add requirements file,hosts.ini and README

roles/synapse/tasks/configure.yml

@@ -0,0 +1,64 @@
+---
+- name: create user
+  user:
+    name: synapse
+    state: present
+  register: synapse_user
+  tags:
+    - pre_install
+
+- name: create directory
+  file:
+    path: "{{ matrix_synapse_base_path }}"
+    state: directory
+    owner: synapse
+    group: synapse
+  tags:
+    - pre_install
+
+- name: Create secrets directory
+  file:
+    path: "{{ matrix_synapse_secrets_path }}"
+    state: directory
+    owner: synapse
+    group: synapse
+  tags:
+    - pre_install
+
+- name: Generate secrets
+  include_tasks: generate_secret.yml
+  loop:
+    - file: "macaroon.key"
+      var: "macaroon_file"
+    - file: "registration.key"
+      var: "registration_shared_secret_file"
+    - file: "form.key"
+      var: "form_secret_file"
+  loop_control:
+    loop_var: secret
+
+- name: Create directory for media storage
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: synapse
+    group: synapse
+  loop:
+    - "{{ matrix_synapse_config.media_store_path }}"
+    - "{{ matrix_synapse_config.uploads_path }}"
+    - "{{ matrix_synapse_base_path }}/tls"
+
+- name: Deploy config
+  copy:
+    content: "{{ matrix_synapse_config | to_nice_yaml }}"
+    dest: "{{ matrix_synapse_base_path }}/homeserver.yaml"
+    owner: synapse
+    group: synapse
+  notify:
+    - "restart matrix-synapse"
+
+- name: Configure logging
+  import_tasks: logging.yml
+
+- name: Create certificates
+  include_tasks: crypto.yml

roles/synapse/tasks/crypto.yml

@@ -0,0 +1,32 @@
+---
+- name: Install signedjson
+  pip:
+    name: signedjson
+
+- name: Create signing key
+  matrix_signing_key:
+    path: "{{ matrix_synapse_config.signing_key_path }}"
+  notify:
+    - "restart matrix-synapse"
+
+- name: Write server's certificate and private key
+  block:
+    - name: create DH parameters
+      openssl_dhparam:
+        path: "{{ matrix_synapse_dh_path }}"
+        owner: synapse
+    - name: Write certificate
+      copy:
+        content: "{{ matrix_synapse_tls_cert }}"
+        dest: "{{ matrix_synapse_config.tls_certificate_path }}"
+        owner: synapse
+        group: synapse
+        mode: "0644"
+    - name: Write keyfile
+      copy:
+        content: "{{ matrix_synapse_tls_key }}"
+        dest: "{{ matrix_synapse_config.tls_private_key_path }}"
+        owner: synapse
+        group: synapse
+        mode: "0600"
+  when: not matrix_synapse_config.no_tls

roles/synapse/tasks/deployment.yml

@@ -0,0 +1,78 @@
+---
+- name: install synapse with pip into virtualenv
+  block:
+    - name: Install dependencies
+      apt:
+        name:
+          - git
+          - build-essential
+          - python3-dev
+          - python-virtualenv
+          - python-pip
+          - python-setuptools
+          - sqlite3
+          - libffi-dev
+          - libssl-dev
+          - libjpeg-dev
+          - libxslt1-dev
+          - libpq-dev
+        state: present
+        cache_valid_time: 1800
+      tags:
+        - pre_install
+
+    - name: Create virtualenv
+      pip:
+        name:
+          - pip
+          - setuptools
+        virtualenv: "{{ matrix_synapse_base_path }}/env"
+        virtualenv_python: python3
+        extra_args: --upgrade
+      tags:
+        - pre_install
+
+    - name: Clone synapse
+      git:
+        repo: https://github.com/matrix-org/synapse
+        dest: "{{ matrix_synapse_base_path }}/synapse"
+        accept_hostkey: yes
+        version: "{{ matrix_synapse_version }}"
+      register: clone_synapse
+      tags:
+        - pre_install
+
+    - name: Install Synapse
+      pip:
+        name: "{{ matrix_synapse_base_path }}/synapse[matrix-synapse-ldap3,postgres,resources.consent,acme,url_preview]"
+        virtualenv: "{{ matrix_synapse_base_path }}/env"
+      when: clone_synapse.changed
+      tags:
+        - skip_ansible_lint # skip when clause
+        - pre_install
+      notify: restart matrix-synapse
+  when: matrix_synapse_deployment_method == "pip"
+
+- name: install synapse with docker
+  docker_container:
+    name: synapse
+    image: "docker.io/matrixdotorg/synapse:{{ matrix_synapse_version }}"
+    ports: "{{ matrix_synapse_docker_ports }}"
+    labels: "{{ matrix_synapse_docker_labels }}"
+    restart_policy: unless-stopped
+    recreate: true
+    pull: true
+    entrypoint: "python"
+    command:
+      - "-m"
+      - "synapse.app.homeserver"
+      - "-c"
+      - "{{ matrix_synapse_base_path }}/homeserver.yaml"
+    user: "{{ synapse_user.uid }}:{{ synapse_user.group }}"
+    volumes:
+      - "{{ matrix_synapse_config.media_store_path }}:{{ matrix_synapse_config.media_store_path }}"
+      - "{{ matrix_synapse_config.uploads_path }}:{{ matrix_synapse_config.uploads_path }}"
+      - "{{ matrix_synapse_base_path }}/homeserver.yaml:{{ matrix_synapse_base_path }}/homeserver.yaml"
+      - "{{ matrix_synapse_base_path }}/log.config:{{ matrix_synapse_base_path }}/log.config"
+      - "{{ matrix_synapse_base_path }}/tls:{{ matrix_synapse_base_path }}/tls"
+  when: matrix_synapse_deployment_method == "docker"

roles/synapse/tasks/generate_secret.yml

@@ -0,0 +1,27 @@
+---
+- name: Set full file path
+  set_fact:
+    secret_file_path: "{{ matrix_synapse_secrets_path }}/{{ secret.file }}"
+
+- name: Check if secret exists
+  stat:
+    path: "{{ secret_file_path }}"
+  register: secret_file_stat
+
+- name: Generate random string
+  copy:
+    content: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=42') }}"
+    dest: "{{ secret_file_path }}"
+    owner: synapse
+    group: synapse
+    mode: "0600"
+  when:
+    - not secret_file_stat.stat.exists
+# TODO: This below is a dirty hack and should be properly revisited
+- name: Retrieve secret
+  slurp:
+    src: "{{ secret_file_path }}"
+  register: secret_var
+
+- name: Set secret.var fact
+  set_fact: { "{{ secret.var }}": "{{ secret_var }}" }

roles/synapse/tasks/logging.yml

@@ -0,0 +1,35 @@
+---
+- name: Logging config (systemd)
+  block:
+    - name: create logging folder
+      file:
+        name: "{{ matrix_synapse_log_dir }}"
+        state: directory
+        owner: synapse
+        group: synapse
+
+    - name: copy syslog config
+      template:
+        src: syslog-synapse.conf.j2
+        dest: /etc/rsyslog.d/matrix_synapse.conf
+        owner: root
+      notify: restart rsyslog
+
+    - name: template logrotate config
+      template:
+        src: logrotate.j2
+        dest: /etc/logrotate.d/matrix_synapse
+        owner: root
+  when: matrix_synapse_supervision_method == "systemd"
+  # TODO: Figure out how to make sure that logging ends up in rsyslog no matter what system we run on
+
+- name: Deploy log config
+  copy:
+    src: "log.config"
+    dest: "{{ matrix_synapse_base_path }}/log.config"
+    owner: synapse
+    group: synapse
+  notify:
+    - "restart matrix-synapse"
+
+

roles/synapse/tasks/main.yml

@@ -0,0 +1,16 @@
+---
+- name: check that sypervision and deployment are compatible
+  fail:
+    msg: "Either both or neither of deployment and supervision method should be docker."
+  when: (matrix_synapse_supervision_method == "docker" and matrix_synapse_deployment_method != "docker") or
+        (matrix_synapse_deployment_method == "docker" and matrix_synapse_supervision_method != "docker")
+
+- name: configure synapse
+  import_tasks: configure.yml
+
+- name: deploy synapse
+  import_tasks: deployment.yml
+
+- name: configure service
+  import_tasks: systemd.yml
+  when: matrix_synapse_supervision_method == "systemd"

roles/synapse/tasks/systemd.yml

@@ -0,0 +1,8 @@
+---
+- name: Deploy service file
+  template:
+    src: "matrix-synapse.service.j2"
+    dest: "/etc/systemd/system/matrix-synapse.service"
+  notify:
+    - "reload systemd"
+    - "restart matrix-synapse"