RussianFedora · vrutkovs · Dec 21, 2019 · Dec 21, 2019 · Feb 17, 2020 · Feb 17, 2020
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,4 @@
 *~
 \#*
-.*
+.*
+*.retry
diff --git a/.gitmodules b/.gitmodules
@@ -0,0 +1,9 @@
+[submodule "misc/matrix"]
+	path = misc/matrix
+	url = https://github.com/spantaleev/matrix-docker-ansible-deploy
+[submodule "misc/prometheus"]
+	path = misc/prometheus
+	url = https://github.com/ome/ansible-role-prometheus
+[submodule "misc/grafana"]
+	path = misc/grafana
+	url = https://github.com/escalate/ansible-grafana-docker
diff --git a/ansible.cfg b/ansible.cfg
@@ -0,0 +1,2 @@
+[defaults]
+roles_path=./roles:./misc/matrix/roles:./misc:~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles
diff --git a/inventory/group_vars/matrix_servers b/inventory/group_vars/matrix_servers
@@ -0,0 +1 @@
+../../misc/matrix/group_vars/matrix_servers
diff --git a/inventory/host_vars/matrix-server.yaml b/inventory/host_vars/matrix-server.yaml
@@ -0,0 +1,53 @@
+matrix_domain: russianfedora.online
+matrix_server_fqn_matrix: russianfedora.online
+
+matrix_ssl_lets_encrypt_support_email: [email protected]
+
+# secret key is now stored in vault
+# matrix_synapse_macaroon_secret_key: SOME_RANDOM_STRING_WHICH_IS_IN_VAULT
+
+# random postgres password is now stored in vault
+#matrix_postgres_connection_password: SOME_RANDOM_STRING_WHICH_IS_IN_VAULT
+
+matrix_server_fqn_riot: "chat.{{ matrix_server_fqn_matrix }}"
+
+# coturn is a TURN server for voice/video calls
+matrix_coturn_enabled: false
+
+# enable matrix-bridge-mautrix-telegram
+# TODO: set API and hash in vault and then enable it
+#matrix_mautrix_telegram_enabled: true
+matrix_mautrix_telegram_enabled: false
+
+# enable integration manager
+# TODO: create a domain for that
+matrix_dimension_enabled: false
+
+# enable registration
+# TODO: disable once clients would start supporting SSO
+matrix_synapse_enable_registration: true
+
+# disable mxisd
+matrix_mxisd_enabled: false
+
+# don't import initial data
+run_postgres_import: false
+run_postgres_import_sqlite_db: false
+
+# Set postgres action vars to false by default
+run_postgres_upgrade: false
+run_postgres_synapse_janitor: false
+run_postgres_vacuum: false
+run_synapse_register_user: false
+run_synapse_update_user_password: false
+run_synapse_import_media_store: false
+run_self_check: false
+
+# Disable registration
+matrix_riot_web_registration_enabled: false
+
+# Enable metrics
+matrix_synapse_metrics_enabled: true
+matrix_nginx_proxy_proxy_synapse_metrics: false
+matrix_synapse_metrics_port: 9129
+matrix_synapse_container_metrics_api_host_bind_port: "127.0.0.1:9129"
diff --git a/inventory/host_vars/monitoring-server.yaml b/inventory/host_vars/monitoring-server.yaml
@@ -0,0 +1,32 @@
+# External ports, set to 0 to disable
+prometheus_port: 9090
+prometheus_alertmanager_port: 0
+prometheus_blackboxexporter_port: 0
+
+# Versions
+prometheus_version: 2.16.0
+prometheus_alertmanager_version: 0.20.0
+prometheus_blackboxexporter_version: 0.16.0
+grafana_docker_image_version: 6.6.1
+
+# Join matrix network
+prometheus_docker_network: matrix
+
+# Use fake alertmanager webhook
+prometheus_alertmanager_slack_webhook: foo
+
+# Monitor matrix
+prometheus_targets:
+- jobname: synapse
+  metrics_path: "/"
+  hosts: ["matrix-synapse"]
+  port: 9129
+
+# Grafana settings
+grafana_path: "/matrix/grafana"
+grafana_docker_run_options: "--volume={{grafana_data_path}}:/var/lib/grafana --volume={{grafana_dashboards_path}}:/dashboards"
+grafana_config_env:
+- GF_USERS_ALLOW_SIGN_UP: false
+- GF_AUTH_ANONYMOUS_ENABLED: true
+
+#grafana_admin_password is stored in vault
diff --git a/inventory/hosts b/inventory/hosts
@@ -1,3 +1,11 @@
 [rfservers]
 
-build-server	ansible_ssh_host=144.76.182.138 ansible_ssh_user=root
+build-server	ansible_ssh_host=144.76.182.138 ansible_ssh_user=root
+
+[matrix_servers]
+
+matrix-server	ansible_ssh_host=144.76.182.138 ansible_ssh_user=root
+
+[monitoring_servers]
+
+monitoring-server	ansible_ssh_host=144.76.182.138 ansible_ssh_user=root
diff --git a/misc/grafana b/misc/grafana
diff --git a/misc/matrix b/misc/matrix
diff --git a/misc/prometheus b/misc/prometheus
diff --git a/site.yaml b/site.yaml
@@ -4,3 +4,5 @@
   roles:
     - ssh-setup
     - packages
+
+- include: site_matrix.yaml
diff --git a/site_matrix.yaml b/site_matrix.yaml
@@ -0,0 +1,14 @@
+---
+- hosts: matrix_servers
+  roles:
+    - matrix-base
+    - matrix-mailer
+    - matrix-postgres
+    - matrix-bridge-mautrix-telegram
+    - matrix-synapse
+    - matrix-riot-web
+    - matrix-mxisd
+    - matrix-dimension
+    - matrix-nginx-proxy
+    - matrix-coturn
+    - matrix-common-after
diff --git a/site_monitoring.yaml b/site_monitoring.yaml
@@ -0,0 +1,5 @@
+---
+- hosts: monitoring_servers
+  roles:
+    - prometheus
+    - grafana
diff --git a/vault.yml b/vault.yml
@@ -0,0 +1,13 @@
+$ANSIBLE_VAULT;1.1;AES256
+66626130663264363065393133396538333238613833393131343239643534643333653561626234
+3836386138613237376661316363333065666634346263310a346361343463396135613665653132
+32633362633163353632333333356634353230303332663330663639353033303462613139336335
+3163393235646566360a613833373234326362393166343832633965636233323930316133376435
+33653032383930313562656365303661393863656433366134373137653131373963653634343861
+64396566323630336463303936303537313365333238343036633136613863373662366135613839
+38363137383166666539373939363137663965636664323931353863666534613563376435363538
+31323364363437616338333935653430383331366338363832326535386463383739623565663631
+34383763393466336333653035306437653664626231636633346364376565323333303363653063
+34366238336330623166656338373032383434633839323035336638383564343861313436303137
+38613265383361643063363564636361343533313661333238353438306432353233616335353731
+35396565613764303331
-Original file line number
+Diff line change
@@ -1,3 +1,4 @@
     *~
     \#*
-    .*
+    .*
+    *.retry
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		[defaults]
		roles_path=./roles:./misc/matrix/roles:./misc:~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles