Finish confs

roles/matrix/files/nginx/matrix.conf

@@ -0,0 +1,17 @@
+server {
+  listen         80 default_server;
+  server_name    matrix.mrdev023.fr;
+
+ # Traefik -> nginx -> synapse
+ location /_matrix {
+    proxy_pass http://synapse:8008;
+    proxy_set_header X-Forwarded-For $remote_addr;
+    client_max_body_size 128m;
+  }
+
+  location /.well-known/matrix/ {
+    root /var/www/;
+    default_type application/json;
+    add_header Access-Control-Allow-Origin  *;
+  }
+}

roles/matrix/files/nginx/www/.well-known/matrix/client

@@ -0,0 +1,5 @@
+{
+  "m.homeserver": {
+    "base_url": "https://matrix.mrdev023.fr"
+  }
+}

roles/matrix/files/nginx/www/.well-known/matrix/server

@@ -0,0 +1,3 @@
+{
+  "m.server": "matrix.mrdev023.fr:443"
+}

roles/matrix/tasks/base.yml

@@ -0,0 +1,39 @@
+---
+
+- name: Check matrix directory exist
+  ansible.builtin.file:
+    path: matrix
+    state: directory
+
+- name: Copy matrix conf
+  ansible.builtin.copy:
+    backup: true
+    src: .
+    dest: matrix/
+  register: matrix_copy_files_results
+
+- name: Copy template conf
+  ansible.builtin.template:
+    backup: true
+    src: "{{ item.src }}"
+    dest: "matrix/{{ item.dest }}"
+  loop:
+    - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' }
+  register: matrix_copy_templates_results
+
+- name: Force update and restart container
+  community.docker.docker_compose:
+    project_src: matrix
+    state: present
+    pull: true
+    restarted: true
+  when: matrix_copy_files_results.changed or matrix_copy_templates_results.changed
+  become: true
+
+- name: Update or start container
+  community.docker.docker_compose:
+    project_src: matrix
+    state: present
+    pull: true
+  when: not matrix_copy_files_results.changed and not matrix_copy_templates_results.changed
+  become: true

roles/matrix/tasks/main.yml

@@ -0,0 +1,4 @@
+---
+
+- ansible.builtin.import_tasks: base.yml
+  name: base

roles/matrix/templates/docker-compose.yml.j2

@@ -0,0 +1,66 @@
+version: '3'
+
+services:
+  postgres:
+    image: postgres:latest
+    restart: unless-stopped
+    networks:
+      - internal
+    volumes:
+      - db:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_DB=synapse
+      - POSTGRES_USER=synapse
+      - POSTGRES_PASSWORD=WRyu2kuArNjRxojstqpg7EfcoUP9zoka
+      - POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C
+     
+  synapse:
+    image: matrixdotorg/synapse:latest
+    restart: unless-stopped
+    ports:
+      - 8448:8448
+    networks:
+      - internal
+      - proxy
+    volumes:
+      - matrix:/data
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.matrix-secure.entrypoints=https"
+      - "traefik.http.routers.matrix-secure.rule=Host(`matrix.{{ server.domain }}`)"
+      - "traefik.http.routers.matrix-secure.tls=true"
+      - "traefik.http.routers.matrix-secure.tls.certresolver=sslResolver"
+      - "traefik.port=8008"
+      - "traefik.docker.network=proxy"
+
+  well-kwown:
+    image: nginx:latest
+    restart: unless-stopped
+    networks:
+      - internal
+      - proxy
+    volumes:
+      - ./nginx/matrix.conf:/etc/nginx/conf.d/matrix.conf
+      - ./nginx/www:/var/www/
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.middlewares.cors-headers.headers.accessControlAllowOriginList=*"
+      - "traefik.http.middlewares.cors-headers.headers.accessControlAllowHeaders=Origin, X-Requested-With, Content-Type, Accept, Authorization"
+      - "traefik.http.middlewares.cors-headers.headers.accessControlAllowMethods=GET, POST, PUT, DELETE, OPTIONS"
+      - "traefik.http.routers.matrix-wellknown.rule=Host(`matrix.{{ server.domain }}`) && PathPrefix(`/.well-known/matrix`)"
+      - "traefik.http.routers.matrix-wellknown.tls=true"
+      - "traefik.http.routers.matrix-wellknown.tls.certresolver=sslResolver"
+      - "traefik.http.routers.matrix-wellknown.middlewares=cors-headers@docker"
+      - "traefik.docker.network=proxy"
+        
+
+volumes:
+  db:
+  web:
+  matrix:
+
+networks:
+  internal:
+  proxy:
+    external: true
+