update for snyapse admin

ansible/roles/synapse-admin/files/basedir/.env

@@ -1,4 +1,4 @@
-SYNAPSE_VERSION=v1.96.1
+SYNAPSE_ADMIN_VERSION=0.8.7
 NGINX_VERSION=1.25.3-alpine
 
 SYNAPSE_SERVER_NAME=corp-serv.net

ansible/roles/synapse-admin/files/basedir/config/log-worker-federation.yaml

@@ -1,42 +0,0 @@
-version: 1
-
-formatters:
-  fmt:
-    format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'
-
-filters:
-  context:
-    (): synapse.logging.context.LoggingContextFilter
-    request: ""
-
-handlers:
-  console:
-    class: logging.StreamHandler
-    formatter: fmt
-    filters: [context]
-  file:
-    class: logging.handlers.TimedRotatingFileHandler
-    formatter: fmt
-    filename: /logs/worker-federation.log
-    when: midnight
-    backupCount: 3
-    encoding: utf8
-
-root:
-  level: INFO
-  handlers:
-    - console
-    - file
-
-loggers:
-  synapse:
-    level: INFO
-
-  synapse.storage.SQL:
-    level: INFO
-
-  ldap3:
-    level: INFO
-
-  ldap_auth_provider:
-    level: INFO

ansible/roles/synapse-admin/files/basedir/config/log-worker-generic.yaml

@@ -1,42 +0,0 @@
-version: 1
-
-formatters:
-  fmt:
-    format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'
-
-filters:
-  context:
-    (): synapse.logging.context.LoggingContextFilter
-    request: ""
-
-handlers:
-  console:
-    class: logging.StreamHandler
-    formatter: fmt
-    filters: [context]
-  file:
-    class: logging.handlers.TimedRotatingFileHandler
-    formatter: fmt
-    filename: /logs/worker-generic.log
-    when: midnight
-    backupCount: 3
-    encoding: utf8
-
-root:
-  level: INFO
-  handlers:
-    - console
-    - file
-
-loggers:
-  synapse:
-    level: INFO
-
-  synapse.storage.SQL:
-    level: INFO
-
-  ldap3:
-    level: INFO
-
-  ldap_auth_provider:
-    level: INFO

ansible/roles/synapse-admin/files/basedir/config/log-worker-sync.yaml

@@ -1,42 +0,0 @@
-version: 1
-
-formatters:
-  fmt:
-    format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'
-
-filters:
-  context:
-    (): synapse.logging.context.LoggingContextFilter
-    request: ""
-
-handlers:
-  console:
-    class: logging.StreamHandler
-    formatter: fmt
-    filters: [context]
-  file:
-    class: logging.handlers.TimedRotatingFileHandler
-    formatter: fmt
-    filename: /logs/worker-sync.log
-    when: midnight
-    backupCount: 3
-    encoding: utf8
-
-root:
-  level: INFO
-  handlers:
-    - console
-    - file
-
-loggers:
-  synapse:
-    level: INFO
-
-  synapse.storage.SQL:
-    level: INFO
-
-  ldap3:
-    level: INFO
-
-  ldap_auth_provider:
-    level: INFO

ansible/roles/synapse-admin/files/basedir/config/log.yaml

@@ -1,42 +0,0 @@
-version: 1
-
-formatters:
-  fmt:
-    format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'
-
-filters:
-  context:
-    (): synapse.logging.context.LoggingContextFilter
-    request: ""
-
-handlers:
-  console:
-    class: logging.StreamHandler
-    formatter: fmt
-    filters: [context]
-  file:
-    class: logging.handlers.TimedRotatingFileHandler
-    formatter: fmt
-    filename: /logs/homeserver.log
-    when: midnight
-    backupCount: 3
-    encoding: utf8
-
-root:
-  level: INFO
-  handlers:
-    - console
-    - file
-
-loggers:
-  synapse:
-    level: INFO
-
-  synapse.storage.SQL:
-    level: INFO
-
-  ldap3:
-    level: INFO
-
-  ldap_auth_provider:
-    level: INFO

ansible/roles/synapse-admin/files/basedir/config/synapse-worker-federation.yaml

@@ -1,20 +0,0 @@
-worker_app: synapse.app.generic_worker
-worker_name: synapse-worker-federation
-
-worker_log_config: /config/log-worker-federation.yaml
-
-worker_listeners:
-  - type: http
-    port: 8008
-    x_forwarded: true
-    resources:
-      - names:
-          - client
-          - federation
-  - port: 9000
-    type: metrics
-    tls: false
-    x_forwarded: true
-    resources:
-     - names: [metrics]
-       compress: false

ansible/roles/synapse-admin/files/basedir/config/synapse-worker-generic.yaml

@@ -1,20 +0,0 @@
-worker_app: synapse.app.generic_worker
-worker_name: synapse-worker-generic
-
-worker_log_config: /config/log-worker-generic.yaml
-
-worker_listeners:
-  - port: 8008
-    type: http
-    tls: false
-    x_forwarded: true
-    resources:
-      - names: [client, federation]
-        compress: false
-  - port: 9000
-    type: metrics
-    tls: false
-    x_forwarded: true
-    resources:
-     - names: [metrics]
-       compress: false

ansible/roles/synapse-admin/files/basedir/config/synapse-worker-sync.yaml

@@ -1,20 +0,0 @@
-worker_app: synapse.app.generic_worker
-worker_name: synapse-worker-sync
-
-worker_log_config: /config/log-worker-sync.yaml
-
-worker_listeners:
-  - type: http
-    port: 8008
-    x_forwarded: true
-    resources:
-      - names:
-          - client
-          - federation
-  - port: 9000
-    type: metrics
-    tls: false
-    x_forwarded: true
-    resources:
-     - names: [metrics]
-       compress: false

ansible/roles/synapse-admin/files/basedir/docker-compose.yaml

@@ -1,16 +1,12 @@
 version: '3'
 services:
   synapse-admin:
-    image: matrixdotorg/synapse:${SYNAPSE_VERSION}
+    image: awesometechnologies/synapse-admin:{{ .Chart.AppVersion }}:${SYNAPSE_ADMIN_VERSION}
     volumes:
       - /mnt/synapse_data:/data
       - ./config:/config
-      - /mnt/logs/synapse:/logs
-    command:
-      - run
-      - --config-path=/config/homeserver.yaml
-    restart: always
-    container_name: synapse-main
+    restart: unless-stopped
+    container_name: synapse-admin
 
   nginx:
     image: nginx:${NGINX_VERSION}

ansible/roles/synapse-admin/files/basedir/www/index.html

@@ -1 +0,0 @@
-Test for Synapse

ansible/roles/synapse-admin/templates/nginx/synapse-admin.conf

@@ -0,0 +1,30 @@
+server {
+
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    ssl_certificate      /ssl/chain.crt;
+    ssl_certificate_key  /ssl/certificate.keyplain;
+
+    client_max_body_size 25m;
+
+    access_log /var/log/nginx/synapse-access-{{ inventory_hostname }}.log main;
+    access_log /var/log/nginx/access-{{ inventory_hostname }}.log main;
+    error_log /var/log/nginx/synapse-error-{{ inventory_hostname }}.log notice;
+    error_log /var/log/nginx/error-{{ inventory_hostname }}.log notice;
+
+    error_page 403 404 /403_404.html;
+    location = /403_404.html {
+	    default_type application/json;
+	    return 200 'You are not authorized to access this page.';
+    }
+
+    # All other matrix/synapse requests go to main
+    location / {
+      proxy_set_header X-Forwarded-For $remote_addr;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header Host $http_host;
+
+      proxy_pass http://synapse-admin;
+    }
+}

ansible/roles/synapse-admin/templates/nginx/synapse.conf

@@ -1,122 +0,0 @@
-server {
-
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
-
-    ssl_certificate      /ssl/chain.crt;
-    ssl_certificate_key  /ssl/certificate.keyplain;
-
-    client_max_body_size 25m;
-
-    access_log /var/log/nginx/synapse-access-{{ inventory_hostname }}.log main;
-    access_log /var/log/nginx/access-{{ inventory_hostname }}.log main;
-    error_log /var/log/nginx/synapse-error-{{ inventory_hostname }}.log notice;
-    error_log /var/log/nginx/error-{{ inventory_hostname }}.log notice;
-
-
-    error_page 403 404 /403_404.html;
-    location = /403_404.html {
-	    default_type application/json;
-	    return 200 'You are not authorized to access this page.';
-    }
-
-    location / {
-        root /www;
-    }
-
-    # Sync requests
-    location ~ ^/_matrix/client/(r0|v3)/sync$|^/_matrix/client/(api/v1|r0|v3)/events$|^/_matrix/client/(api/v1|r0|v3)/initialSync$|^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$ {
-      proxy_set_header X-Forwarded-For $remote_addr;
-      proxy_set_header X-Forwarded-Proto $scheme;
-      proxy_set_header Host $http_host;
-      proxy_pass http://synapse-worker-sync:8008;
-    }
-
-    # Federation requests
-    location ~ ^/_matrix/federation/v1/event/|^/_matrix/federation/v1/state/|^/_matrix/federation/v1/state_ids/|^/_matrix/federation/v1/backfill/|^/_matrix/federation/v1/get_missing_events/|^/_matrix/federation/v1/publicRooms|^/_matrix/federation/v1/query/|^/_matrix/federation/v1/make_join/|^/_matrix/federation/v1/make_leave/|^/_matrix/federation/(v1|v2)/send_join/|^/_matrix/federation/(v1|v2)/send_leave/|^/_matrix/federation/(v1|v2)/invite/|^/_matrix/federation/v1/event_auth/|^/_matrix/federation/v1/timestamp_to_event/|^/_matrix/federation/v1/exchange_third_party_invite/|^/_matrix/federation/v1/user/devices/|^/_matrix/key/v2/query|^/_matrix/federation/v1/hierarchy/|^/_matrix/federation/v1/send/ {
-
-      proxy_set_header X-Forwarded-For $remote_addr;
-      proxy_set_header X-Forwarded-Proto $scheme;
-      proxy_set_header Host $http_host;
-      proxy_pass http://synapse-worker-federation:8008;
-
-    }
-
-    # Client requests
-    location ~ ^/_matrix/client/(api/v1|r0|unstable)/publicRooms$|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/joined_members$|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/context/.*$|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/members$|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state$|^/_matrix/client/(api/v1|r0|unstable)/account/3pid$|^/_matrix/client/(api/v1|r0|unstable)/devices$|^/_matrix/client/(api/v1|r0|unstable)/keys/query$|^/_matrix/client/(api/v1|r0|unstable)/keys/changes$|^/_matrix/client/versions$|^/_matrix/client/(api/v1|r0|unstable)/voip/turnServer$|^/_matrix/client/(api/v1|r0|unstable)/joined_groups$|^/_matrix/client/(api/v1|r0|unstable)/publicised_groups$|^/_matrix/client/(api/v1|r0|unstable)/publicised_groups/|^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/event/|^/_matrix/client/(api/v1|r0|unstable)/joined_rooms$|^/_matrix/client/(api/v1|r0|unstable)/search$ {
-      proxy_set_header X-Forwarded-For $remote_addr;
-      proxy_set_header X-Forwarded-Proto $scheme;
-      proxy_set_header Host $http_host;
-      proxy_pass http://synapse-worker-generic:8008;
-   }
-
-    # Metrics to master
-    location ~ /_synapse/metrics {
-      proxy_set_header X-Forwarded-For $remote_addr;
-      proxy_set_header X-Forwarded-Proto $scheme;
-      proxy_set_header Host $http_host;
-      proxy_pass http://synapse-main:9000;
-
-      allow 10.161.228.115;
-      allow 10.161.228.116;
-      allow 10.161.228.117;
-      allow 10.161.228.118;
-      allow 10.161.228.119;
-      deny all;
-    }
-
-    # Metrics to worker-generic
-    location ~ /synapse-worker-generic/metrics {
-      proxy_set_header X-Forwarded-For $remote_addr;
-      proxy_set_header X-Forwarded-Proto $scheme;
-      proxy_set_header Host $http_host;
-      proxy_pass http://synapse-worker-generic:9000;
-
-      allow 10.161.228.115;
-      allow 10.161.228.116;
-      allow 10.161.228.117;
-      allow 10.161.228.118;
-      allow 10.161.228.119;
-      deny all;
-    }
-
-    # Metrics to worker-sync
-    location ~ /synapse-worker-sync/metrics {
-      proxy_set_header X-Forwarded-For $remote_addr;
-      proxy_set_header X-Forwarded-Proto $scheme;
-      proxy_set_header Host $http_host;
-      proxy_pass http://synapse-worker-sync:9000;
-
-      allow 10.161.228.115;
-      allow 10.161.228.116;
-      allow 10.161.228.117;
-      allow 10.161.228.118;
-      allow 10.161.228.119;
-      deny all;
-    }
-
-    # Metrics to worker-federation
-    location ~ /synapse-worker-federation/metrics {
-      proxy_set_header X-Forwarded-For $remote_addr;
-      proxy_set_header X-Forwarded-Proto $scheme;
-      proxy_set_header Host $http_host;
-      proxy_pass http://synapse-worker-federation:9000;
-
-      allow 10.161.228.115;
-      allow 10.161.228.116;
-      allow 10.161.228.117;
-      allow 10.161.228.118;
-      allow 10.161.228.119;
-      deny all;
-    }
-
-
-    # All other matrix/synapse requests go to main
-    location ~ /_matrix|/_synapse {
-      proxy_set_header X-Forwarded-For $remote_addr;
-      proxy_set_header X-Forwarded-Proto $scheme;
-      proxy_set_header Host $http_host;
-
-      proxy_pass http://synapse-main:8008;
-    }
-}