aboutsummaryrefslogtreecommitdiffstats
path: root/inventory-example
diff options
context:
space:
mode:
authorStonewall Jackson <stonewall@sacredheartsc.com>2023-05-31 21:35:04 -0400
committerStonewall Jackson <stonewall@sacredheartsc.com>2023-05-31 21:35:04 -0400
commit236d813994acd076ce96d764d569ee6bb3da98f9 (patch)
tree33f811ba7f557032601356218ff11d67a4895ffe /inventory-example
parent9cbb7d043e7379f9d7e7c81cd75fcd2176a0b322 (diff)
downloadselfhosted-236d813994acd076ce96d764d569ee6bb3da98f9.tar.gz
selfhosted-236d813994acd076ce96d764d569ee6bb3da98f9.zip
add synapse role
Diffstat (limited to 'inventory-example')
-rw-r--r--inventory-example/10-hosts1
-rw-r--r--inventory-example/20-by-hostname.yml1
-rw-r--r--inventory-example/40-groups3
-rw-r--r--inventory-example/group_vars/all/firefox.yml2
-rw-r--r--inventory-example/group_vars/all/freeipa.yml6
-rw-r--r--inventory-example/group_vars/all/nsd.yml3
-rw-r--r--inventory-example/group_vars/all/synapse.yml8
-rw-r--r--inventory-example/group_vars/all/vault.yml9
8 files changed, 33 insertions, 0 deletions
diff --git a/inventory-example/10-hosts b/inventory-example/10-hosts
index d8c4cc6..90e1acf 100644
--- a/inventory-example/10-hosts
+++ b/inventory-example/10-hosts
@@ -35,6 +35,7 @@ dmz-www1 ip=10.10.19.4
dmz-xmpp1 ip=10.10.19.5 cname=xmpp
dmz-turn1 ip=10.10.19.6 cname=turn
dmz-git1 ip=10.10.19.13
+dmz-matrix1 ip=10.10.19.14 cores=4 ram=8g disk=256g
dmz-asterisk1 ip=10.10.14.10 cname=asterisk cores=4
[unmanaged]
diff --git a/inventory-example/20-by-hostname.yml b/inventory-example/20-by-hostname.yml
index 165bd37..db1ba15 100644
--- a/inventory-example/20-by-hostname.yml
+++ b/inventory-example/20-by-hostname.yml
@@ -41,3 +41,4 @@ groups:
authoritative_nameservers: inventory_hostname is match('(dmz-)?dns[0-9]')
turn_servers: inventory_hostname is match('(dmz-)?turn[0-9]')
asterisk_servers: inventory_hostname is match('(dmz-)?asterisk[0-9]')
+ matrix_servers: inventory_hostname is match('(dmz-)?matrix[0-9]')
diff --git a/inventory-example/40-groups b/inventory-example/40-groups
index d4646ad..098c743 100644
--- a/inventory-example/40-groups
+++ b/inventory-example/40-groups
@@ -65,6 +65,9 @@ rsyslog_forward = no
[nagios_servers:vars]
apache_gssapi = True
+[matrix_servers:vars]
+apache_ssl_listen_ports='[443,{{ synapse_client_port }},{{ synapse_federation_port }}]'
+
[opnsense_firewalls:vars]
ansible_python_interpreter = /usr/local/bin/python3
diff --git a/inventory-example/group_vars/all/firefox.yml b/inventory-example/group_vars/all/firefox.yml
index 5ebc61b..07d227b 100644
--- a/inventory-example/group_vars/all/firefox.yml
+++ b/inventory-example/group_vars/all/firefox.yml
@@ -49,6 +49,8 @@ firefox_managed_bookmarks:
url: 'https://invidious.{{ domain }}'
- name: Jellyfin
url: 'https://jellyfin.{{ domain }}'
+ - name: Matrix
+ url: 'https://matrix.{{ domain }}'
- name: Nagios
url: 'https://nagios.{{ domain }}'
- name: Nitter
diff --git a/inventory-example/group_vars/all/freeipa.yml b/inventory-example/group_vars/all/freeipa.yml
index 3501061..15b7259 100644
--- a/inventory-example/group_vars/all/freeipa.yml
+++ b/inventory-example/group_vars/all/freeipa.yml
@@ -12,6 +12,7 @@ freeipa_users:
sn: Doe
mail: john@example.com
jid: john@example.com
+ mxid: johnnybravo
mail_aliases:
- john.nickname@example.com
- john.alias@exmaple.com
@@ -21,12 +22,14 @@ freeipa_users:
sn: Tables
mail: btables@example.com
jid: btables@example.com
+ mxid: aMatrixUsername
- name: janedoe
givenname: Jane
sn: Doe
mail: jane@example.com
jid: jane@example.com
+ mxid: plainjane
freeipa_groups:
# built-in freeipa admin group - be careful!
@@ -125,6 +128,9 @@ freeipa_groups:
- name: role-git-admin
group: sysadmins
+ - name: role-matrix-access
+ group: doefamily
+
freeipa_hbac_rules:
- name: sysadmins_ssh_and_console_to_all
description: allow sysadmins to ssh to all hosts
diff --git a/inventory-example/group_vars/all/nsd.yml b/inventory-example/group_vars/all/nsd.yml
index ff1afe6..d40351b 100644
--- a/inventory-example/group_vars/all/nsd.yml
+++ b/inventory-example/group_vars/all/nsd.yml
@@ -34,6 +34,7 @@ nsd_zones:
xmpp1 IN A 203.0.113.57
turn1 IN A 203.0.113.58
pbx1 IN A 203.0.113.59
+ matrix IN A 203.0.113.60
www IN CNAME www1
xmpp IN CNAME xmpp1
conference IN CNAME xmpp1
@@ -52,3 +53,5 @@ nsd_zones:
_sip._udp IN SRV 0 5 5060 pbx1
_sip._tcp IN SRV 0 5 5060 pbx1
_sip._tls IN SRV 0 5 5061 pbx1
+
+ _matrix._tcp IN SRV 0 5 8448 matrix
diff --git a/inventory-example/group_vars/all/synapse.yml b/inventory-example/group_vars/all/synapse.yml
new file mode 100644
index 0000000..ac3b4d5
--- /dev/null
+++ b/inventory-example/group_vars/all/synapse.yml
@@ -0,0 +1,8 @@
+synapse_registration_shared_secret: '{{ vault_synapse_registration_shared_secret }}'
+synapse_macaroon_secret_key: '{{ vault_synapse_macaroon_secret_key }}'
+synapse_form_secret: '{{ vault_synapse_form_secret }}'
+synapse_sysaccount_password: '{{ vault_synapse_sysaccount_password }}'
+
+synapse_domain: example.com
+synapse_server_name: matrix.example.com
+synapse_enable_registration: no
diff --git a/inventory-example/group_vars/all/vault.yml b/inventory-example/group_vars/all/vault.yml
index c3e29c5..58b597a 100644
--- a/inventory-example/group_vars/all/vault.yml
+++ b/inventory-example/group_vars/all/vault.yml
@@ -117,8 +117,17 @@ vault_rspamd_dkim_keys: # generate with `rspamadm dkim_keygen`
AAAAAAAAAAAAAAAAchangeme
-----END RSA PRIVATE KEY-----
+
+# synapse
+vault_synapse_sysaccount_password: changeme
+vault_synapse_registration_shared_secret: changeme
+vault_synapse_macaroon_secret_key: changeme
+vault_synapse_form_secret: changeme
+
+
# teddit
vault_teddit_reddit_app_id: changeme
+
# vaultwarden
vault_vaultwarden_admin_token: changeme # generate with `openssl rand -base64 48`
generated by cgit (git 2.34.1) at 2024-09-16 15:56:24 -0400