Dustin C. Hatch
371305bed4
The *synapse* role and the corresponding `synapse.yml` playbook deploy Synapse, the reference Matrix homeserver implementation. Deploying Synapse itself is fairly straightforward: it is packaged by Fedora and therefore can simply be installed via `dnf` and started by `systemd`. Making the service available on the Internet, however, is more involved. The Matrix protocol mostly works over HTTPS on the standard port (443), so a typical reverse proxy deployment is mostly sufficient. Some parts of the Matrix protocol, however, involve communication over an alternate port (8448). This could be handled by a reverse proxy as well, but since it is a fairly unique port, it could also be handled by NAT/port forwarding. In order to support both deployment scenarios (as well as the hypothetical scenario wherein the Synapse machine is directly accessible from the Internet), the *synapse* role supports specifying an optional `matrix_tls_cert` variable. If this variable is set, it should contain the path to a certificate file on the Ansible control machine that will be used for the "direct" connections (i.e. on port 8448). If it is not set, the default Apache certificate will be used for both virtual hosts. Synapse has a pretty extensive configuration schema, but most of the options are set to their default values by the *synapse* role. Other than substituting secret keys, the only exposed configuration option is the LDAP authentication provider.
130 lines
1.9 KiB
INI
130 lines
1.9 KiB
INI
[all:vars]
|
|
ansible_python_interpreter=/usr/bin/python3
|
|
|
|
[aria2]
|
|
file0.pyrocufflink.blue
|
|
|
|
[bitwarden_rs]
|
|
bw0.pyrocufflink.blue
|
|
|
|
[burp-client]
|
|
bw0.pyrocufflink.blue
|
|
cloud0.pyrocufflink.blue
|
|
file0.pyrocufflink.blue
|
|
hass1.pyrocufflink.blue
|
|
|
|
[burp-server]
|
|
burp1.pyrocufflink.blue
|
|
|
|
[certbot]
|
|
|
|
[collectd:children]
|
|
pyrocufflink
|
|
|
|
[dch-proxy]
|
|
|
|
[dch-vpn]
|
|
vpn0.pyrocufflink.blue
|
|
|
|
[dhcpcd:children]
|
|
vm-hosts
|
|
|
|
[dhcpd:children]
|
|
pyrocufflink-dhcp
|
|
|
|
[docker]
|
|
build0-amd64.pyrocufflink.blue
|
|
|
|
[docker:children]
|
|
bitwarden_rs
|
|
|
|
[file-servers]
|
|
file0.pyrocufflink.blue
|
|
|
|
[gitea]
|
|
git0.pyrocufflink.blue
|
|
|
|
[graylog]
|
|
logs0.pyrocufflink.blue
|
|
|
|
[hassdb]
|
|
hassdb0.pyrocufflink.blue
|
|
|
|
[home-assistant]
|
|
hass1.pyrocufflink.blue
|
|
|
|
[jenkins-slave]
|
|
build0-amd64.pyrocufflink.blue
|
|
build1-aarch64.pyrocufflink.blue
|
|
build2-armv7hl.pyrocufflink.blue
|
|
|
|
[motioneye]
|
|
motion0.pyrocufflink.blue
|
|
|
|
[named-server:children]
|
|
pyrocufflink-dns
|
|
|
|
[nextcloud]
|
|
cloud0.pyrocufflink.blue
|
|
|
|
[ntpd]
|
|
dc0.pyrocufflink.blue
|
|
|
|
[postgresql]
|
|
cloud0.pyrocufflink.blue
|
|
hassdb0.pyrocufflink.blue
|
|
|
|
[protonvpn:children]
|
|
pyrocufflink-dns
|
|
|
|
[public-web]
|
|
web0.pyrocufflink.blue
|
|
|
|
[pyrocufflink]
|
|
build0-amd64.pyrocufflink.blue
|
|
build1-aarch64.pyrocufflink.blue
|
|
build2-armv7hl.pyrocufflink.blue
|
|
burp1.pyrocufflink.blue
|
|
bw0.pyrocufflink.blue
|
|
cloud0.pyrocufflink.blue
|
|
dc0.pyrocufflink.blue
|
|
dns0.pyrocufflink.blue
|
|
file0.pyrocufflink.blue
|
|
git0.pyrocufflink.blue
|
|
hass1.pyrocufflink.blue
|
|
hassdb0.pyrocufflink.blue
|
|
jenkins0.pyrocufflink.blue
|
|
logs0.pyrocufflink.blue
|
|
motion0.pyrocufflink.blue
|
|
smtp1.pyrocufflink.blue
|
|
vpn0.pyrocufflink.blue
|
|
web0.pyrocufflink.blue
|
|
|
|
[pyrocufflink-dhcp]
|
|
dns0.pyrocufflink.blue
|
|
|
|
[pyrocufflink-dns]
|
|
dns0.pyrocufflink.blue
|
|
|
|
[radius:children]
|
|
samba-dc
|
|
|
|
[rw-root]
|
|
build1-aarch64.pyrocufflink.blue
|
|
build2-armv7hl.pyrocufflink.blue
|
|
|
|
[samba-dc]
|
|
dc0.pyrocufflink.blue
|
|
|
|
[smtp-relay]
|
|
smtp1.pyrocufflink.blue
|
|
|
|
[squid]
|
|
|
|
[synapse]
|
|
|
|
[vm-hosts]
|
|
|
|
[wheelhost]
|
|
file0.pyrocufflink.blue
|