add roles

roles/synapse/.editorconfig

@@ -0,0 +1,7 @@
+root = true
+trim_trailing_whitespace = true
+
+[*.yml]
+insert_final_newline = true
+indent_style = space
+indent_size = 2

roles/synapse/README.md

@@ -0,0 +1,64 @@
+# matrix-synapse
+
+Install a matrix synapse server.
+
+## Requirements
+
+The following should be present on the target system
+* `pip`
+* `systemd`
+* `rsyslogd`
+* `logrotate`
+
+## Role Variables
+
+### Mandatory Variables
+
+| Name | Type | Description |
+| :--- | :--- | :--- |
+| **matrix_server_name** | __string__ | |
+| **matrix_synapse_tls_cert** | __string__ | server's TLS certificate chain (_when matrix_synapse_extra_config.no_tls is set to true_)|
+| **matrix_synapse_tls_key** | __string__ | server's TLS key (_when matrix_synapse_extra_config.no_tls is set to true_)|
+| **matrix_synapse_report_stats** | __bool__ | Report the stats to matrix.org |
+| **matrix_synapse_pg_host** | __sting__ | postgresql server |
+| **matrix_synapse_pg_user** | __string__ | postgresql user |
+| **matrix_synapse_pg_pass** | __string__ | postgresql user's password |
+| **matrix_synapse_pg_db** | __string__ | postgresql database |
+
+### Optional Variables
+
+| Name | Value | Description |
+| :--- | :--- | :---  |
+| matrix_synapse_base_path | "/opt/synapse" | 
+| matrix_synapse_secrets_path | "{{ matrix_synapse_base_path }}/secrets"
+| matrix_synapse_extra_config | _None_ | configuration parameters as given in the [synapse configuration file](https://github.com/matrix-org/synapse/tree/master/docs) | 
+| matrix_synapse_dh_path | "{{ matrix_synapse_base_path }}/tls/{{ matrix_server_name }}.dh" |
+| matrix_synapse_baseurl | "https://{{ matrix_server_name }}" |
+| matrix_synapse_signing_key_path | "{{ matrix_synapse_base_path }}/ssl/{{ matrix_server_name }}.signing.key" |
+| matrix_synapse_version | "v1.0.0" |
+| matrix_synapse_log_days_keep | 30 |
+| matrix_synapse_deployment_method | pip | Either pip or docker [¹](#footnote_1) |
+| matrix_synapse_supervision_method | systemd | Either systemd, runit or docker [¹](#footnote_1) |
+| matrix_synapse_python_version | 3 | Default python version (2, 3) to be used |
+
+<a name="footnote_1">¹</a>: Docker must be used for both or neither deployment and supervision
+
+## Dependencies
+
+__None__.
+
+## Example Playbook
+
+```yaml
+#TODO: Add example
+```
+
+## License
+
+Apache 2.0
+
+# Author Information
+
+* Michael Kaye
+* Jan Christian Grünhage
+* Emmanouil Kampitakis

roles/synapse/TODO.md

@@ -0,0 +1 @@
+- Write a handler to restart the systemd service when upgrading

roles/synapse/defaults/main.yml

@@ -0,0 +1,15 @@
+---
+matrix_synapse_extra_config: {}
+matrix_synapse_deployment_method: pip
+matrix_synapse_supervision_method: systemd
+matrix_synapse_base_path: "/opt/synapse"
+matrix_synapse_secrets_path: "{{ matrix_synapse_base_path }}/secrets"
+matrix_synapse_dh_path: "{{ matrix_synapse_base_path }}/tls/{{ matrix_server_name }}.dh"
+matrix_synapse_baseurl: "https://{{ matrix_server_name }}"
+matrix_synapse_signing_key_path: "{{ matrix_synapse_base_path }}/tls/{{ matrix_server_name }}.signing.key"
+matrix_synapse_version: "v1.3.1"
+matrix_synapse_log_dir: "/var/log/matrix_synapse"
+matrix_synapse_log_days_keep: 30
+matrix_synapse_pid_file: "{{ matrix_synapse_base_path }}/synapse.pid"
+matrix_synapse_docker_ports: ["8008:8008", "8448:8448"]
+matrix_synapse_docker_labels: {}

roles/synapse/files/log.config

@@ -0,0 +1,29 @@
+version: 1
+
+formatters:
+  precise:
+   format: '%(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'
+
+filters:
+  context:
+    (): synapse.util.logcontext.LoggingContextFilter
+    request: ""
+
+handlers:
+  console:
+    class: logging.StreamHandler
+    formatter: precise
+    filters: [context]
+
+loggers:
+    synapse:
+        level: INFO
+
+    synapse.storage.SQL:
+        # beware: increasing this to DEBUG will make synapse log sensitive
+        # information such as access tokens.
+        level: INFO
+
+root:
+    level: INFO
+    handlers: [console]

roles/synapse/handlers/main.yml

@@ -0,0 +1,27 @@
+---
+- name: "reload systemd"
+  systemd:
+    daemon_reload: yes
+
+- name: "restart matrix-synapse using systemd"
+  service:
+    name: "matrix-synapse"
+    state: restarted
+    enabled: yes
+  when: matrix_synapse_supervision_method == "systemd"
+  listen: "restart matrix-synapse"
+
+- name: "restart synapse using docker"
+  docker_container:
+    name: synapse
+    state: started
+    restart: yes
+  when: matrix_synapse_supervision_method == "docker"
+  listen: "restart matrix-synapse"
+
+- name: restart rsyslog
+  become: yes
+  service:
+    name: rsyslog
+    state: restarted
+  when: matrix_synapse_supervision_method == "systemd"

roles/synapse/library/matrix_signing_key.py

@@ -0,0 +1,51 @@
+#!/bin/python3
+# Copyright: (c) 2018, Emmanouil Kampitakis <info@kampitakis.de>
+# Apache 2.0
+
+from ansible.module_utils.basic import AnsibleModule
+from signedjson import key
+import os
+
+def write_signing_key(path):
+    with open(path,'w') as f:
+        key.write_signing_keys(
+              f, 
+              [key.generate_signing_key('first')]
+        )
+
+def run_module():
+    module_args = dict(
+        path=dict(type='str', required=True),
+    )
+
+    result = dict(
+        changed=False,
+        original_message='',
+        message=''
+    )
+
+    module = AnsibleModule(
+        argument_spec=module_args,
+        supports_check_mode=True
+    )
+
+    signing_key_path = module.params['path']
+
+    signing_key_exists = os.path.isfile(signing_key_path)
+
+    if not signing_key_exists:
+        result['changed'] = True
+        if module.check_mode: 
+            return result
+        
+        write_signing_key(signing_key_path)
+
+    module.exit_json(**result)
+
+def main():
+    run_module()
+
+if __name__ == '__main__':
+    main()
+
+

roles/synapse/meta/main.yml

@@ -0,0 +1,16 @@
+galaxy_info:
+  author: michaelkaye
+  description: Deploys a synapse server
+
+  license: Apache 2.0
+
+  min_ansible_version: 2.0
+
+  platforms:
+  - name: Debian
+    versions:
+    - jessie
+
+  galaxy_tags: []
+
+dependencies: []