diff --git a/env.yml b/env.yml index 3a49bb7..c43ae96 100644 --- a/env.yml +++ b/env.yml @@ -50,6 +50,7 @@ projects: projects_to_backup: + - synapse - vaultwarden diff --git a/roles/synapse/tasks/backup.yml b/roles/synapse/tasks/backup.yml new file mode 100644 index 0000000..f4d02fc --- /dev/null +++ b/roles/synapse/tasks/backup.yml @@ -0,0 +1,32 @@ +- name: Backup PostgreSQL database + community.docker.docker_container_exec: + container: synapse-postgres + docker_host: "unix:///run/user/{{ host_uid }}/docker.sock" + command: | + pg_dump -c + -d synapse + -U synapse + -f /var/lib/postgresql/data/synapse-dump.sql + +- name: Create borg backup + command: + cmd: | + borg create + --compression=lzma + "{{ borg_repodir }}::{{ role_name }}-{now:%Y-%m-%d_%H-%M-%S}" + {{ volumes['synapse_datadir'] }}/media_store + {{ volumes['synapse_postgres_datadir'] }}/synapse-dump.sql + environment: + BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}" + become: true + +- name: Prune borg repository + command: + cmd: | + borg prune + --glob-archives='{{ role_name }}-*' + {{ borg_prune_options }} + {{ borg_repodir }} + environment: + BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}" + become: true diff --git a/roles/synapse/tasks/main.yml b/roles/synapse/tasks/main.yml index 321c5cb..ed95f38 100644 --- a/roles/synapse/tasks/main.yml +++ b/roles/synapse/tasks/main.yml @@ -1,53 +1,9 @@ -- name: "Create {{ synapse_project_dir }} project directory" - file: - path: "{{ synapse_project_dir }}" - state: directory +- name: Include backup tasks + include_tasks: + file: backup.yml + when: run_backup | default(false) | bool -- name: Template docker-compose.yaml to project directory - template: - src: docker-compose.yaml - dest: "{{ synapse_project_dir }}/docker-compose.yaml" - owner: "{{ ansible_env['USER'] }}" - group: "{{ ansible_env['USER'] }}" - mode: '640' - -- name: Template homeserver.yaml to project directory - template: - src: homeserver.yaml - dest: "{{ synapse_project_dir }}/homeserver.yaml" - owner: "{{ ansible_env['USER'] }}" - mode: '640' - # Store result to restart services if the file changed - register: synapse_template_homeserver_result - -# Separate task because template module cannot chown/chgrp to a non-existing user/group -- name: "Change group of homeserver.yaml to synapse GID ({{ users['synapse'] + uid_shift }})" - file: - path: "{{ synapse_project_dir }}/homeserver.yaml" - group: "{{ users['synapse'] + uid_shift }}" - become: true - -- name: "Create directory {{ volumes['synapse_datadir'] }} with correct permissions" - file: - path: "{{ volumes['synapse_datadir'] }}" - state: directory - owner: "{{ users['synapse'] + uid_shift }}" - group: "{{ users['synapse'] + uid_shift }}" - mode: '770' - become: true - -- name: "Create directory {{ volumes['synapse_postgres_datadir'] }} with correct permissions" - file: - path: "{{ volumes['synapse_postgres_datadir'] }}" - state: directory - owner: "{{ users['synapse_postgres'] + uid_shift }}" - group: "{{ users['synapse_postgres'] + uid_shift }}" - mode: '770' - become: true - -- name: Pull/Create/Restart project services - community.docker.docker_compose: - project_src: "{{ synapse_project_dir }}" - pull: "{{ docker_pull_images | bool }}" - # Restart if config file(s) changed - restarted: "{{ synapse_template_homeserver_result['changed'] | bool }}" +- name: Include update tasks + include_tasks: + file: update.yml + when: run_update | default(false) | bool diff --git a/roles/synapse/tasks/update.yml b/roles/synapse/tasks/update.yml new file mode 100644 index 0000000..321c5cb --- /dev/null +++ b/roles/synapse/tasks/update.yml @@ -0,0 +1,53 @@ +- name: "Create {{ synapse_project_dir }} project directory" + file: + path: "{{ synapse_project_dir }}" + state: directory + +- name: Template docker-compose.yaml to project directory + template: + src: docker-compose.yaml + dest: "{{ synapse_project_dir }}/docker-compose.yaml" + owner: "{{ ansible_env['USER'] }}" + group: "{{ ansible_env['USER'] }}" + mode: '640' + +- name: Template homeserver.yaml to project directory + template: + src: homeserver.yaml + dest: "{{ synapse_project_dir }}/homeserver.yaml" + owner: "{{ ansible_env['USER'] }}" + mode: '640' + # Store result to restart services if the file changed + register: synapse_template_homeserver_result + +# Separate task because template module cannot chown/chgrp to a non-existing user/group +- name: "Change group of homeserver.yaml to synapse GID ({{ users['synapse'] + uid_shift }})" + file: + path: "{{ synapse_project_dir }}/homeserver.yaml" + group: "{{ users['synapse'] + uid_shift }}" + become: true + +- name: "Create directory {{ volumes['synapse_datadir'] }} with correct permissions" + file: + path: "{{ volumes['synapse_datadir'] }}" + state: directory + owner: "{{ users['synapse'] + uid_shift }}" + group: "{{ users['synapse'] + uid_shift }}" + mode: '770' + become: true + +- name: "Create directory {{ volumes['synapse_postgres_datadir'] }} with correct permissions" + file: + path: "{{ volumes['synapse_postgres_datadir'] }}" + state: directory + owner: "{{ users['synapse_postgres'] + uid_shift }}" + group: "{{ users['synapse_postgres'] + uid_shift }}" + mode: '770' + become: true + +- name: Pull/Create/Restart project services + community.docker.docker_compose: + project_src: "{{ synapse_project_dir }}" + pull: "{{ docker_pull_images | bool }}" + # Restart if config file(s) changed + restarted: "{{ synapse_template_homeserver_result['changed'] | bool }}" diff --git a/roles/synapse/templates/docker-compose.yaml b/roles/synapse/templates/docker-compose.yaml index bf56f11..5a5b7d4 100644 --- a/roles/synapse/templates/docker-compose.yaml +++ b/roles/synapse/templates/docker-compose.yaml @@ -7,7 +7,7 @@ services: environment: LANG: C POSTGRES_INITDB_ARGS: "--locale=C --encoding=UTF8" - POSTGRES_USER: {{ synapse_secrets['postgres_user'] }} + POSTGRES_USER: synapse POSTGRES_PASSWORD: {{ synapse_secrets['postgres_password'] }} volumes: - {{ volumes['synapse_postgres_datadir'] }}:/var/lib/postgresql/data diff --git a/roles/synapse/templates/homeserver.yaml b/roles/synapse/templates/homeserver.yaml index 22f109c..a36f4c6 100644 --- a/roles/synapse/templates/homeserver.yaml +++ b/roles/synapse/templates/homeserver.yaml @@ -24,7 +24,7 @@ max_avatar_size: 2M database: name: psycopg2 args: - user: {{ synapse_secrets['postgres_user'] }} + user: synapse password: {{ synapse_secrets['postgres_password'] }} dbname: synapse host: synapse-postgres diff --git a/secrets.yml.example b/secrets.yml.example index 31aec9a..ccd9b21 100644 --- a/secrets.yml.example +++ b/secrets.yml.example @@ -17,7 +17,6 @@ searxng_secrets: searxng_secret: synapse_secrets: - postgres_user: postgres_password: turn_shared_secret: "{{ coturn_secrets['static_auth_secret'] }}" macaroon_secret_key: