From f7f885c705d268131717240a0ea3a58843f58ae6 Mon Sep 17 00:00:00 2001
From: Nico Schottelius <nico@nico-notebook.schottelius.org>
Date: Fri, 23 Feb 2024 11:49:15 +0900
Subject: [PATCH] [refactor] make postgres parameters an option

---
 ansible/inventory/runa.yml                    | 26 +++++++++++++++++++
 ansible/playbook/service.yaml                 |  8 ------
 ansible/roles/synapse/tasks/main.yml          |  7 ++---
 .../synapse/templates/synapse/homeserver.yaml | 21 ++++++---------
 4 files changed, 36 insertions(+), 26 deletions(-)

diff --git a/ansible/inventory/runa.yml b/ansible/inventory/runa.yml
index 5e92b4d..8ee85e5 100644
--- a/ansible/inventory/runa.yml
+++ b/ansible/inventory/runa.yml
@@ -26,6 +26,8 @@ runa:
       elementweb: ""
       matrixdomain: ""
       logout_redirect_url: ""
+      turn_uris: []
+      turn_shared_secret: ""
   children:
     ank:
       hosts:
@@ -46,6 +48,20 @@ runa:
           elementweb: "element.corp-serv.net"
           matrixdomain: "corp-serv.net"
           logout_redirect_url: "https://idp.corp-serv.net/realms/MAT/protocol/openid-connect/logout"
+          turn_uris:
+            - turn:turn-1.corp-serv.net?transport=udp
+            - turn:turn-2.corp-serv.net?transport=udp
+            - turn:turn-1.corp-serv.net?transport=tcp
+            - turn:turn-2.corp-serv.net?transport=tcp
+            - turns:turn-1.corp-serv.net?transport=tcp
+            - turns:turn-2.corp-serv.net?transport=tcp
+            - turns:turn-1.corp-serv.net?transport=udp
+            - turns:turn-2.corp-serv.net?transport=udp
+          turn_shared_secret: ihaaCac6Oow3ohzuvequ6esoo9eegheex
+          postgres_user: matrix-synapse
+          postgres_password: "31913hkVN_L9b3i_0v1RX_ZJXx_AD564_MM_nz"
+          postgres_db: matrix-synapse-db
+          postgres_host: postgresql-mtx.lat.internal.ru.com
       hosts:
         mtx-elem-1.lat.internal.ru.com:
           matrix_service: "elementweb"
@@ -74,6 +90,16 @@ runa:
           elementweb: "element.lta.corp-serv.net"
           matrixdomain: "lta.corp-serv.net"
           logout_redirect_url: "FIXME"
+          turn_uris:
+            - turn:mtx-turn-1.lta.internal.ru.com?transport=udp
+            - turn:mtx-turn-1.lta.internal.ru.com?transport=tcp
+            - turns:mtx-turn-1.lta.internal.ru.com?transport=tcp
+            - turns:mtx-turn-1.lta.internal.ru.com?transport=udp
+          turn_shared_secret: "ushaHimahxi6eisaeV4Chu0quaeyeish"
+          postgres_user: matrix-synapseTBD
+          postgres_password: "TBD"
+          postgres_db: matrix-synapse-dbTBD
+          postgres_host: TBDpostgresql-mtx.lta.internal.ru.com
       hosts:
         mtx-mngm-1.lta.internal.ru.com:
           matrix_service: "synapse-admin"
diff --git a/ansible/playbook/service.yaml b/ansible/playbook/service.yaml
index dbdce16..5211b42 100644
--- a/ansible/playbook/service.yaml
+++ b/ansible/playbook/service.yaml
@@ -4,24 +4,16 @@
     - name: Add elementweb
       include_role:
         name: elementweb
-      tags:
-        - elementweb
       when: matrix_service == "elementweb"
     - name: Add synapse
       include_role:
         name: synapse
-      tags:
-        - synapse
       when: matrix_service == "synapse"
     - name: Add turn
       include_role:
         name: turn
-      tags:
-        - turn
       when: matrix_service == "turn"
     - name: Add synapse-admin
       include_role:
         name: synapse-admin
-      tags:
-        - synapse-admin
       when: matrix_service == "synapse-admin"
diff --git a/ansible/roles/synapse/tasks/main.yml b/ansible/roles/synapse/tasks/main.yml
index bcddb82..25bec05 100644
--- a/ansible/roles/synapse/tasks/main.yml
+++ b/ansible/roles/synapse/tasks/main.yml
@@ -36,16 +36,13 @@
 - name: Create homeserver configuration
   ansible.builtin.template:
     src: "synapse/homeserver.yaml"
-    dest: /home/{{ ansible_user }}/docker_compose/{{ matrix_service }}/config/synapse-worker-{{ item }}.yaml
+    dest: /home/{{ ansible_user }}/docker_compose/{{ matrix_service }}/config/homeserver.yaml
     owner: "{{ ansible_user }}"
     mode: '0644'
   tags:
     - log
     - synapse
-  loop:
-    - generic
-    - federation
-    - sync
+    - homeserver
 - name: Create worker configurations
   ansible.builtin.template:
     src: "synapse/synapse-worker.yaml"
diff --git a/ansible/roles/synapse/templates/synapse/homeserver.yaml b/ansible/roles/synapse/templates/synapse/homeserver.yaml
index d7dc9f2..6450c85 100755
--- a/ansible/roles/synapse/templates/synapse/homeserver.yaml
+++ b/ansible/roles/synapse/templates/synapse/homeserver.yaml
@@ -806,10 +806,10 @@ caches:
 database:
  name: psycopg2
  args:
-   user: matrix-synapse
-   password: "31913hkVN_L9b3i_0v1RX_ZJXx_AD564_MM_nz"
-   database: matrix-synapse-db
-   host: postgresql-mtx.lat.internal.ru.com
+   user: {{ matrix.postgres_user }}
+   password: "{{ matrix.postgres_password }}"
+   database: {{ matrix.postgres_db }}
+   host:  {{ matrix.postgres_host }}
    port: 5432
    cp_min: 5
    cp_max: 10
@@ -1189,18 +1189,13 @@ url_preview_accept_language:
 # The public URIs of the TURN server to give to clients
 #
 turn_uris:
-  - turn:turn-1.corp-serv.net?transport=udp
-  - turn:turn-2.corp-serv.net?transport=udp
-  - turn:turn-1.corp-serv.net?transport=tcp
-  - turn:turn-2.corp-serv.net?transport=tcp
-  - turns:turn-1.corp-serv.net?transport=tcp
-  - turns:turn-2.corp-serv.net?transport=tcp
-  - turns:turn-1.corp-serv.net?transport=udp
-  - turns:turn-2.corp-serv.net?transport=udp
+{% for uri in matrix.turn_uris %}
+  - {{ uri }}
+{% endfor %}]
 
 # The shared secret used to compute passwords for the TURN server
 #
-turn_shared_secret: "ihaaCac6Oow3ohzuvequ6esoo9eegheex"
+turn_shared_secret: "{{ matrix.turn_shared_secret }}"
 
 # The Username and password if the TURN server needs them and
 # does not use a token