From c553e01950dec9aa5f23886b1ba9ecb5e7f7b8ae Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <daniel@firewall-services.com>
Date: Mon, 7 Dec 2020 19:00:05 +0100
Subject: [PATCH] Update to 2020-12-07 19:00

---
 roles/gitea/templates/app.ini.j2              |  1 -
 roles/matrix_element/defaults/main.yml        | 31 +++++++++++++++++++++++++++
 roles/matrix_element/handlers/main.yml        |  3 +++
 roles/matrix_element/meta/main.yml            |  3 +++
 roles/matrix_element/tasks/archive_post.yml   |  9 ++++++++
 roles/matrix_element/tasks/archive_pre.yml    |  7 ++++++
 roles/matrix_element/tasks/cleanup.yml        | 16 ++++++++++++++
 roles/matrix_element/tasks/conf.yml           | 15 +++++++++++++
 roles/matrix_element/tasks/directories.yml    | 11 ++++++++++
 roles/matrix_element/tasks/facts.yml          | 12 +++++++++++
 roles/matrix_element/tasks/install.yml        | 28 ++++++++++++++++++++++++
 roles/matrix_element/tasks/main.yml           | 13 +++++++++++
 roles/matrix_element/tasks/write_version.yml  |  7 ++++++
 roles/matrix_element/templates/config.json.j2 | 30 ++++++++++++++++++++++++++
 roles/matrix_element/templates/httpd.conf.j2  | 14 ++++++++++++
 roles/matrix_element/templates/perms.sh.j2    |  5 +++++
 16 files changed, 204 insertions(+), 1 deletion(-)
 create mode 100644 roles/matrix_element/defaults/main.yml
 create mode 100644 roles/matrix_element/handlers/main.yml
 create mode 100644 roles/matrix_element/meta/main.yml
 create mode 100644 roles/matrix_element/tasks/archive_post.yml
 create mode 100644 roles/matrix_element/tasks/archive_pre.yml
 create mode 100644 roles/matrix_element/tasks/cleanup.yml
 create mode 100644 roles/matrix_element/tasks/conf.yml
 create mode 100644 roles/matrix_element/tasks/directories.yml
 create mode 100644 roles/matrix_element/tasks/facts.yml
 create mode 100644 roles/matrix_element/tasks/install.yml
 create mode 100644 roles/matrix_element/tasks/main.yml
 create mode 100644 roles/matrix_element/tasks/write_version.yml
 create mode 100644 roles/matrix_element/templates/config.json.j2
 create mode 100644 roles/matrix_element/templates/httpd.conf.j2
 create mode 100644 roles/matrix_element/templates/perms.sh.j2

diff --git a/roles/gitea/templates/app.ini.j2 b/roles/gitea/templates/app.ini.j2
index 62112ea..9a7cdc0 100644
--- a/roles/gitea/templates/app.ini.j2
+++ b/roles/gitea/templates/app.ini.j2
@@ -47,7 +47,6 @@ LOG_SQL  = false
 
 [repository]
 ROOT = {{ gitea_root_dir }}/data/repositories
-ENABLE_PUSH_CREATE_USER = true
 
 [mailer]
 ENABLED = true
diff --git a/roles/matrix_element/defaults/main.yml b/roles/matrix_element/defaults/main.yml
new file mode 100644
index 0000000..de212e4
--- /dev/null
+++ b/roles/matrix_element/defaults/main.yml
@@ -0,0 +1,31 @@
+---
+
+# Only change several instances are deployed on the same server
+# in which case you must also set a different element_root_dir
+element_id: element
+
+# Version to deploy, and expected sha1
+element_version: 1.7.15
+# sha1sum of the tar.gz
+element_archive_sha1: 86ef08a7bc4656829fab3e39985debf84344ad28
+
+# Where to install element
+element_root_dir: /opt/matrix/element
+
+# Default servers
+# element_default_home_server: https://matrix.org
+element_default_identity_server: https://vector.im
+
+# Should ansible manage upgrades or only initial install
+element_manage_upgrade: True
+
+# Should a alilas be created, eg element to access it on /element
+# element_web_alias: element
+
+# Optional list of allowed IP address. If undefined, everyone can access it
+# element_allowed_ip: 
+#   - 12.13.14.15
+#   - 16.17.18.19
+
+# Jitsi server to use
+# element_jitsi_server: jitsi.example.net
diff --git a/roles/matrix_element/handlers/main.yml b/roles/matrix_element/handlers/main.yml
new file mode 100644
index 0000000..5de68b6
--- /dev/null
+++ b/roles/matrix_element/handlers/main.yml
@@ -0,0 +1,3 @@
+---
+- include: ../httpd_common/handlers/main.yml
+...
diff --git a/roles/matrix_element/meta/main.yml b/roles/matrix_element/meta/main.yml
new file mode 100644
index 0000000..4201791
--- /dev/null
+++ b/roles/matrix_element/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: httpd_common
diff --git a/roles/matrix_element/tasks/archive_post.yml b/roles/matrix_element/tasks/archive_post.yml
new file mode 100644
index 0000000..1caf74c
--- /dev/null
+++ b/roles/matrix_element/tasks/archive_post.yml
@@ -0,0 +1,9 @@
+---
+
+- import_tasks: ../includes/webapps_compress_archive.yml
+  vars:
+    - root_dir: "{{ element_root_dir }}"
+    - version: "{{ element_current_version }}"
+  when: element_install_mode == 'upgrade'
+  tags: matrix
+
diff --git a/roles/matrix_element/tasks/archive_pre.yml b/roles/matrix_element/tasks/archive_pre.yml
new file mode 100644
index 0000000..36828c6
--- /dev/null
+++ b/roles/matrix_element/tasks/archive_pre.yml
@@ -0,0 +1,7 @@
+---
+
+- import_tasks: ../includes/webapps_archive.yml
+  vars:
+    - root_dir: "{{ element_root_dir }}"
+    - version: "{{ element_current_version }}"
+  tags: matrix
diff --git a/roles/matrix_element/tasks/cleanup.yml b/roles/matrix_element/tasks/cleanup.yml
new file mode 100644
index 0000000..5581a1e
--- /dev/null
+++ b/roles/matrix_element/tasks/cleanup.yml
@@ -0,0 +1,16 @@
+---
+
+- name: Remove temp files
+  file: path={{ element_root_dir }}/tmp/{{ item }} state=absent
+  loop:
+    - element-v{{ element_version }}.tar.gz
+    - element-v{{ element_version }}
+  tags: matrix
+
+- name: Remove old Riot install
+  file: path={{ item }} state=absent
+  loop:
+    - /opt/matrix/riot
+    - /etc/httpd/ansible_conf.d/10-riot_riot.conf
+  notify: reload httpd
+  tags: matrix
diff --git a/roles/matrix_element/tasks/conf.yml b/roles/matrix_element/tasks/conf.yml
new file mode 100644
index 0000000..cf2a9ff
--- /dev/null
+++ b/roles/matrix_element/tasks/conf.yml
@@ -0,0 +1,15 @@
+---
+
+- name: Remove sample config file
+  file: path={{ element_root_dir }}/web/config.sample.json state=absent
+  tags: matrix
+
+- name: Deploy configuration
+  template: src=config.json.j2 dest={{ element_root_dir }}/web/config.json
+  tags: matrix
+
+- name: Deploy httpd configuration
+  template: src=httpd.conf.j2 dest=/etc/httpd/ansible_conf.d/10-element_{{ element_id }}.conf
+  notify: reload httpd
+  tags: matrix
+
diff --git a/roles/matrix_element/tasks/directories.yml b/roles/matrix_element/tasks/directories.yml
new file mode 100644
index 0000000..1418d6b
--- /dev/null
+++ b/roles/matrix_element/tasks/directories.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Create directory structure
+  file: path={{ element_root_dir }}/{{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
+  with_items:
+    - dir: tmp
+    - dir: archives
+      mode: 700
+    - dir: meta
+      mode: 700
+  tags: matrix
diff --git a/roles/matrix_element/tasks/facts.yml b/roles/matrix_element/tasks/facts.yml
new file mode 100644
index 0000000..f79d976
--- /dev/null
+++ b/roles/matrix_element/tasks/facts.yml
@@ -0,0 +1,12 @@
+---
+
+- import_tasks: ../includes/webapps_set_install_mode.yml
+  vars:
+    - root_dir: "{{ element_root_dir }}"
+    - version: "{{ element_version }}"
+  tags: matrix
+- set_fact: element_install_mode={{ (install_mode == 'upgrade' and not element_manage_upgrade) | ternary('none',install_mode) }}
+  tags: matrix
+- set_fact: element_current_version={{ current_version | default('') }}
+  tags: matrix
+
diff --git a/roles/matrix_element/tasks/install.yml b/roles/matrix_element/tasks/install.yml
new file mode 100644
index 0000000..4ea0d13
--- /dev/null
+++ b/roles/matrix_element/tasks/install.yml
@@ -0,0 +1,28 @@
+---
+
+- name: Download Riot
+  get_url:
+    url: "https://github.com/vector-im/element-web/releases/download/v{{ element_version }}/element-v{{ element_version }}.tar.gz"
+    dest: "{{ element_root_dir }}/tmp/"
+    checksum: "sha1:{{ element_archive_sha1 }}"
+  when: element_install_mode != 'none'
+  tags: matrix
+
+- name: Extract element archive
+  unarchive:
+    src: "{{ element_root_dir }}/tmp/element-v{{ element_version }}.tar.gz"
+    dest: "{{ element_root_dir }}/tmp/"
+    remote_src: True
+  when: element_install_mode != 'none'
+  tags: matrix
+
+- name: Move the content of element to the correct top directory
+  synchronize:
+    src: "{{ element_root_dir }}/tmp/element-v{{ element_version }}/"
+    dest: "{{ element_root_dir }}/web/"
+    recursive: True
+    delete: True
+  delegate_to: "{{ inventory_hostname }}"
+  when: element_install_mode != 'none'
+  tags: matrix
+
diff --git a/roles/matrix_element/tasks/main.yml b/roles/matrix_element/tasks/main.yml
new file mode 100644
index 0000000..7f4d1d6
--- /dev/null
+++ b/roles/matrix_element/tasks/main.yml
@@ -0,0 +1,13 @@
+---
+
+- include: facts.yml
+- include: directories.yml
+- include: archive_pre.yml
+  when: element_install_mode == 'upgrade'
+- include: install.yml
+- include: conf.yml
+- include: archive_post.yml
+  when: element_install_mode == 'upgrade'
+- include: write_version.yml
+- include: cleanup.yml
+
diff --git a/roles/matrix_element/tasks/write_version.yml b/roles/matrix_element/tasks/write_version.yml
new file mode 100644
index 0000000..4d0c210
--- /dev/null
+++ b/roles/matrix_element/tasks/write_version.yml
@@ -0,0 +1,7 @@
+---
+
+- import_tasks: ../includes/webapps_post.yml
+  vars:
+    - root_dir: "{{ element_root_dir }}"
+    - version: "{{ element_version }}"
+  tags: matrix
diff --git a/roles/matrix_element/templates/config.json.j2 b/roles/matrix_element/templates/config.json.j2
new file mode 100644
index 0000000..4e7ccce
--- /dev/null
+++ b/roles/matrix_element/templates/config.json.j2
@@ -0,0 +1,30 @@
+{
+    "default_hs_url": "{{ element_default_home_server | default('https://' + synapse_server_name) | default('https://matrix.org') }}",
+    "default_is_url": "{{ element_default_identity_server }}",
+    "brand": "Riot",
+    "integrations_ui_url": "https://scalar.vector.im/",
+    "integrations_rest_url": "https://scalar.vector.im/api",
+    "integrations_widgets_urls": [
+        "https://scalar.vector.im/_matrix/integrations/v1",
+        "https://scalar.vector.im/api",
+        "https://scalar-staging.vector.im/_matrix/integrations/v1",
+        "https://scalar-staging.vector.im/api",
+        "https://scalar-staging.element.im/scalar/api"
+    ],
+    "bug_report_endpoint_url": "https://element.im/bugreports/submit",
+    "enableLabs": true,
+    "roomDirectory": {
+        "servers": [
+            "matrix.org"
+        ]
+    },
+    "welcomeUserId": "@riot-bot:matrix.org",
+    "piwik": {
+    },
+{% if element_jitsi_server is defined %}
+   "jitsi": {
+        "preferredDomain": "{{ element_jitsi_server }}"
+    },
+{% endif %}
+   "happyJson": true
+}
diff --git a/roles/matrix_element/templates/httpd.conf.j2 b/roles/matrix_element/templates/httpd.conf.j2
new file mode 100644
index 0000000..1aadb92
--- /dev/null
+++ b/roles/matrix_element/templates/httpd.conf.j2
@@ -0,0 +1,14 @@
+{% if element_web_alias is defined %}
+Alias /{{ element_web_alias }} {{ element_root_dir }}/web
+{% else %}
+# No alias defined, create a vhost to access it
+{% endif %}
+<Directory {{ element_root_dir }}/web>
+  AllowOverride None
+  Options None
+{% if element_allowed_ip is defined %}
+  Require ip {{ element_allowed_ip | join(' ') }}
+{% else %}
+  Require all granted
+{% endif %}
+</Directory>
diff --git a/roles/matrix_element/templates/perms.sh.j2 b/roles/matrix_element/templates/perms.sh.j2
new file mode 100644
index 0000000..f2e2910
--- /dev/null
+++ b/roles/matrix_element/templates/perms.sh.j2
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+chown -R root:root {{ element_root_dir }}
+find {{ element_root_dir }}/web -type f -exec chmod 644 "{}" \;
+find {{ element_root_dir }}/web -type d -exec chmod 755 "{}" \;