-webhooks.yaml
|
||||
# > /etc/matrix-synapse/appservice-registration-webhooks.yaml
|
||||
# chown matrix-synapse:nogroup /etc/matrix-synapse/appservice-registration-webhooks.yaml 440
|
||||
# /etc/matrix-synapse/conf.d/app_service_config_files.yaml
|
||||
# TODO generate registration
|
||||
|
||||
- name: Copy appservice registration file
|
||||
copy:
|
||||
src: "{{ appservice_path }}/appservice-registration-webhooks.yaml"
|
||||
dest: "/etc/matrix-synapse/{{ appservice_name }}-registration.yaml"
|
||||
owner: matrix-synapse
|
||||
group: nogroup
|
||||
mode: 0600
|
||||
remote_src: yes
|
||||
|
||||
# Run
|
||||
#- name: Ensure that matrix-appservice-webhooks is started
|
||||
# service:
|
||||
# name: matrix-appservice-webhooks
|
||||
# state: started
|
||||
# enabled: true
|
||||
- name: "Ensure that {{ appservice_name }} is started"
|
||||
service:
|
||||
name: "{{ appservice_name }}"
|
||||
state: started
|
||||
enabled: true
|
||||
|
|
19
roles/matrix-appservice-webhooks/tasks/service_user.yml
Normal file
19
roles/matrix-appservice-webhooks/tasks/service_user.yml
Normal file
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
# Having a custom group is useless so use nogroup
|
||||
- name: "Create {{ appservice_user }} user"
|
||||
user:
|
||||
name: "{{ appservice_user }}"
|
||||
group: nogroup
|
||||
home: "{{ appservice_homedir }}"
|
||||
system: true
|
||||
shell: /bin/false
|
||||
state: present
|
||||
|
||||
# Only service user should be able to go there
|
||||
- name: "Secure {{ appservice_user }} home directory"
|
||||
file:
|
||||
path: "{{ appservice_homedir }}"
|
||||
state: directory
|
||||
owner: "{{ appservice_user }}"
|
||||
group: nogroup
|
||||
mode: 0700
|
Loading…
Reference in a new issue