diff --git a/.gitignore b/.gitignore
index caa8231..8000dd9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1 @@
-roles/
.vagrant
diff --git a/.gitmodules b/.gitmodules
deleted file mode 100644
index 7b68024..0000000
--- a/.gitmodules
+++ /dev/null
@@ -1,3 +0,0 @@
-[submodule "roles/synapse"]
- path = roles/synapse
- url = https://gitlab.com/famedly/ansible/synapse
diff --git a/roles/geerlingguy.pip/.gitignore b/roles/geerlingguy.pip/.gitignore
new file mode 100644
index 0000000..f56f5b5
--- /dev/null
+++ b/roles/geerlingguy.pip/.gitignore
@@ -0,0 +1,3 @@
+*.retry
+*/__pycache__
+*.pyc
diff --git a/roles/geerlingguy.pip/.travis.yml b/roles/geerlingguy.pip/.travis.yml
new file mode 100644
index 0000000..906b30d
--- /dev/null
+++ b/roles/geerlingguy.pip/.travis.yml
@@ -0,0 +1,29 @@
+---
+language: python
+services: docker
+
+env:
+ global:
+ - ROLE_NAME: pip
+ matrix:
+ - MOLECULE_DISTRO: centos7
+ - MOLECULE_DISTRO: fedora29
+ - MOLECULE_DISTRO: ubuntu1804
+ - MOLECULE_DISTRO: debian9
+
+install:
+ # Install test dependencies.
+ - pip install molecule docker
+
+before_script:
+ # Use actual Ansible Galaxy role name for the project directory.
+ - cd ../
+ - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME
+ - cd geerlingguy.$ROLE_NAME
+
+script:
+ # Run tests.
+ - molecule test
+
+notifications:
+ webhooks: https://galaxy.ansible.com/api/v1/notifications/
diff --git a/roles/geerlingguy.pip/LICENSE b/roles/geerlingguy.pip/LICENSE
new file mode 100644
index 0000000..4275cf3
--- /dev/null
+++ b/roles/geerlingguy.pip/LICENSE
@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 Jeff Geerling
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/roles/geerlingguy.pip/README.md b/roles/geerlingguy.pip/README.md
new file mode 100644
index 0000000..ec9beb9
--- /dev/null
+++ b/roles/geerlingguy.pip/README.md
@@ -0,0 +1,76 @@
+# Ansible Role: Pip (for Python)
+
+[](https://travis-ci.org/geerlingguy/ansible-role-pip)
+
+An Ansible Role that installs [Pip](https://pip.pypa.io) on Linux.
+
+## Requirements
+
+On RedHat/CentOS, you may need to have EPEL installed before running this role. You can use the `geerlingguy.repo-epel` role if you need a simple way to ensure it's installed.
+
+## Role Variables
+
+Available variables are listed below, along with default values (see `defaults/main.yml`):
+
+ pip_package: python-pip
+
+The name of the packge to install to get `pip` on the system. You can set to `python3-pip`, for example, when using Python 3 on Ubuntu.
+
+ pip_executable: pip
+
+The role will try to autodetect the pip executable based on the `pip_package` (e.g. `pip` for Python 2 and `pip3` for Python 3). You can also override this explicitly, e.g. `pip_executable: pip3.6`.
+
+ pip_install_packages: []
+
+A list of packages to install with pip. Examples below:
+
+ pip_install_packages:
+ # Specify names and versions.
+ - name: docker
+ version: "1.2.3"
+ - name: awscli
+ version: "1.11.91"
+
+ # Or specify bare packages to get the latest release.
+ - docker
+ - awscli
+
+ # Or uninstall a package.
+ - name: docker
+ state: absent
+
+ # Or update a package ot the latest version.
+ - name: docker
+ state: latest
+
+ # Or force a reinstall.
+ - name: docker
+ state: forcereinstall
+
+ # Or install a package in a particular virtualenv.
+ - name: docker
+ virtualenv: /my_app/venv
+
+## Dependencies
+
+None.
+
+## Example Playbook
+
+ - hosts: all
+
+ vars:
+ pip_install_packages:
+ - name: docker
+ - name: awscli
+
+ roles:
+ - geerlingguy.pip
+
+## License
+
+MIT / BSD
+
+## Author Information
+
+This role was created in 2017 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).
diff --git a/roles/geerlingguy.pip/defaults/main.yml b/roles/geerlingguy.pip/defaults/main.yml
new file mode 100644
index 0000000..8a70a1e
--- /dev/null
+++ b/roles/geerlingguy.pip/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+# For Python 3, use python3-pip.
+pip_package: python-pip
+pip_executable: "{{ 'pip3' if pip_package.startswith('python3') else 'pip' }}"
+
+pip_install_packages: []
diff --git a/roles/geerlingguy.pip/meta/.galaxy_install_info b/roles/geerlingguy.pip/meta/.galaxy_install_info
new file mode 100644
index 0000000..ae48908
--- /dev/null
+++ b/roles/geerlingguy.pip/meta/.galaxy_install_info
@@ -0,0 +1,2 @@
+install_date: Thu Sep 12 20:00:01 2019
+version: 1.3.0
diff --git a/roles/geerlingguy.pip/meta/main.yml b/roles/geerlingguy.pip/meta/main.yml
new file mode 100644
index 0000000..eb4248b
--- /dev/null
+++ b/roles/geerlingguy.pip/meta/main.yml
@@ -0,0 +1,30 @@
+---
+dependencies: []
+
+galaxy_info:
+ author: geerlingguy
+ description: Pip (Python package manager) for Linux.
+ issue_tracker_url: https://github.com/geerlingguy/ansible-role-pip/issues
+ company: "Midwestern Mac, LLC"
+ license: "license (BSD, MIT)"
+ min_ansible_version: 2.0
+ platforms:
+ - name: EL
+ versions:
+ - all
+ - name: Fedora
+ versions:
+ - all
+ - name: Debian
+ versions:
+ - all
+ - name: Ubuntu
+ versions:
+ - all
+ galaxy_tags:
+ - system
+ - server
+ - packaging
+ - python
+ - pip
+ - tools
diff --git a/roles/geerlingguy.pip/molecule/default/molecule.yml b/roles/geerlingguy.pip/molecule/default/molecule.yml
new file mode 100644
index 0000000..2ca6fea
--- /dev/null
+++ b/roles/geerlingguy.pip/molecule/default/molecule.yml
@@ -0,0 +1,29 @@
+---
+dependency:
+ name: galaxy
+driver:
+ name: docker
+lint:
+ name: yamllint
+ options:
+ config-file: molecule/default/yaml-lint.yml
+platforms:
+ - name: instance
+ image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
+ command: ${MOLECULE_DOCKER_COMMAND:-""}
+ volumes:
+ - /sys/fs/cgroup:/sys/fs/cgroup:ro
+ privileged: true
+ pre_build_image: true
+provisioner:
+ name: ansible
+ lint:
+ name: ansible-lint
+ playbooks:
+ converge: ${MOLECULE_PLAYBOOK:-playbook.yml}
+scenario:
+ name: default
+verifier:
+ name: testinfra
+ lint:
+ name: flake8
diff --git a/roles/geerlingguy.pip/molecule/default/playbook.yml b/roles/geerlingguy.pip/molecule/default/playbook.yml
new file mode 100644
index 0000000..6ffa90b
--- /dev/null
+++ b/roles/geerlingguy.pip/molecule/default/playbook.yml
@@ -0,0 +1,20 @@
+---
+- name: Converge
+ hosts: all
+ become: true
+
+ vars:
+ pip_install_packages:
+ # Test installing a specific version of a package.
+ - name: ipaddress
+ version: "1.0.18"
+ # Test installing a package by name.
+ - colorama
+
+ pre_tasks:
+ - name: Update apt cache.
+ apt: update_cache=true cache_valid_time=600
+ when: ansible_os_family == 'Debian'
+
+ roles:
+ - role: geerlingguy.pip
diff --git a/roles/geerlingguy.pip/molecule/default/tests/test_default.py b/roles/geerlingguy.pip/molecule/default/tests/test_default.py
new file mode 100644
index 0000000..eedd64a
--- /dev/null
+++ b/roles/geerlingguy.pip/molecule/default/tests/test_default.py
@@ -0,0 +1,14 @@
+import os
+
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+ os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+def test_hosts_file(host):
+ f = host.file('/etc/hosts')
+
+ assert f.exists
+ assert f.user == 'root'
+ assert f.group == 'root'
diff --git a/roles/geerlingguy.pip/molecule/default/yaml-lint.yml b/roles/geerlingguy.pip/molecule/default/yaml-lint.yml
new file mode 100644
index 0000000..a3dbc38
--- /dev/null
+++ b/roles/geerlingguy.pip/molecule/default/yaml-lint.yml
@@ -0,0 +1,6 @@
+---
+extends: default
+rules:
+ line-length:
+ max: 120
+ level: warning
diff --git a/roles/geerlingguy.pip/tasks/main.yml b/roles/geerlingguy.pip/tasks/main.yml
new file mode 100644
index 0000000..dda7fac
--- /dev/null
+++ b/roles/geerlingguy.pip/tasks/main.yml
@@ -0,0 +1,14 @@
+---
+- name: Ensure Pip is installed.
+ package:
+ name: "{{ pip_package }}"
+ state: present
+
+- name: Ensure pip_install_packages are installed.
+ pip:
+ name: "{{ item.name | default(item) }}"
+ version: "{{ item.version | default(omit) }}"
+ virtualenv: "{{ item.virtualenv | default(omit) }}"
+ state: "{{ item.state | default(omit) }}"
+ executable: "{{ pip_executable }}"
+ with_items: "{{ pip_install_packages }}"
diff --git a/roles/geerlingguy.postgresql/.ansible-lint b/roles/geerlingguy.postgresql/.ansible-lint
new file mode 100644
index 0000000..f3c1090
--- /dev/null
+++ b/roles/geerlingguy.postgresql/.ansible-lint
@@ -0,0 +1,3 @@
+skip_list:
+ - '405'
+ - '503'
diff --git a/roles/geerlingguy.postgresql/.gitignore b/roles/geerlingguy.postgresql/.gitignore
new file mode 100644
index 0000000..f56f5b5
--- /dev/null
+++ b/roles/geerlingguy.postgresql/.gitignore
@@ -0,0 +1,3 @@
+*.retry
+*/__pycache__
+*.pyc
diff --git a/roles/geerlingguy.postgresql/.travis.yml b/roles/geerlingguy.postgresql/.travis.yml
new file mode 100644
index 0000000..22de535
--- /dev/null
+++ b/roles/geerlingguy.postgresql/.travis.yml
@@ -0,0 +1,30 @@
+---
+language: python
+services: docker
+
+env:
+ global:
+ - ROLE_NAME: postgresql
+ matrix:
+ - MOLECULE_DISTRO: centos7
+ - MOLECULE_DISTRO: ubuntu1804
+ - MOLECULE_DISTRO: ubuntu1604
+ - MOLECULE_DISTRO: debian10
+ - MOLECULE_DISTRO: debian9
+
+install:
+ # Install test dependencies.
+ - pip install molecule docker
+
+before_script:
+ # Use actual Ansible Galaxy role name for the project directory.
+ - cd ../
+ - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME
+ - cd geerlingguy.$ROLE_NAME
+
+script:
+ # Run tests.
+ - molecule test
+
+notifications:
+ webhooks: https://galaxy.ansible.com/api/v1/notifications/
diff --git a/roles/geerlingguy.postgresql/LICENSE b/roles/geerlingguy.postgresql/LICENSE
new file mode 100644
index 0000000..4275cf3
--- /dev/null
+++ b/roles/geerlingguy.postgresql/LICENSE
@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 Jeff Geerling
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/roles/geerlingguy.postgresql/README.md b/roles/geerlingguy.postgresql/README.md
new file mode 100644
index 0000000..6d81e4e
--- /dev/null
+++ b/roles/geerlingguy.postgresql/README.md
@@ -0,0 +1,145 @@
+# Ansible Role: PostgreSQL
+
+[](https://travis-ci.org/geerlingguy/ansible-role-postgresql)
+
+Installs and configures PostgreSQL server on RHEL/CentOS or Debian/Ubuntu servers.
+
+## Requirements
+
+No special requirements; note that this role requires root access, so either run it in a playbook with a global `become: yes`, or invoke the role in your playbook like:
+
+ - hosts: database
+ roles:
+ - role: geerlingguy.postgresql
+ become: yes
+
+## Role Variables
+
+Available variables are listed below, along with default values (see `defaults/main.yml`):
+
+ postgresql_enablerepo: ""
+
+(RHEL/CentOS only) You can set a repo to use for the PostgreSQL installation by passing it in here.
+
+ postgresql_restarted_state: "restarted"
+
+Set the state of the service when configuration changes are made. Recommended values are `restarted` or `reloaded`.
+
+ postgresql_python_library: python-psycopg2
+
+Library used by Ansible to communicate with PostgreSQL. If you are using Python 3 (e.g. set via `ansible_python_interpreter`), you should change this to `python3-psycopg2`.
+
+ postgresql_user: postgres
+ postgresql_group: postgres
+
+The user and group under which PostgreSQL will run.
+
+ postgresql_unix_socket_directories:
+ - /var/run/postgresql
+
+The directories (usually one, but can be multiple) where PostgreSQL's socket will be created.
+
+ postgresql_service_state: started
+ postgresql_service_enabled: true
+
+Control the state of the postgresql service and whether it should start at boot time.
+
+ postgresql_global_config_options:
+ - option: unix_socket_directories
+ value: '{{ postgresql_unix_socket_directories | join(",") }}'
+
+Global configuration options that will be set in `postgresql.conf`. Note that for RHEL/CentOS 6 (or very old versions of PostgreSQL), you need to at least override this variable and set the `option` to `unix_socket_directory`.
+
+ postgresql_hba_entries:
+ - { type: local, database: all, user: postgres, auth_method: peer }
+ - { type: local, database: all, user: all, auth_method: peer }
+ - { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
+ - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
+
+Configure [host based authentication](https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html) entries to be set in the `pg_hba.conf`. Options for entries include:
+
+ - `type` (required)
+ - `database` (required)
+ - `user` (required)
+ - `address` (one of this or the following two are required)
+ - `ip_address`
+ - `ip_mask`
+ - `auth_method` (required)
+ - `auth_options` (optional)
+
+If overriding, make sure you copy all of the existing entries from `defaults/main.yml` if you need to preserve existing entries.
+
+ postgresql_locales:
+ - 'en_US.UTF-8'
+
+(Debian/Ubuntu only) Used to generate the locales used by PostgreSQL databases.
+
+ postgresql_databases:
+ - name: exampledb # required; the rest are optional
+ lc_collate: # defaults to 'en_US.UTF-8'
+ lc_ctype: # defaults to 'en_US.UTF-8'
+ encoding: # defaults to 'UTF-8'
+ template: # defaults to 'template0'
+ login_host: # defaults to 'localhost'
+ login_password: # defaults to not set
+ login_user: # defaults to 'postgresql_user'
+ login_unix_socket: # defaults to 1st of postgresql_unix_socket_directories
+ port: # defaults to not set
+ owner: # defaults to postgresql_user
+ state: # defaults to 'present'
+
+A list of databases to ensure exist on the server. Only the `name` is required; all other properties are optional.
+
+ postgresql_users:
+ - name: jdoe #required; the rest are optional
+ password: # defaults to not set
+ encrypted: # defaults to not set
+ priv: # defaults to not set
+ role_attr_flags: # defaults to not set
+ db: # defaults to not set
+ login_host: # defaults to 'localhost'
+ login_password: # defaults to not set
+ login_user: # defaults to '{{ postgresql_user }}'
+ login_unix_socket: # defaults to 1st of postgresql_unix_socket_directories
+ port: # defaults to not set
+ state: # defaults to 'present'
+
+A list of users to ensure exist on the server. Only the `name` is required; all other properties are optional.
+
+ postgresql_version: [OS-specific]
+ postgresql_data_dir: [OS-specific]
+ postgresql_bin_path: [OS-specific]
+ postgresql_config_path: [OS-specific]
+ postgresql_daemon: [OS-specific]
+ postgresql_packages: [OS-specific]
+
+OS-specific variables that are set by include files in this role's `vars` directory. These shouldn't be overridden unless you're using a version of PostgreSQL that wasn't installed using system packages.
+
+## Dependencies
+
+None.
+
+## Example Playbook
+
+ - hosts: database
+ become: yes
+ vars_files:
+ - vars/main.yml
+ roles:
+ - geerlingguy.postgresql
+
+*Inside `vars/main.yml`*:
+
+ postgresql_databases:
+ - name: example_db
+ postgresql_users:
+ - name: example_user
+ password: supersecure
+
+## License
+
+MIT / BSD
+
+## Author Information
+
+This role was created in 2016 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).
diff --git a/roles/geerlingguy.postgresql/defaults/main.yml b/roles/geerlingguy.postgresql/defaults/main.yml
new file mode 100644
index 0000000..fa6a87f
--- /dev/null
+++ b/roles/geerlingguy.postgresql/defaults/main.yml
@@ -0,0 +1,64 @@
+---
+# RHEL/CentOS only. Set a repository to use for PostgreSQL installation.
+postgresql_enablerepo: ""
+
+# Set postgresql state when configuration changes are made. Recommended values:
+# `restarted` or `reloaded`
+postgresql_restarted_state: "restarted"
+
+postgresql_python_library: python-psycopg2
+postgresql_user: postgres
+postgresql_group: postgres
+
+postgresql_unix_socket_directories:
+ - /var/run/postgresql
+
+postgresql_service_state: started
+postgresql_service_enabled: true
+
+# Global configuration options that will be set in postgresql.conf.
+postgresql_global_config_options:
+ - option: unix_socket_directories
+ value: '{{ postgresql_unix_socket_directories | join(",") }}'
+
+# Host based authentication (hba) entries to be added to the pg_hba.conf. This
+# variable's defaults reflect the defaults that come with a fresh installation.
+postgresql_hba_entries:
+ - {type: local, database: all, user: postgres, auth_method: peer}
+ - {type: local, database: all, user: all, auth_method: peer}
+ - {type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5}
+ - {type: host, database: all, user: all, address: '::1/128', auth_method: md5}
+
+# Debian only. Used to generate the locales used by PostgreSQL databases.
+postgresql_locales:
+ - 'en_US.UTF-8'
+
+# Databases to ensure exist.
+postgresql_databases: []
+# - name: exampledb # required; the rest are optional
+# lc_collate: # defaults to 'en_US.UTF-8'
+# lc_ctype: # defaults to 'en_US.UTF-8'
+# encoding: # defaults to 'UTF-8'
+# template: # defaults to 'template0'
+# login_host: # defaults to 'localhost'
+# login_password: # defaults to not set
+# login_user: # defaults to '{{ postgresql_user }}'
+# login_unix_socket: # defaults to 1st of postgresql_unix_socket_directories
+# port: # defaults to not set
+# owner: # defaults to postgresql_user
+# state: # defaults to 'present'
+
+# Users to ensure exist.
+postgresql_users: []
+# - name: jdoe #required; the rest are optional
+# password: # defaults to not set
+# encrypted: # defaults to not set
+# priv: # defaults to not set
+# role_attr_flags: # defaults to not set
+# db: # defaults to not set
+# login_host: # defaults to 'localhost'
+# login_password: # defaults to not set
+# login_user: # defaults to '{{ postgresql_user }}'
+# login_unix_socket: # defaults to 1st of postgresql_unix_socket_directories
+# port: # defaults to not set
+# state: # defaults to 'present'
diff --git a/roles/geerlingguy.postgresql/handlers/main.yml b/roles/geerlingguy.postgresql/handlers/main.yml
new file mode 100644
index 0000000..cce42b7
--- /dev/null
+++ b/roles/geerlingguy.postgresql/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+- name: restart postgresql
+ service:
+ name: "{{ postgresql_daemon }}"
+ state: "{{ postgresql_restarted_state }}"
+ sleep: 5
diff --git a/roles/geerlingguy.postgresql/meta/.galaxy_install_info b/roles/geerlingguy.postgresql/meta/.galaxy_install_info
new file mode 100644
index 0000000..6baa449
--- /dev/null
+++ b/roles/geerlingguy.postgresql/meta/.galaxy_install_info
@@ -0,0 +1,2 @@
+install_date: Thu Sep 12 20:01:17 2019
+version: 1.4.6
diff --git a/roles/geerlingguy.postgresql/meta/main.yml b/roles/geerlingguy.postgresql/meta/main.yml
new file mode 100644
index 0000000..ccdd857
--- /dev/null
+++ b/roles/geerlingguy.postgresql/meta/main.yml
@@ -0,0 +1,25 @@
+---
+dependencies: []
+
+galaxy_info:
+ author: geerlingguy
+ description: PostgreSQL server for Linux.
+ company: "Midwestern Mac, LLC"
+ license: "license (BSD, MIT)"
+ min_ansible_version: 2.4
+ platforms:
+ - name: EL
+ versions:
+ - 6
+ - 7
+ - name: Ubuntu
+ versions:
+ - all
+ - name: Debian
+ versions:
+ - all
+ galaxy_tags:
+ - database
+ - postgresql
+ - postgres
+ - rdbms
diff --git a/roles/geerlingguy.postgresql/molecule/default/molecule.yml b/roles/geerlingguy.postgresql/molecule/default/molecule.yml
new file mode 100644
index 0000000..2ca6fea
--- /dev/null
+++ b/roles/geerlingguy.postgresql/molecule/default/molecule.yml
@@ -0,0 +1,29 @@
+---
+dependency:
+ name: galaxy
+driver:
+ name: docker
+lint:
+ name: yamllint
+ options:
+ config-file: molecule/default/yaml-lint.yml
+platforms:
+ - name: instance
+ image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
+ command: ${MOLECULE_DOCKER_COMMAND:-""}
+ volumes:
+ - /sys/fs/cgroup:/sys/fs/cgroup:ro
+ privileged: true
+ pre_build_image: true
+provisioner:
+ name: ansible
+ lint:
+ name: ansible-lint
+ playbooks:
+ converge: ${MOLECULE_PLAYBOOK:-playbook.yml}
+scenario:
+ name: default
+verifier:
+ name: testinfra
+ lint:
+ name: flake8
diff --git a/roles/geerlingguy.postgresql/molecule/default/playbook.yml b/roles/geerlingguy.postgresql/molecule/default/playbook.yml
new file mode 100644
index 0000000..5f152a6
--- /dev/null
+++ b/roles/geerlingguy.postgresql/molecule/default/playbook.yml
@@ -0,0 +1,35 @@
+---
+- name: Converge
+ hosts: all
+ become: true
+
+ vars:
+ postgresql_databases:
+ - name: example
+ postgresql_users:
+ - name: jdoe
+
+ pre_tasks:
+ - name: Update apt cache.
+ apt: update_cache=true cache_valid_time=600
+ when: ansible_os_family == 'Debian'
+
+ - name: Set custom variables for old CentOS 6 PostgreSQL install.
+ set_fact:
+ postgresql_hba_entries: []
+ postgresql_global_config_options:
+ - option: unix_socket_directory
+ value: '{{ postgresql_unix_socket_directories[0] }}'
+ when:
+ - ansible_os_family == 'RedHat'
+ - ansible_distribution_version.split('.')[0] == '6'
+
+ roles:
+ - role: geerlingguy.postgresql
+
+ post_tasks:
+ - name: Verify postgres is running.
+ command: "{{ postgresql_bin_path }}/pg_ctl -D {{ postgresql_data_dir }} status"
+ changed_when: false
+ become: true
+ become_user: postgres
diff --git a/roles/geerlingguy.postgresql/molecule/default/yaml-lint.yml b/roles/geerlingguy.postgresql/molecule/default/yaml-lint.yml
new file mode 100644
index 0000000..a3dbc38
--- /dev/null
+++ b/roles/geerlingguy.postgresql/molecule/default/yaml-lint.yml
@@ -0,0 +1,6 @@
+---
+extends: default
+rules:
+ line-length:
+ max: 120
+ level: warning
diff --git a/roles/geerlingguy.postgresql/tasks/configure.yml b/roles/geerlingguy.postgresql/tasks/configure.yml
new file mode 100644
index 0000000..26a6f68
--- /dev/null
+++ b/roles/geerlingguy.postgresql/tasks/configure.yml
@@ -0,0 +1,28 @@
+---
+- name: Configure global settings.
+ lineinfile:
+ dest: "{{ postgresql_config_path }}/postgresql.conf"
+ regexp: "^#?{{ item.option }}.+$"
+ line: "{{ item.option }} = '{{ item.value }}'"
+ state: "{{ item.state | default('present') }}"
+ with_items: "{{ postgresql_global_config_options }}"
+ notify: restart postgresql
+
+- name: Configure host based authentication (if entries are configured).
+ template:
+ src: "pg_hba.conf.j2"
+ dest: "{{ postgresql_config_path }}/pg_hba.conf"
+ owner: "{{ postgresql_user }}"
+ group: "{{ postgresql_group }}"
+ mode: 0600
+ notify: restart postgresql
+ when: postgresql_hba_entries
+
+- name: Ensure PostgreSQL unix socket dirs exist.
+ file:
+ path: "{{ item }}"
+ state: directory
+ owner: "{{ postgresql_user }}"
+ group: "{{ postgresql_group }}"
+ mode: 02775
+ with_items: "{{ postgresql_unix_socket_directories }}"
diff --git a/roles/geerlingguy.postgresql/tasks/databases.yml b/roles/geerlingguy.postgresql/tasks/databases.yml
new file mode 100644
index 0000000..e01d804
--- /dev/null
+++ b/roles/geerlingguy.postgresql/tasks/databases.yml
@@ -0,0 +1,21 @@
+---
+- name: Ensure PostgreSQL databases are present.
+ postgresql_db:
+ name: "{{ item.name }}"
+ lc_collate: "{{ item.lc_collate | default('en_US.UTF-8') }}"
+ lc_ctype: "{{ item.lc_ctype | default('en_US.UTF-8') }}"
+ encoding: "{{ item.encoding | default('UTF-8') }}"
+ template: "{{ item.template | default('template0') }}"
+ login_host: "{{ item.login_host | default('localhost') }}"
+ login_password: "{{ item.login_password | default(omit) }}"
+ login_user: "{{ item.login_user | default(postgresql_user) }}"
+ login_unix_socket: "{{ item.login_unix_socket | default(postgresql_unix_socket_directories[0]) }}"
+ port: "{{ item.port | default(omit) }}"
+ owner: "{{ item.owner | default(postgresql_user) }}"
+ state: "{{ item.state | default('present') }}"
+ with_items: "{{ postgresql_databases }}"
+ become: true
+ become_user: "{{ postgresql_user }}"
+ # See: https://github.com/ansible/ansible/issues/16048#issuecomment-229012509
+ vars:
+ ansible_ssh_pipelining: true
diff --git a/roles/geerlingguy.postgresql/tasks/initialize.yml b/roles/geerlingguy.postgresql/tasks/initialize.yml
new file mode 100644
index 0000000..0183121
--- /dev/null
+++ b/roles/geerlingguy.postgresql/tasks/initialize.yml
@@ -0,0 +1,29 @@
+---
+- name: Set PostgreSQL environment variables.
+ template:
+ src: postgres.sh.j2
+ dest: /etc/profile.d/postgres.sh
+ mode: 0644
+ notify: restart postgresql
+
+- name: Ensure PostgreSQL data directory exists.
+ file:
+ path: "{{ postgresql_data_dir }}"
+ owner: "{{ postgresql_user }}"
+ group: "{{ postgresql_group }}"
+ state: directory
+ mode: 0700
+
+- name: Check if PostgreSQL database is initialized.
+ stat:
+ path: "{{ postgresql_data_dir }}/PG_VERSION"
+ register: pgdata_dir_version
+
+- name: Ensure PostgreSQL database is initialized.
+ command: "{{ postgresql_bin_path }}/initdb -D {{ postgresql_data_dir }}"
+ when: not pgdata_dir_version.stat.exists
+ become: true
+ become_user: "{{ postgresql_user }}"
+ # See: https://github.com/ansible/ansible/issues/16048#issuecomment-229012509
+ vars:
+ ansible_ssh_pipelining: true
diff --git a/roles/geerlingguy.postgresql/tasks/main.yml b/roles/geerlingguy.postgresql/tasks/main.yml
new file mode 100644
index 0000000..1cbee02
--- /dev/null
+++ b/roles/geerlingguy.postgresql/tasks/main.yml
@@ -0,0 +1,25 @@
+---
+# Variable configuration.
+- include_tasks: variables.yml
+
+# Setup/install tasks.
+- include_tasks: setup-RedHat.yml
+ when: ansible_os_family == 'RedHat'
+
+- include_tasks: setup-Debian.yml
+ when: ansible_os_family == 'Debian'
+
+- include_tasks: initialize.yml
+- include_tasks: configure.yml
+
+- name: Ensure PostgreSQL is started and enabled on boot.
+ service:
+ name: "{{ postgresql_daemon }}"
+ state: "{{ postgresql_service_state }}"
+ enabled: "{{ postgresql_service_enabled }}"
+ when: not docker_enabled
+
+
+# Configure PostgreSQL.
+- import_tasks: databases.yml
+- import_tasks: users.yml
diff --git a/roles/geerlingguy.postgresql/tasks/setup-Debian.yml b/roles/geerlingguy.postgresql/tasks/setup-Debian.yml
new file mode 100644
index 0000000..1b54019
--- /dev/null
+++ b/roles/geerlingguy.postgresql/tasks/setup-Debian.yml
@@ -0,0 +1,21 @@
+---
+- name: Ensure PostgreSQL Python libraries are installed.
+ apt:
+ name: "{{ postgresql_python_library }}"
+ state: present
+
+- name: Ensure PostgreSQL packages are installed.
+ apt:
+ name: "{{ postgresql_packages }}"
+ state: present
+
+- name: Ensure all configured locales are present.
+ locale_gen: "name={{ item }} state=present"
+ with_items: "{{ postgresql_locales }}"
+ register: locale_gen_result
+
+- name: Force-restart PostgreSQL after new locales are generated.
+ service:
+ name: "{{ postgresql_daemon }}"
+ state: restarted
+ when: locale_gen_result.changed
diff --git a/roles/geerlingguy.postgresql/tasks/setup-RedHat.yml b/roles/geerlingguy.postgresql/tasks/setup-RedHat.yml
new file mode 100644
index 0000000..9cd84ed
--- /dev/null
+++ b/roles/geerlingguy.postgresql/tasks/setup-RedHat.yml
@@ -0,0 +1,12 @@
+---
+- name: Ensure PostgreSQL packages are installed.
+ package:
+ name: "{{ postgresql_packages }}"
+ state: present
+ enablerepo: "{{ postgresql_enablerepo | default(omit, true) }}"
+
+- name: Ensure PostgreSQL Python libraries are installed.
+ package:
+ name: "{{ postgresql_python_library }}"
+ state: present
+ enablerepo: "{{ postgresql_enablerepo | default(omit, true) }}"
diff --git a/roles/geerlingguy.postgresql/tasks/users.yml b/roles/geerlingguy.postgresql/tasks/users.yml
new file mode 100644
index 0000000..34746eb
--- /dev/null
+++ b/roles/geerlingguy.postgresql/tasks/users.yml
@@ -0,0 +1,22 @@
+---
+- name: Ensure PostgreSQL users are present.
+ postgresql_user:
+ name: "{{ item.name }}"
+ password: "{{ item.password | default(omit) }}"
+ encrypted: "{{ item.encrypted | default(omit) }}"
+ priv: "{{ item.priv | default(omit) }}"
+ role_attr_flags: "{{ item.role_attr_flags | default(omit) }}"
+ db: "{{ item.db | default(omit) }}"
+ login_host: "{{ item.login_host | default('localhost') }}"
+ login_password: "{{ item.login_password | default(omit) }}"
+ login_user: "{{ item.login_user | default(postgresql_user) }}"
+ login_unix_socket: "{{ item.login_unix_socket | default(postgresql_unix_socket_directories[0]) }}"
+ port: "{{ item.port | default(omit) }}"
+ state: "{{ item.state | default('present') }}"
+ with_items: "{{ postgresql_users }}"
+ no_log: true
+ become: true
+ become_user: "{{ postgresql_user }}"
+ # See: https://github.com/ansible/ansible/issues/16048#issuecomment-229012509
+ vars:
+ ansible_ssh_pipelining: true
diff --git a/roles/geerlingguy.postgresql/tasks/variables.yml b/roles/geerlingguy.postgresql/tasks/variables.yml
new file mode 100644
index 0000000..df3538b
--- /dev/null
+++ b/roles/geerlingguy.postgresql/tasks/variables.yml
@@ -0,0 +1,39 @@
+---
+# Variable configuration.
+- name: Include OS-specific variables (Debian).
+ include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_version.split('.')[0] }}.yml"
+ when: ansible_os_family == 'Debian'
+
+- name: Include OS-specific variables (RedHat).
+ include_vars: "{{ ansible_os_family }}-{{ ansible_distribution_version.split('.')[0] }}.yml"
+ when: ansible_os_family == 'RedHat'
+
+- name: Define postgresql_packages.
+ set_fact:
+ postgresql_packages: "{{ __postgresql_packages | list }}"
+ when: postgresql_packages is not defined
+
+- name: Define postgresql_version.
+ set_fact:
+ postgresql_version: "{{ __postgresql_version }}"
+ when: postgresql_version is not defined
+
+- name: Define postgresql_daemon.
+ set_fact:
+ postgresql_daemon: "{{ __postgresql_daemon }}"
+ when: postgresql_daemon is not defined
+
+- name: Define postgresql_data_dir.
+ set_fact:
+ postgresql_data_dir: "{{ __postgresql_data_dir }}"
+ when: postgresql_data_dir is not defined
+
+- name: Define postgresql_bin_path.
+ set_fact:
+ postgresql_bin_path: "{{ __postgresql_bin_path }}"
+ when: postgresql_bin_path is not defined
+
+- name: Define postgresql_config_path.
+ set_fact:
+ postgresql_config_path: "{{ __postgresql_config_path }}"
+ when: postgresql_config_path is not defined
diff --git a/roles/geerlingguy.postgresql/templates/pg_hba.conf.j2 b/roles/geerlingguy.postgresql/templates/pg_hba.conf.j2
new file mode 100644
index 0000000..05cc8a0
--- /dev/null
+++ b/roles/geerlingguy.postgresql/templates/pg_hba.conf.j2
@@ -0,0 +1,9 @@
+{{ ansible_managed | comment }}
+# PostgreSQL Client Authentication Configuration File
+# ===================================================
+#
+# See: https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html
+
+{% for client in postgresql_hba_entries %}
+{{ client.type }} {{ client.database }} {{ client.user }} {{ client.address|default('') }} {{ client.ip_address|default('') }} {{ client.ip_mask|default('') }} {{ client.auth_method }} {{ client.auth_options|default("") }}
+{% endfor %}
diff --git a/roles/geerlingguy.postgresql/templates/postgres.sh.j2 b/roles/geerlingguy.postgresql/templates/postgres.sh.j2
new file mode 100644
index 0000000..7264064
--- /dev/null
+++ b/roles/geerlingguy.postgresql/templates/postgres.sh.j2
@@ -0,0 +1,2 @@
+export PGDATA={{ postgresql_data_dir }}
+export PATH=$PATH:{{ postgresql_bin_path }}
diff --git a/roles/geerlingguy.postgresql/vars/Debian-10.yml b/roles/geerlingguy.postgresql/vars/Debian-10.yml
new file mode 100644
index 0000000..fe81ad7
--- /dev/null
+++ b/roles/geerlingguy.postgresql/vars/Debian-10.yml
@@ -0,0 +1,10 @@
+---
+__postgresql_version: "11"
+__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
+__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
+__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
+__postgresql_daemon: "postgresql@{{ postgresql_version }}-main"
+__postgresql_packages:
+ - postgresql
+ - postgresql-contrib
+ - libpq-dev
diff --git a/roles/geerlingguy.postgresql/vars/Debian-7.yml b/roles/geerlingguy.postgresql/vars/Debian-7.yml
new file mode 100644
index 0000000..6b933bb
--- /dev/null
+++ b/roles/geerlingguy.postgresql/vars/Debian-7.yml
@@ -0,0 +1,10 @@
+---
+__postgresql_version: "9.1"
+__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
+__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
+__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
+__postgresql_daemon: postgresql
+__postgresql_packages:
+ - postgresql
+ - postgresql-contrib
+ - libpq-dev
diff --git a/roles/geerlingguy.postgresql/vars/Debian-8.yml b/roles/geerlingguy.postgresql/vars/Debian-8.yml
new file mode 100644
index 0000000..ec86f93
--- /dev/null
+++ b/roles/geerlingguy.postgresql/vars/Debian-8.yml
@@ -0,0 +1,10 @@
+---
+__postgresql_version: "9.4"
+__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
+__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
+__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
+__postgresql_daemon: "postgresql@{{ postgresql_version }}-main"
+__postgresql_packages:
+ - postgresql
+ - postgresql-contrib
+ - libpq-dev
diff --git a/roles/geerlingguy.postgresql/vars/Debian-9.yml b/roles/geerlingguy.postgresql/vars/Debian-9.yml
new file mode 100644
index 0000000..2afb9f4
--- /dev/null
+++ b/roles/geerlingguy.postgresql/vars/Debian-9.yml
@@ -0,0 +1,10 @@
+---
+__postgresql_version: "9.6"
+__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
+__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
+__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
+__postgresql_daemon: "postgresql@{{ postgresql_version }}-main"
+__postgresql_packages:
+ - postgresql
+ - postgresql-contrib
+ - libpq-dev
diff --git a/roles/geerlingguy.postgresql/vars/Debian-NA.yml b/roles/geerlingguy.postgresql/vars/Debian-NA.yml
new file mode 100644
index 0000000..fe81ad7
--- /dev/null
+++ b/roles/geerlingguy.postgresql/vars/Debian-NA.yml
@@ -0,0 +1,10 @@
+---
+__postgresql_version: "11"
+__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
+__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
+__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
+__postgresql_daemon: "postgresql@{{ postgresql_version }}-main"
+__postgresql_packages:
+ - postgresql
+ - postgresql-contrib
+ - libpq-dev
diff --git a/roles/geerlingguy.postgresql/vars/Debian-buster/sid.yml b/roles/geerlingguy.postgresql/vars/Debian-buster/sid.yml
new file mode 100644
index 0000000..fe81ad7
--- /dev/null
+++ b/roles/geerlingguy.postgresql/vars/Debian-buster/sid.yml
@@ -0,0 +1,10 @@
+---
+__postgresql_version: "11"
+__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
+__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
+__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
+__postgresql_daemon: "postgresql@{{ postgresql_version }}-main"
+__postgresql_packages:
+ - postgresql
+ - postgresql-contrib
+ - libpq-dev
diff --git a/roles/geerlingguy.postgresql/vars/Debian-testing.yml b/roles/geerlingguy.postgresql/vars/Debian-testing.yml
new file mode 100644
index 0000000..fe81ad7
--- /dev/null
+++ b/roles/geerlingguy.postgresql/vars/Debian-testing.yml
@@ -0,0 +1,10 @@
+---
+__postgresql_version: "11"
+__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
+__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
+__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
+__postgresql_daemon: "postgresql@{{ postgresql_version }}-main"
+__postgresql_packages:
+ - postgresql
+ - postgresql-contrib
+ - libpq-dev
diff --git a/roles/geerlingguy.postgresql/vars/RedHat-6.yml b/roles/geerlingguy.postgresql/vars/RedHat-6.yml
new file mode 100644
index 0000000..8923c50
--- /dev/null
+++ b/roles/geerlingguy.postgresql/vars/RedHat-6.yml
@@ -0,0 +1,11 @@
+---
+__postgresql_version: "8.4"
+__postgresql_data_dir: "/var/lib/pgsql/data"
+__postgresql_bin_path: "/usr/bin"
+__postgresql_config_path: "/var/lib/pgsql/data"
+__postgresql_daemon: postgresql
+__postgresql_packages:
+ - postgresql
+ - postgresql-server
+ - postgresql-contrib
+ - postgresql-libs
diff --git a/roles/geerlingguy.postgresql/vars/RedHat-7.yml b/roles/geerlingguy.postgresql/vars/RedHat-7.yml
new file mode 100644
index 0000000..1d5c517
--- /dev/null
+++ b/roles/geerlingguy.postgresql/vars/RedHat-7.yml
@@ -0,0 +1,11 @@
+---
+__postgresql_version: "9.2"
+__postgresql_data_dir: "/var/lib/pgsql/data"
+__postgresql_bin_path: "/usr/bin"
+__postgresql_config_path: "/var/lib/pgsql/data"
+__postgresql_daemon: postgresql
+__postgresql_packages:
+ - postgresql
+ - postgresql-server
+ - postgresql-contrib
+ - postgresql-libs
diff --git a/roles/geerlingguy.postgresql/vars/Ubuntu-14.yml b/roles/geerlingguy.postgresql/vars/Ubuntu-14.yml
new file mode 100644
index 0000000..bd6c174
--- /dev/null
+++ b/roles/geerlingguy.postgresql/vars/Ubuntu-14.yml
@@ -0,0 +1,10 @@
+---
+__postgresql_version: "9.3"
+__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
+__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
+__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
+__postgresql_daemon: postgresql
+__postgresql_packages:
+ - postgresql
+ - postgresql-contrib
+ - libpq-dev
diff --git a/roles/geerlingguy.postgresql/vars/Ubuntu-16.yml b/roles/geerlingguy.postgresql/vars/Ubuntu-16.yml
new file mode 100644
index 0000000..cf2ebb8
--- /dev/null
+++ b/roles/geerlingguy.postgresql/vars/Ubuntu-16.yml
@@ -0,0 +1,10 @@
+---
+__postgresql_version: "9.5"
+__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
+__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
+__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
+__postgresql_daemon: postgresql
+__postgresql_packages:
+ - postgresql
+ - postgresql-contrib
+ - libpq-dev
diff --git a/roles/geerlingguy.postgresql/vars/Ubuntu-18.yml b/roles/geerlingguy.postgresql/vars/Ubuntu-18.yml
new file mode 100644
index 0000000..201acc3
--- /dev/null
+++ b/roles/geerlingguy.postgresql/vars/Ubuntu-18.yml
@@ -0,0 +1,10 @@
+---
+__postgresql_version: "10"
+__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main"
+__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin"
+__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main"
+__postgresql_daemon: postgresql
+__postgresql_packages:
+ - postgresql
+ - postgresql-contrib
+ - libpq-dev
diff --git a/roles/synapse/.editorconfig b/roles/synapse/.editorconfig
new file mode 100644
index 0000000..5f98854
--- /dev/null
+++ b/roles/synapse/.editorconfig
@@ -0,0 +1,7 @@
+root = true
+trim_trailing_whitespace = true
+
+[*.yml]
+insert_final_newline = true
+indent_style = space
+indent_size = 2
diff --git a/roles/synapse/README.md b/roles/synapse/README.md
new file mode 100644
index 0000000..a389e2e
--- /dev/null
+++ b/roles/synapse/README.md
@@ -0,0 +1,64 @@
+# matrix-synapse
+
+Install a matrix synapse server.
+
+## Requirements
+
+The following should be present on the target system
+* `pip`
+* `systemd`
+* `rsyslogd`
+* `logrotate`
+
+## Role Variables
+
+### Mandatory Variables
+
+| Name | Type | Description |
+| :--- | :--- | :--- |
+| **matrix_server_name** | __string__ | |
+| **matrix_synapse_tls_cert** | __string__ | server's TLS certificate chain (_when matrix_synapse_extra_config.no_tls is set to true_)|
+| **matrix_synapse_tls_key** | __string__ | server's TLS key (_when matrix_synapse_extra_config.no_tls is set to true_)|
+| **matrix_synapse_report_stats** | __bool__ | Report the stats to matrix.org |
+| **matrix_synapse_pg_host** | __sting__ | postgresql server |
+| **matrix_synapse_pg_user** | __string__ | postgresql user |
+| **matrix_synapse_pg_pass** | __string__ | postgresql user's password |
+| **matrix_synapse_pg_db** | __string__ | postgresql database |
+
+### Optional Variables
+
+| Name | Value | Description |
+| :--- | :--- | :--- |
+| matrix_synapse_base_path | "/opt/synapse" |
+| matrix_synapse_secrets_path | "{{ matrix_synapse_base_path }}/secrets"
+| matrix_synapse_extra_config | _None_ | configuration parameters as given in the [synapse configuration file](https://github.com/matrix-org/synapse/tree/master/docs) |
+| matrix_synapse_dh_path | "{{ matrix_synapse_base_path }}/tls/{{ matrix_server_name }}.dh" |
+| matrix_synapse_baseurl | "https://{{ matrix_server_name }}" |
+| matrix_synapse_signing_key_path | "{{ matrix_synapse_base_path }}/ssl/{{ matrix_server_name }}.signing.key" |
+| matrix_synapse_version | "v1.0.0" |
+| matrix_synapse_log_days_keep | 30 |
+| matrix_synapse_deployment_method | pip | Either pip or docker [¹](#footnote_1) |
+| matrix_synapse_supervision_method | systemd | Either systemd, runit or docker [¹](#footnote_1) |
+| matrix_synapse_python_version | 3 | Default python version (2, 3) to be used |
+
+¹: Docker must be used for both or neither deployment and supervision
+
+## Dependencies
+
+__None__.
+
+## Example Playbook
+
+```yaml
+#TODO: Add example
+```
+
+## License
+
+Apache 2.0
+
+# Author Information
+
+* Michael Kaye
+* Jan Christian Grünhage
+* Emmanouil Kampitakis
diff --git a/roles/synapse/TODO.md b/roles/synapse/TODO.md
new file mode 100644
index 0000000..b1ba7ce
--- /dev/null
+++ b/roles/synapse/TODO.md
@@ -0,0 +1 @@
+- Write a handler to restart the systemd service when upgrading
diff --git a/roles/synapse/defaults/main.yml b/roles/synapse/defaults/main.yml
new file mode 100644
index 0000000..5d41f76
--- /dev/null
+++ b/roles/synapse/defaults/main.yml
@@ -0,0 +1,15 @@
+---
+matrix_synapse_extra_config: {}
+matrix_synapse_deployment_method: pip
+matrix_synapse_supervision_method: systemd
+matrix_synapse_base_path: "/opt/synapse"
+matrix_synapse_secrets_path: "{{ matrix_synapse_base_path }}/secrets"
+matrix_synapse_dh_path: "{{ matrix_synapse_base_path }}/tls/{{ matrix_server_name }}.dh"
+matrix_synapse_baseurl: "https://{{ matrix_server_name }}"
+matrix_synapse_signing_key_path: "{{ matrix_synapse_base_path }}/tls/{{ matrix_server_name }}.signing.key"
+matrix_synapse_version: "v1.3.1"
+matrix_synapse_log_dir: "/var/log/matrix_synapse"
+matrix_synapse_log_days_keep: 30
+matrix_synapse_pid_file: "{{ matrix_synapse_base_path }}/synapse.pid"
+matrix_synapse_docker_ports: ["8008:8008", "8448:8448"]
+matrix_synapse_docker_labels: {}
diff --git a/roles/synapse/files/log.config b/roles/synapse/files/log.config
new file mode 100644
index 0000000..c40da9b
--- /dev/null
+++ b/roles/synapse/files/log.config
@@ -0,0 +1,29 @@
+version: 1
+
+formatters:
+ precise:
+ format: '%(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'
+
+filters:
+ context:
+ (): synapse.util.logcontext.LoggingContextFilter
+ request: ""
+
+handlers:
+ console:
+ class: logging.StreamHandler
+ formatter: precise
+ filters: [context]
+
+loggers:
+ synapse:
+ level: INFO
+
+ synapse.storage.SQL:
+ # beware: increasing this to DEBUG will make synapse log sensitive
+ # information such as access tokens.
+ level: INFO
+
+root:
+ level: INFO
+ handlers: [console]
diff --git a/roles/synapse/handlers/main.yml b/roles/synapse/handlers/main.yml
new file mode 100644
index 0000000..937962a
--- /dev/null
+++ b/roles/synapse/handlers/main.yml
@@ -0,0 +1,27 @@
+---
+- name: "reload systemd"
+ systemd:
+ daemon_reload: yes
+
+- name: "restart matrix-synapse using systemd"
+ service:
+ name: "matrix-synapse"
+ state: restarted
+ enabled: yes
+ when: matrix_synapse_supervision_method == "systemd"
+ listen: "restart matrix-synapse"
+
+- name: "restart synapse using docker"
+ docker_container:
+ name: synapse
+ state: started
+ restart: yes
+ when: matrix_synapse_supervision_method == "docker"
+ listen: "restart matrix-synapse"
+
+- name: restart rsyslog
+ become: yes
+ service:
+ name: rsyslog
+ state: restarted
+ when: matrix_synapse_supervision_method == "systemd"
diff --git a/roles/synapse/library/matrix_signing_key.py b/roles/synapse/library/matrix_signing_key.py
new file mode 100644
index 0000000..9aa6d08
--- /dev/null
+++ b/roles/synapse/library/matrix_signing_key.py
@@ -0,0 +1,51 @@
+#!/bin/python3
+# Copyright: (c) 2018, Emmanouil Kampitakis
+# Apache 2.0
+
+from ansible.module_utils.basic import AnsibleModule
+from signedjson import key
+import os
+
+def write_signing_key(path):
+ with open(path,'w') as f:
+ key.write_signing_keys(
+ f,
+ [key.generate_signing_key('first')]
+ )
+
+def run_module():
+ module_args = dict(
+ path=dict(type='str', required=True),
+ )
+
+ result = dict(
+ changed=False,
+ original_message='',
+ message=''
+ )
+
+ module = AnsibleModule(
+ argument_spec=module_args,
+ supports_check_mode=True
+ )
+
+ signing_key_path = module.params['path']
+
+ signing_key_exists = os.path.isfile(signing_key_path)
+
+ if not signing_key_exists:
+ result['changed'] = True
+ if module.check_mode:
+ return result
+
+ write_signing_key(signing_key_path)
+
+ module.exit_json(**result)
+
+def main():
+ run_module()
+
+if __name__ == '__main__':
+ main()
+
+
diff --git a/roles/synapse/meta/main.yml b/roles/synapse/meta/main.yml
new file mode 100644
index 0000000..a108ae7
--- /dev/null
+++ b/roles/synapse/meta/main.yml
@@ -0,0 +1,16 @@
+galaxy_info:
+ author: michaelkaye
+ description: Deploys a synapse server
+
+ license: Apache 2.0
+
+ min_ansible_version: 2.0
+
+ platforms:
+ - name: Debian
+ versions:
+ - jessie
+
+ galaxy_tags: []
+
+dependencies: []