updated for 2023

This commit is contained in:
Midov 2023-05-14 13:13:49 +02:00
parent 5bda5ad095
commit ecbd69a16a
37 changed files with 978 additions and 2071 deletions

View File

@ -1,91 +0,0 @@
# workers
- name: create workers dir
file:
path: /etc/synapse/workers
state: directory
- name: copy worker logs
copy:
src: files/worker_log_config.yaml
dest: /etc/synapse/workers
notify: restartsynapse
- name: copy client0
copy:
src: files/client0.yaml
dest: /etc/synapse/workers
notify: restartsynapse
- name: copy client1
copy:
src: files/client1.yaml
dest: /etc/synapse/workers
notify: restartsynapse
- name: copy client2
copy:
src: files/client2.yaml
dest: /etc/synapse/workers
notify: restartsynapse
- name: copy worker0
copy:
src: files/worker0.yaml
dest: /etc/synapse/workers
notify: restartsynapse
- name: copy worker4
copy:
src: files/worker4.yaml
dest: /etc/synapse/workers
notify: restartsynapse
- name: copy worker5
copy:
src: files/worker5.yaml
dest: /etc/synapse/workers
notify: restartsynapse
- name: copy worker6
copy:
src: files/worker6.yaml
dest: /etc/synapse/workers
notify: restartsynapse
- name: copy receiver0
copy:
src: files/receiver0.yaml
dest: /etc/synapse/workers
notify: restartsynapse
- name: copy receiver1
copy:
src: files/receiver1.yaml
dest: /etc/synapse/workers
notify: restartsynapse
- name: copy receiver2
copy:
src: files/receiver2.yaml
dest: /etc/synapse/workers
notify: restartsynapse
- name: copy receiver3
copy:
src: files/receiver3.yaml
dest: /etc/synapse/workers
notify: restartsynapse
- name: copy receiver4
copy:
src: files/receiver4.yaml
dest: /etc/synapse/workers
notify: restartsynapse
- name: copy persister0
copy:
src: files/persister0.yaml
dest: /etc/synapse/workers
notify: restartsynapse
- name: copy persister1
copy:
src: files/persister1.yaml
dest: /etc/synapse/workers
notify: restartsynapse
- name: copy persister2
copy:
src: files/persister2.yaml
dest: /etc/synapse/workers
notify: restartsynapse

View File

@ -1,73 +0,0 @@
### CLIENT WORKERS
#sync worker
- name: ensure client0 is enabled
systemd:
name: matrix-synapse-worker@client0.service
enabled: yes
#clientapi
- name: ensure client1 is enabled
systemd:
name: matrix-synapse-worker@client1.service
enabled: yes
#eventsender
- name: ensure client2 is enabled
systemd:
name: matrix-synapse-worker@client2.service
enabled: yes
### inne
# user_dir
- name: ensure worker0 is enabled
systemd:
name: matrix-synapse-worker@worker0.service
enabled: yes
#federationrequests
- name: ensure worker4 is enabled
systemd:
name: matrix-synapse-worker@worker4.service
enabled: yes
#federationsender
- name: ensure worker5 is enabled
systemd:
name: matrix-synapse-worker@worker5.service
enabled: yes
#mediarepo
- name: ensure worker6 is enabled
systemd:
name: matrix-synapse-worker@worker6.service
enabled: yes
# federationreceiver
- name: ensure receiver0 is enabled
systemd:
name: matrix-synapse-worker@receiver0.service
enabled: yes
- name: ensure receiver1 is enabled
systemd:
name: matrix-synapse-worker@receiver1.service
enabled: yes
- name: ensure receiver2 is enabled
systemd:
name: matrix-synapse-worker@receiver2.service
enabled: yes
- name: ensure receiver3 is enabled
systemd:
name: matrix-synapse-worker@receiver3.service
enabled: yes
- name: ensure receiver4 is enabled
systemd:
name: matrix-synapse-worker@receiver4.service
enabled: yes
# persister
- name: ensure persister0 is enabled
systemd:
name: matrix-synapse-worker@persister0.service
enabled: yes
- name: ensure persister1 is enabled
systemd:
name: matrix-synapse-worker@persister1.service
enabled: yes
- name: ensure persister2 is enabled
systemd:
name: matrix-synapse-worker@persister2.service
enabled: yes

50
files/check_systemd Executable file
View File

@ -0,0 +1,50 @@
#!/bin/bash
# Copyright © 2016, 2017 Mohamed El Morabity <melmorabity@fedoraproject.com>
#
# This module is free software: you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free Software
# Foundation, either version 3 of the License, or (at your option) any later
# version.
#
# This software is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# this program. If not, see <http://www.gnu.org/licenses/>.
PLUGINDIR=$(dirname $0)
. $PLUGINDIR/utils.sh
if [[ $# -ne 1 ]]; then
echo "Usage: ${0##*/} <service name>"
exit $STATE_UNKNOWN
fi
service=$1
status=$(systemctl is-enabled $service 2>/dev/null)
r=$?
if [[ -z "$status" ]]; then
echo "ERROR: service $service doesn't exist"
exit $STATE_CRITICAL
fi
if [[ $r -ne 0 ]]; then
echo "ERROR: service $service is $status"
exit $STATE_CRITICAL
fi
systemctl --quiet is-active $service
if [[ $? -ne 0 ]]; then
echo "ERROR: service $service is not running"
exit $STATE_CRITICAL
fi
echo "OK: service $service is running"
exit $STATE_OK

View File

@ -1,16 +0,0 @@
id: 07812359248975221ec900bb57181480aedda8d1e28e169bdf23fe07403187e1
hs_token: 392ec5cf5a2ffcb34bb439babc6908a3c511b76d3913b1434e19fb7b6ea032d6
as_token: daa0ec403531bbf3e10b7986f0e50d3b89ddf5893a4e3c9953d8b732d14cd723
namespaces:
users:
- exclusive: true
regex: '@_discord_.*'
aliases:
- exclusive: true
regex: '#_discord_.*'
rooms: []
url: 'http://moka.midov.pl:9005'
sender_localpart: _discord_bot
rate_limited: false
protocols:
- discord

File diff suppressed because it is too large Load Diff

129
files/homeserver.yaml.j2 Normal file
View File

@ -0,0 +1,129 @@
no_tls: True
server_name: "{{ matrix_server_name }}"
use_presence: true
listeners:
- port: 9093
bind_address: '127.0.0.1'
type: http
resources:
- names: [replication]
- port: 8008
tls: false
bind_addresses: ['0.0.0.0']
type: http
x_forwarded: true
resources:
- names: [client, federation]
compress: false
database:
name: "psycopg2"
args:
user: "{{ postgres_user }}"
password: "{{ postgres_user_password }}"
database: "{{ postgres_database }}"
host: "{{ postgres_host }}"
cp_min: 5
cp_max: 10
log_config: "/etc/synapse/{{ matrix_server_name }}.log.config"
rc_joins:
local:
per_second: 0.2
bust_count: 10
remote:
per_second: 0.001
burst_count: 6
rc_federation:
window_size: 1000
sleep_limit: 100
sleep_delay: 100
reject_limit: 350
concurrent: 50
media_store_path: "/var/lib/synapse/media_store"
uploads_path: "/var/lib/synapse/uploads"
max_upload_size: "30M"
max_image_pixels: "32M"
url_preview_enabled: false
turn_uris: [ {{ turn_uris }} ]
turn_shared_secret: {{ turn_password }}
turn_user_lifetime: 86400000
enable_registration: False
registration_shared_secret: "{{ registration_secret }}"
allow_guest_access: False
default_identity_server: https://{{ matrix_server_name }}
trusted_third_party_id_servers:
- {{ matrix_server_name }}
auto_join_rooms:
- "#public:{{ matrix_server_name }}"
enable_metrics: True
report_stats: true
app_service_config_files:
- "/etc/synapse/appservice-registration-irc.yaml"
- "/etc/synapse/steamregistration.yaml"
macaroon_secret_key: "{{ macaroon_secret }}"
form_secret: "{{ form_secret }}"
signing_key_path: "/etc/synapse/{{ matrix_server_name }}.signing.key"
email:
enable_notifs: true
smtp_host: "midomail.midov.pl"
smtp_port: 587
require_transport_security: True
notif_from: "ENLARGE YOUR PENIS TODAY <notify@midov.pl>"
app_name: Matrix
riot_base_url: "https://midov.pl/matrix"
password_providers:
- module: "rest_auth_provider.RestAuthProvider"
config:
endpoint: "http://shinobu.midov.pl:8090"
enable_group_creation: true
suppress_key_server_warning: true
allow_public_rooms_without_auth: true
allow_public_rooms_over_federation: true
allow_profile_lookup_over_federation: true
allow_device_name_lookup_over_federation: true
worker_replication_secret: "{{ worker_secret }}"
redis:
enabled: true
send_federation: False
enable_media_repo: False
update_user_directory: True
instance_map:
persister0:
host: 127.0.0.1
port: 8030
persister1:
host: 127.0.0.1
port: 8031
persister2:
host: 127.0.0.1
port: 8032
stream_writers:
events:
- persister0
- persister1
- persister2

View File

@ -1,15 +1,10 @@
# user_dir
location ~ ^/_matrix/client/(api/v1|r0|unstable)/user_directory/search$ {
proxy_pass http://userdir;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
# mediarepo worker
location ~ /_matrix/media/ {
proxy_pass http://mediarepo;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
access_log off;
#access_log /var/log/nginx/matrix/media.log;
proxy_http_version 1.1;
}
location ~ ^/_synapse/admin/v1/purge_media_cache$ {
@ -42,6 +37,12 @@
proxy_set_header Connection "";
proxy_http_version 1.1;
}
location ~ ^/_synapse/admin/v1/users/.*/media$ {
proxy_pass http://mediarepo;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
# federationrequests worker
location ~ ^/_matrix/federation/v1/event/ {
@ -164,34 +165,40 @@
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
access_log off;
#access_log /var/log/nginx/matrix/sendacces.log;
}
# sync worker
location ~ ^/_matrix/client/(v2_alpha|r0)/sync$ {
location ~ ^/_matrix/client/(v2_alpha|r0|v3)/sync$ {
proxy_pass http://synchrotron;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
limit_req zone=synchro burst=1200 nodelay;
}
location ~ ^/_matrix/client/(api/v1|v2_alpha|r0)/events$ {
location ~ ^/_matrix/client/(api/v1|v2_alpha|r0|v3)/events$ {
proxy_pass http://synchrotron;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
limit_req zone=synchro burst=1200 nodelay;
}
location ~ ^/_matrix/client/(api/v1|r0)/initialSync$ {
location ~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$ {
proxy_pass http://synchrotron;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
limit_req zone=synchro burst=1200 nodelay;
}
location ~ ^/_matrix/client/(api/v1|r0)/rooms/[^/]+/initialSync$ {
location ~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$ {
proxy_pass http://synchrotron;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
limit_req zone=synchro burst=1200 nodelay;
}
@ -204,91 +211,129 @@
proxy_http_version 1.1;
}
location ~ ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/joined_members$ {
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$ {
# ratelimiting robieniapokoi
limit_req zone=roomcreate burst=50 nodelay;
proxy_pass http://clientapi;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
location ~ ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/context/.*$ {
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$ {
proxy_pass http://clientapi;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
location ~ ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/members$ {
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$ {
proxy_pass http://clientapi;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
location ~ ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state$ {
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$ {
proxy_pass http://clientapi;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
location ~ ^/_matrix/client/(api/v1|r0|unstable)/account/3pid$ {
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$ {
proxy_pass http://clientapi;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
location ~ ^/_matrix/client/(api/v1|r0|unstable)/keys/query$ {
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$ {
proxy_pass http://clientapi;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
location ~ ^/_matrix/client/(api/v1|r0|unstable)/keys/changes$ {
location ~ ^/_matrix/client/unstable/org.matrix.msc2946/rooms/.*/spaces$ {
proxy_pass http://clientapi;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
location ~ ^/_matrix/client/unstable/org.matrix.msc2946/rooms/.*/hierarchy$ {
proxy_pass http://clientapi;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
location ~ ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$ {
proxy_pass http://clientapi;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/account/3pid$ {
proxy_pass http://clientapi;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/devices$ {
proxy_pass http://clientapi;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/query$ {
proxy_pass http://clientapi;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/changes$ {
proxy_pass http://clientapi;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
location ~ ^/_matrix/client/versions$ {
proxy_pass http://clientapi;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
location ~ ^/_matrix/client/(api/v1|r0|unstable)/voip/turnServer$ {
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$ {
proxy_pass http://clientapi;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
location ~ ^/_matrix/client/(api/v1|r0|unstable)/joined_groups$ {
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_groups$ {
proxy_pass http://clientapi;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
location ~ ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups$ {
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicised_groups$ {
proxy_pass http://clientapi;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
location ~ ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups$ {
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicised_groups/ {
proxy_pass http://clientapi;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
location ~ ^/_matrix/client/(api/v1|r0|unstable)/publicised_groups/ {
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/ {
proxy_pass http://clientapi;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$ {
proxy_pass http://clientapi;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/search$ {
proxy_pass http://clientapi;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
@ -296,70 +341,102 @@
}
#eventsend worker
location ~ ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/send {
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact {
proxy_pass http://eventsend;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send {
proxy_pass http://eventsend;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/ {
proxy_pass http://eventsend;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/ {
proxy_pass http://eventsend;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$ {
# login invitow
access_log off;
# access_log /var/log/nginx/matrixinvite/access.log;
# ratelimiting invitow
limit_req zone=invite burst=60 nodelay;
proxy_pass http://eventsend;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/join/ {
proxy_pass http://eventsend;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/ {
proxy_pass http://eventsend;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
location ~ ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/state/ {
proxy_pass http://eventsend;
# frontendproxy worker
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/upload {
proxy_pass http://frontendproxy;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
location ~ ^/_matrix/client/(api/v1|r0|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$ {
proxy_pass http://eventsend;
location ~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/[^/]+/status {
proxy_pass http://frontendproxy;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
location ~ ^/_matrix/client/(api/v1|r0|unstable)/join/ {
proxy_pass http://eventsend;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
location ~ ^/_matrix/client/(api/v1|r0|unstable)/profile/ {
proxy_pass http://eventsend;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
##### KONIEC WORKEROW ######
# logi registracji
location /_matrix/client/r0/register {
access_log /tmp/register.log;
error_log /var/log/nginx/matrixregister/error.log;
proxy_pass http://matrix_backend/_matrix/client/r0/register;
#proxy_pass http://1.2.3.4/_matrix/client/r0/register;
proxy_set_header X-Forwarded-For $remote_addr;
}
### registration is off now
#location /_matrix/client/r0/register {
# # ratelimiting rejestracji
# limit_req zone=register burst=60 nodelay;
# # logi registracji
# access_log /var/log/nginx/matrixregister/access.log;
# proxy_pass http://matrix_backend/_matrix/client/r0/register;
# proxy_set_header X-Forwarded-For $remote_addr;
#}
### registration is off now
# mxisd ldap
location /_matrix/client/r0/user_directory {
access_log /var/log/nginx/shinobu/access.log;
error_log /var/log/nginx/shinobu/error.log;
proxy_pass http://shinobu.midov.pl:8090/_matrix/client/r0/user_directory;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
# mxisd base
location /_matrix/identity {
access_log /var/log/nginx/shinobu/access.log;
error_log /var/log/nginx/shinobu/error.log;
proxy_pass http://shinobu.midov.pl:8090/_matrix/identity;
proxy_set_header X-Forwarded-For $remote_addr;
}
# matrix we wlasnej osobie
location /_matrix {
access_log off;
#access_log /var/log/nginx/matrix/synapse_access.log;
proxy_pass http://matrix_backend;
proxy_set_header X-Forwarded-For $remote_addr;
}

362
files/nrpe.cfg Normal file
View File

@ -0,0 +1,362 @@
#############################################################################
#
# Sample NRPE Config File
#
# Notes:
#
# This is a sample configuration file for the NRPE daemon. It needs to be
# located on the remote host that is running the NRPE daemon, not the host
# from which the check_nrpe client is being executed.
#
#############################################################################
# LOG FACILITY
# The syslog facility that should be used for logging purposes.
log_facility=daemon
# LOG FILE
# If a log file is specified in this option, nrpe will write to
# that file instead of using syslog.
#log_file=/usr/var/nrpe.log
# DEBUGGING OPTION
# This option determines whether or not debugging messages are logged to the
# syslog facility.
# Values: 0=debugging off, 1=debugging on
debug=0
# PID FILE
# The name of the file in which the NRPE daemon should write it's process ID
# number. The file is only written if the NRPE daemon is started by the root
# user and is running in standalone mode.
pid_file=/run/nrpe/nrpe.pid
# PORT NUMBER
# Port number we should wait for connections on.
# NOTE: This must be a non-privileged port (i.e. > 1024).
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
server_port=5666
# SERVER ADDRESS
# Address that nrpe should bind to in case there are more than one interface
# and you do not want nrpe to bind on all interfaces.
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
#server_address=127.0.0.1
# LISTEN QUEUE SIZE
# Listen queue size (backlog) for serving incoming connections.
# You may want to increase this value under high load.
#listen_queue_size=5
# NRPE USER
# This determines the effective user that the NRPE daemon should run as.
# You can either supply a username or a UID.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
nrpe_user=nrpe
# NRPE GROUP
# This determines the effective group that the NRPE daemon should run as.
# You can either supply a group name or a GID.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
nrpe_group=nrpe
# ALLOWED HOST ADDRESSES
# This is an optional comma-delimited list of IP address or hostnames
# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask
# (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently
# supported.
#
# Note: The daemon only does rudimentary checking of the client's IP
# address. I would highly recommend adding entries in your /etc/hosts.allow
# file to allow only the specified host to connect to the port
# you are running this daemon on.
#
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
allowed_hosts=rize.midov.pl
# COMMAND ARGUMENT PROCESSING
# This option determines whether or not the NRPE daemon will allow clients
# to specify arguments to commands that are executed. This option only works
# if the daemon was configured with the --enable-command-args configure script
# option.
#
# *** ENABLING THIS OPTION IS A SECURITY RISK! ***
# Read the SECURITY file for information on some of the security implications
# of enabling this variable.
#
# Values: 0=do not allow arguments, 1=allow command arguments
dont_blame_nrpe=0
# BASH COMMAND SUBSTITUTION
# This option determines whether or not the NRPE daemon will allow clients
# to specify arguments that contain bash command substitutions of the form
# $(...). This option only works if the daemon was configured with both
# the --enable-command-args and --enable-bash-command-substitution configure
# script options.
#
# *** ENABLING THIS OPTION IS A HIGH SECURITY RISK! ***
# Read the SECURITY file for information on some of the security implications
# of enabling this variable.
#
# Values: 0=do not allow bash command substitutions,
# 1=allow bash command substitutions
allow_bash_command_substitution=0
# COMMAND PREFIX
# This option allows you to prefix all commands with a user-defined string.
# A space is automatically added between the specified prefix string and the
# command line from the command definition.
#
# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! ***
# Usage scenario:
# Execute restricted commmands using sudo. For this to work, you need to add
# the nagios user to your /etc/sudoers. An example entry for allowing
# execution of the plugins from might be:
#
# nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/
#
# This lets the nagios user run all commands in that directory (and only them)
# without asking for a password. If you do this, make sure you don't give
# random users write access to that directory or its contents!
# command_prefix=/usr/bin/sudo
# MAX COMMANDS
# This specifies how many children processes may be spawned at any one
# time, essentially limiting the fork()s that occur.
# Default (0) is set to unlimited
# max_commands=0
# COMMAND TIMEOUT
# This specifies the maximum number of seconds that the NRPE daemon will
# allow plugins to finish executing before killing them off.
command_timeout=60
# CONNECTION TIMEOUT
# This specifies the maximum number of seconds that the NRPE daemon will
# wait for a connection to be established before exiting. This is sometimes
# seen where a network problem stops the SSL being established even though
# all network sessions are connected. This causes the nrpe daemons to
# accumulate, eating system resources. Do not set this too low.
connection_timeout=300
# WEAK RANDOM SEED OPTION
# This directive allows you to use SSL even if your system does not have
# a /dev/random or /dev/urandom (on purpose or because the necessary patches
# were not applied). The random number generator will be seeded from a file
# which is either a file pointed to by the environment valiable $RANDFILE
# or $HOME/.rnd. If neither exists, the pseudo random number generator will
# be initialized and a warning will be issued.
# Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness
#allow_weak_random_seed=1
# SSL/TLS OPTIONS
# These directives allow you to specify how to use SSL/TLS.
# SSL VERSION
# This can be any of: SSLv2 (only use SSLv2), SSLv2+ (use any version),
# SSLv3 (only use SSLv3), SSLv3+ (use SSLv3 or above), TLSv1 (only use
# TLSv1), TLSv1+ (use TLSv1 or above), TLSv1.1 (only use TLSv1.1),
# TLSv1.1+ (use TLSv1.1 or above), TLSv1.2 (only use TLSv1.2),
# TLSv1.2+ (use TLSv1.2 or above)
# If an "or above" version is used, the best will be negotiated. So if both
# ends are able to do TLSv1.2 and use specify SSLv2, you will get TLSv1.2.
# If you are using openssl 1.1.0 or above, the SSLv2 options are not available.
#ssl_version=SSLv2+
# SSL USE ADH
# This is for backward compatibility and is DEPRECATED. Set to 1 to enable
# ADH or 2 to require ADH. 1 is currently the default but will be changed
# in a later version.
#ssl_use_adh=1
# SSL CIPHER LIST
# This lists which ciphers can be used. For backward compatibility, this
# defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' for < OpenSSL 1.1.0,
# and 'ssl_cipher_list=ALL:!MD5:@STRENGTH:@SECLEVEL=0' for OpenSSL 1.1.0 and
# greater.
#ssl_cipher_list=ALL:!MD5:@STRENGTH
#ssl_cipher_list=ALL:!MD5:@STRENGTH:@SECLEVEL=0
#ssl_cipher_list=ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH
# SSL Certificate and Private Key Files
#ssl_cacert_file=/etc/ssl/servercerts/ca-cert.pem
#ssl_cert_file=/etc/ssl/servercerts/nagios-cert.pem
#ssl_privatekey_file=/etc/ssl/servercerts/nagios-key.pem
# SSL USE CLIENT CERTS
# This options determines client certificate usage.
# Values: 0 = Don't ask for or require client certificates (default)
# 1 = Ask for client certificates
# 2 = Require client certificates
#ssl_client_certs=0
# SSL LOGGING
# This option determines which SSL messages are send to syslog. OR values
# together to specify multiple options.
# Values: 0x00 (0) = No additional logging (default)
# 0x01 (1) = Log startup SSL/TLS parameters
# 0x02 (2) = Log remote IP address
# 0x04 (4) = Log SSL/TLS version of connections
# 0x08 (8) = Log which cipher is being used for the connection
# 0x10 (16) = Log if client has a certificate
# 0x20 (32) = Log details of client's certificate if it has one
# -1 or 0xff or 0x2f = All of the above
#ssl_logging=0x00
# NASTY METACHARACTERS
# This option allows you to override the list of characters that cannot
# be passed to the NRPE daemon.
# nasty_metachars="|`&><'\\[]{};\r\n"
# COMMAND DEFINITIONS
# Command definitions that this daemon will run. Definitions
# are in the following format:
#
# command[<command_name>]=<command_line>
#
# When the daemon receives a request to return the results of <command_name>
# it will execute the command specified by the <command_line> argument.
#
# Unlike Nagios, the command line cannot contain macros - it must be
# typed exactly as it should be executed.
#
# Note: Any plugins that are used in the command lines must reside
# on the machine that this daemon is running on! The examples below
# assume that you have plugins installed in a /usr/local/nagios/libexec
# directory. Also note that you will have to modify the definitions below
# to match the argument format the plugins expect. Remember, these are
# examples only!
# The following examples use hardcoded command arguments...
# This is by far the most secure method of using NRPE
command[check_systemd_synapse]=/usr/lib/monitoring-plugins/check_systemd matrix-synapse.service
command[check_users]=/usr/lib/monitoring-plugins/check_users -w 5 -c 10
command[check_load]=/usr/lib/monitoring-plugins/check_load -r -w .15,.10,.05 -c .30,.25,.20
command[check_hda1]=/usr/lib/monitoring-plugins/check_disk -w 20% -c 10% -p /dev/hda1
command[check_zombie_procs]=/usr/lib/monitoring-plugins/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/lib/monitoring-plugins/check_procs -w 150 -c 200
# The following examples allow user-supplied arguments and can
# only be used if the NRPE daemon was compiled with support for
# command arguments *AND* the dont_blame_nrpe directive in this
# config file is set to '1'. This poses a potential security risk, so
# make sure you read the SECURITY file before doing this.
### MISC SYSTEM METRICS ###
#command[check_users]=/usr/lib/monitoring-plugins/check_users $ARG1$
#command[check_load]=/usr/lib/monitoring-plugins/check_load $ARG1$
#command[check_disk]=/usr/lib/monitoring-plugins/check_disk $ARG1$
#command[check_swap]=/usr/lib/monitoring-plugins/check_swap $ARG1$
#command[check_cpu_stats]=/usr/lib/monitoring-plugins/check_cpu_stats.sh $ARG1$
#command[check_mem]=/usr/lib/monitoring-plugins/custom_check_mem -n $ARG1$
### GENERIC SERVICES ###
#command[check_init_service]=sudo /usr/lib/monitoring-plugins/check_init_service $ARG1$
#command[check_services]=/usr/lib/monitoring-plugins/check_services -p $ARG1$
### SYSTEM UPDATES ###
#command[check_yum]=/usr/lib/monitoring-plugins/check_yum
#command[check_apt]=/usr/lib/monitoring-plugins/check_apt
### PROCESSES ###
#command[check_all_procs]=/usr/lib/monitoring-plugins/custom_check_procs
#command[check_procs]=/usr/lib/monitoring-plugins/check_procs $ARG1$
### OPEN FILES ###
#command[check_open_files]=/usr/lib/monitoring-plugins/check_open_files.pl $ARG1$
### NETWORK CONNECTIONS ###
#command[check_netstat]=/usr/lib/monitoring-plugins/check_netstat.pl -p $ARG1$ $ARG2$
### ASTERISK ###
#command[check_asterisk]=/usr/lib/monitoring-plugins/check_asterisk.pl $ARG1$
#command[check_sip]=/usr/lib/monitoring-plugins/check_sip $ARG1$
#command[check_asterisk_sip_peers]=sudo /usr/lib/monitoring-plugins/check_asterisk_sip_peers.sh $ARG1$
#command[check_asterisk_version]=/usr/lib/monitoring-plugins/nagisk.pl -c version
#command[check_asterisk_peers]=/usr/lib/monitoring-plugins/nagisk.pl -c peers
#command[check_asterisk_channels]=/usr/lib/monitoring-plugins/nagisk.pl -c channels
#command[check_asterisk_zaptel]=/usr/lib/monitoring-plugins/nagisk.pl -c zaptel
#command[check_asterisk_span]=/usr/lib/monitoring-plugins/nagisk.pl -c span -s 1
# INCLUDE CONFIG FILE
# This directive allows you to include definitions from an external config file.
#include=<somefile.cfg>
# INCLUDE CONFIG DIRECTORY
# This directive allows you to include definitions from config files (with a
# .cfg extension) in one or more directories (with recursion).
#include_dir=<somedirectory>
#include_dir=<someotherdirectory>

View File

@ -1,3 +1,17 @@
geo $limit {
default 1;
10.0.0.0/24 0;
}
map $limit $limit_key {
0 "";
1 $binary_remote_addr;
}
limit_req_zone $limit_key zone=synchro:10m rate=900r/m;
limit_req_zone $limit_key zone=invite:10m rate=30r/m;
limit_req_zone $binary_remote_addr zone=roomcreate:10m rate=30r/m;
#limit_req_zone $limit_key zone=register:10m rate=30r/m;
# primary matrix process
upstream matrix_backend {
server yoshika.midov.pl:8008;
@ -6,7 +20,13 @@
# sync worker client0
upstream synchrotron {
hash $remote_addr;
server yoshika.midov.pl:5080;
server yoshika.midov.pl:5083;
server yoshika.midov.pl:5084;
server yoshika.midov.pl:5085;
server yoshika.midov.pl:5086;
keepalive 16;
}
@ -38,9 +58,18 @@
# federationstransaction
upstream federationstransaction {
ip_hash;
#hash $remote_addr;
server yoshika.midov.pl:6080;
server yoshika.midov.pl:6081;
server yoshika.midov.pl:6082;
server yoshika.midov.pl:6083;
server yoshika.midov.pl:6084;
#server yoshika.midov.pl:6083;
#server yoshika.midov.pl:6084;
#server yoshika.midov.pl:6085;
#server yoshika.midov.pl:6086;
}
# frontendproxy
upstream frontendproxy {
server yoshika.midov.pl:6025;
keepalive 16;
}

View File

@ -1,17 +0,0 @@
worker_app: synapse.app.federation_sender
worker_name: worker5
# The replication listener on the main synapse process.
worker_replication_host: 127.0.0.1
worker_replication_http_port: 9093
worker_listeners:
- type: http
port: 8087
bind_addresses: ['0.0.0.0']
x_forwarded: true
resources:
- names: [client, federation]
compress: false
worker_log_config: /etc/synapse/workers/worker_log_config.yaml

View File

@ -11,7 +11,7 @@ worker_listeners:
bind_addresses: ['0.0.0.0']
x_forwarded: true
resources:
- names: [client, federation]
- names: [client]
compress: false
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
worker_log_config: /etc/synapse/midov.pl.log.config

View File

@ -11,7 +11,7 @@ worker_listeners:
bind_addresses: ['0.0.0.0']
x_forwarded: true
resources:
- names: [client, federation]
- names: [client]
compress: false
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
worker_log_config: /etc/synapse/midov.pl.log.config

View File

@ -11,7 +11,7 @@ worker_listeners:
bind_addresses: ['0.0.0.0']
x_forwarded: true
resources:
- names: [client, federation]
- names: [client]
compress: false
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
worker_log_config: /etc/synapse/midov.pl.log.config

View File

@ -0,0 +1,17 @@
worker_app: synapse.app.generic_worker
worker_name: client3
# The replication listener on the main synapse process.
worker_replication_host: 127.0.0.1
worker_replication_http_port: 9093
worker_listeners:
- type: http
port: 5083
bind_addresses: ['0.0.0.0']
x_forwarded: true
resources:
- names: [client]
compress: false
worker_log_config: /etc/synapse/midov.pl.log.config

View File

@ -0,0 +1,17 @@
worker_app: synapse.app.generic_worker
worker_name: client4
# The replication listener on the main synapse process.
worker_replication_host: 127.0.0.1
worker_replication_http_port: 9093
worker_listeners:
- type: http
port: 5084
bind_addresses: ['0.0.0.0']
x_forwarded: true
resources:
- names: [client]
compress: false
worker_log_config: /etc/synapse/midov.pl.log.config

View File

@ -0,0 +1,17 @@
worker_app: synapse.app.generic_worker
worker_name: client5
# The replication listener on the main synapse process.
worker_replication_host: 127.0.0.1
worker_replication_http_port: 9093
worker_listeners:
- type: http
port: 5085
bind_addresses: ['0.0.0.0']
x_forwarded: true
resources:
- names: [client]
compress: false
worker_log_config: /etc/synapse/midov.pl.log.config

View File

@ -0,0 +1,17 @@
worker_app: synapse.app.generic_worker
worker_name: client6
# The replication listener on the main synapse process.
worker_replication_host: 127.0.0.1
worker_replication_http_port: 9093
worker_listeners:
- type: http
port: 5086
bind_addresses: ['0.0.0.0']
x_forwarded: true
resources:
- names: [client]
compress: false
worker_log_config: /etc/synapse/midov.pl.log.config

View File

@ -0,0 +1,18 @@
worker_app: synapse.app.frontend_proxy
worker_name: frontendproxy
# The replication listener on the main synapse process.
worker_replication_host: 127.0.0.1
worker_replication_http_port: 9093
worker_listeners:
- type: http
port: 6025
bind_addresses: ['0.0.0.0']
x_forwarded: true
resources:
- names: [client]
compress: false
worker_log_config: /etc/synapse/midov.pl.log.config
worker_main_http_uri: http://127.0.0.1:8008

View File

@ -20,4 +20,4 @@ worker_listeners:
- names: [client, federation]
compress: false
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
worker_log_config: /etc/synapse/midov.pl.log.config

View File

@ -20,4 +20,4 @@ worker_listeners:
- names: [client, federation]
compress: false
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
worker_log_config: /etc/synapse/midov.pl.log.config

View File

@ -20,4 +20,4 @@ worker_listeners:
- names: [client, federation]
compress: false
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
worker_log_config: /etc/synapse/midov.pl.log.config

View File

@ -11,7 +11,7 @@ worker_listeners:
bind_addresses: ['0.0.0.0']
x_forwarded: true
resources:
- names: [client, federation]
- names: [federation]
compress: false
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
worker_log_config: /etc/synapse/midov.pl.log.config

View File

@ -11,7 +11,7 @@ worker_listeners:
bind_addresses: ['0.0.0.0']
x_forwarded: true
resources:
- names: [client, federation]
- names: [federation]
compress: false
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
worker_log_config: /etc/synapse/midov.pl.log.config

View File

@ -11,7 +11,7 @@ worker_listeners:
bind_addresses: ['0.0.0.0']
x_forwarded: true
resources:
- names: [client, federation]
- names: [federation]
compress: false
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
worker_log_config: /etc/synapse/midov.pl.log.config

View File

@ -11,7 +11,7 @@ worker_listeners:
bind_addresses: ['0.0.0.0']
x_forwarded: true
resources:
- names: [client, federation]
- names: [federation]
compress: false
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
worker_log_config: /etc/synapse/midov.pl.log.config

View File

@ -11,7 +11,7 @@ worker_listeners:
bind_addresses: ['0.0.0.0']
x_forwarded: true
resources:
- names: [client, federation]
- names: [federation]
compress: false
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
worker_log_config: /etc/synapse/midov.pl.log.config

View File

@ -0,0 +1,17 @@
worker_app: synapse.app.generic_worker
worker_name: receiver4
# The replication listener on the main synapse process.
worker_replication_host: 127.0.0.1
worker_replication_http_port: 9093
worker_listeners:
- type: http
port: 6085
bind_addresses: ['0.0.0.0']
x_forwarded: true
resources:
- names: [federation]
compress: false
worker_log_config: /etc/synapse/midov.pl.log.config

View File

@ -0,0 +1,17 @@
worker_app: synapse.app.generic_worker
worker_name: receiver4
# The replication listener on the main synapse process.
worker_replication_host: 127.0.0.1
worker_replication_http_port: 9093
worker_listeners:
- type: http
port: 6086
bind_addresses: ['0.0.0.0']
x_forwarded: true
resources:
- names: [federation]
compress: false
worker_log_config: /etc/synapse/midov.pl.log.config

View File

@ -11,7 +11,7 @@ worker_listeners:
bind_addresses: ['0.0.0.0']
x_forwarded: true
resources:
- names: [client, federation]
- names: [client]
compress: false
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
worker_log_config: /etc/synapse/midov.pl.log.config

View File

@ -11,7 +11,7 @@ worker_listeners:
bind_addresses: ['0.0.0.0']
x_forwarded: true
resources:
- names: [client, federation]
- names: [federation]
compress: false
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
worker_log_config: /etc/synapse/midov.pl.log.config

View File

@ -0,0 +1,8 @@
worker_app: synapse.app.federation_sender
worker_name: worker5
# The replication listener on the main synapse process.
worker_replication_host: 127.0.0.1
worker_replication_http_port: 9093
worker_log_config: /etc/synapse/midov.pl.log.config

View File

@ -14,4 +14,4 @@ worker_listeners:
- names:
- media
worker_log_config: /etc/synapse/workers/worker_log_config.yaml
worker_log_config: /etc/synapse/midov.pl.log.config

View File

@ -1,18 +1,17 @@
#!/usr/bin/ansible-playbook
---
# archlinux db
- name: OS install
- name: Synapse Config
become: no
hosts: yoshika.midov.pl
vars_files:
- vars/main.yaml
- vars/passwords.yaml
roles:
- archlinux
- shell
- mail
tasks:
- name: arch basic setup
import_tasks: ../arch_basic_setup.yaml
- name: update and install
import_tasks: ../update_and_install.yaml
- name: basic shell config
import_tasks: ../shell.yaml
- name: pacman install
pacman:
@ -24,6 +23,8 @@
- hiredis
- python-hiredis
- python-psycopg2
- nrpe
- monitoring-plugins
state: present
- name: start redis service
@ -33,9 +34,9 @@
enabled: yes
- name: copy synapse config
copy:
src: files/homeserver.yaml
dest: /etc/synapse
template:
src: files/homeserver.yaml.j2
dest: /etc/synapse/homeserver.yaml
notify: restartsynapse
- name: copy synapse service files
@ -74,21 +75,26 @@
dest: /etc/synapse
notify: restartsynapse
- name: copy discordbridge
copy:
src: files/discord-registration.yaml
dest: /etc/synapse
notify: restartsynapse
- name: copy ldap provider
copy:
src: files/rest_auth_provider.py
dest: /usr/lib/python3.9/site-packages/
dest: /usr/lib/python{{ ansible_python_version.split(".")[0] }}.{{ansible_python_version.split(".")[1] }}/site-packages/
- name: create workers dir
file:
path: /etc/synapse/workers
state: directory
- name: copy worker files
synchronize:
src: files/workers
dest: /etc/synapse/
- name: copy worker config files
import_tasks: copyconfigfiles.yaml
- name: enable worker services
import_tasks: enableservices.yaml
systemd:
name: "matrix-synapse-worker@{{ item.name }}.service"
enabled: yes
with_items: "{{ workers }}"
- name: ensure systemd matrix-synapse is enabled
systemd:
@ -102,12 +108,42 @@
enabled: yes
state: started
- name: copy nagios plugin
copy:
src: files/check_systemd
dest: /usr/lib/monitoring-plugins/check_systemd
mode: 0755
- name: copy nrpe config
copy:
src: files/nrpe.cfg
dest: /etc/nrpe/nrpe.cfg
notify: restartnrpe
- name: start and enable nrpe
systemd:
name: nrpe
state: started
enabled: yes
# doesnt work?
#- name: pip the mjolnir module
# pip:
# name: "git+https://github.com/matrix-org/mjolnir.git#egg=mjolnir&subdirectory=synapse_antispam"
handlers:
- name: restartsynapse
systemd:
name: matrix-synapse.target
state: restarted
- name: restartnrpe
systemd:
name: nrpe.service
state: restarted
#### chino.midov.pl
- name: update nginx
become: no

1
readme.md Normal file
View File

@ -0,0 +1 @@
# synapse config for midov.pl homeserver

View File

@ -1,6 +1,20 @@
$ANSIBLE_VAULT;1.1;AES256
39336131343632613632306462306363353464303064633463396661343062613235613233303264
6130333332386661623666393165383234613763646334360a393065353737633234383465323166
63633534653431376163623936346530663832663237613831383535656336333939616637353632
3462326263636139620a303932663439333434643566313865646637643432303731626330616166
6366
workers:
- name: client0
- name: client1
- name: client2
- name: client3
- name: client4
- name: client5
- name: client6
- name: worker4
- name: worker5
- name: worker6
- name: receiver0
- name: receiver1
- name: receiver2
- name: persister0
- name: persister1
- name: persister2
- name: frontendproxy
matrix_server_name: "midov.pl"

37
vars/passwords.yaml Normal file
View File

@ -0,0 +1,37 @@
$ANSIBLE_VAULT;1.1;AES256
31336130653337666339353434623166636236626563396634386232346237613734636266646634
3438643334616631326461363631656461623935336462370a616137313636653565656362366333
64326537623339356234346264393430383336333532656265323538613335303663373232653332
3763326363386538360a313739376662383661646665366433626537613535616232633832623138
31303339333631323834356436346333646637346233353835366365323632393433663864306236
62666139363435323635323964383430613464666432346461663637313332313031653763303463
37356164616433623262373538613065643564303462626363346665353636643036666465656230
34306635313461623234333631323336616564623536343966393933356434323366623635383738
61636533623638303635396465306432633765373132626162663233363331633631376131613065
37643964656438666564353233663535333037636433626165383630323832626639663834303235
37656365343439326663383933333737366331386634323832643238656264623165626536613936
39313164616432643562623737373031373564333036303961363533366337396364363263356561
32323133353234656337633638303631633761373362366663313663336463353535386335326634
30663364373933343637386336663330383533303434303835303963366166636338333138616264
31643263633463653039343433666230313463613965623036633630366638663731313533356136
36366331653962386365376163623739373261323931646366316332333331363039626161643362
66343633663433623030643630646635643333343837373434366661333539616235646433373361
31316433373266626134336337316436643163356666303635356264396532666661346235376334
63663035656635346332303031316434313331663335633666353762373963306130616566366431
31633636303462373161646461363039646135393032643537333139376462346462313931333738
35636661613639393334393438313764383562356435303232353231643734363735313831613163
36353737613961383137383633653835643930356163343164383464356364623034353163356137
31376438386533613239303766363631666537663862663639386362623836356166393038653962
66633565616530313364626462643534626636316263346438373964626365386330393439353565
35333432333939353264663232333136633130386161303262363366313461623138306633646433
30353439623365303662333931653164313266616462353463333430333739646139616135333030
33396232653435363263623837396436333130393638626536653662313731343566393931633636
61386364643764396632613235333730383630333834376436373436633935313461313065623961
35383039353932306634326133623337323237383333613832323131343862316461376131343765
38353339616366616362363466666365343436633634613730616430633961646537653464313135
64636238383733323666613130636436663730633061626466663464363731616564613435363363
63653436316534626133356166623139313436353934666235663362323631393866333164383834
39386432353430663634656436343562363937343730363166326364616434303364663061663634
34323338633962616636623462363536333530653631393865613632303764616439366238313938
35313736366537346239623666303930373636663463653038303933666438653164393139326466
39613438323863333039