Merge branch 'master' of https://github.com/spantaleev/matrix-docker-ansible-deploy
This commit is contained in:
p5t2vspoqqw
@ -1,3 +1,3 @@
|
||||
- set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-nginx-proxy'] }}"
|
||||
when: "matrix_nginx_proxy_enabled"
|
||||
when: matrix_nginx_proxy_enabled|bool
|
||||
|
||||
@ -6,20 +6,20 @@
|
||||
# This role performs actions even if the role is disabled, so we need
|
||||
# to ensure there's a valid configuration in any case.
|
||||
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||
when: run_setup
|
||||
when: run_setup|bool
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-nginx-proxy
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/ssl/main.yml"
|
||||
when: run_setup
|
||||
when: run_setup|bool
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-nginx-proxy
|
||||
- setup-ssl
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/setup_nginx_proxy.yml"
|
||||
when: run_setup
|
||||
when: run_setup|bool
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-nginx-proxy
|
||||
@ -27,7 +27,7 @@
|
||||
- import_tasks: "{{ role_path }}/tasks/self_check_well_known.yml"
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
when: run_self_check
|
||||
when: run_self_check|bool
|
||||
tags:
|
||||
- self-check
|
||||
|
||||
|
||||
@ -21,7 +21,7 @@
|
||||
- name: Determine domains that we require certificates for (mxisd)
|
||||
set_fact:
|
||||
well_known_file_checks: "{{ well_known_file_checks + [well_known_file_check_matrix_server] }}"
|
||||
when: "matrix_well_known_matrix_server_enabled"
|
||||
when: matrix_well_known_matrix_server_enabled|bool
|
||||
|
||||
- name: Perform well-known checks
|
||||
include_tasks: "{{ role_path }}/tasks/self_check_well_known_file.yml"
|
||||
|
||||
@ -27,7 +27,7 @@
|
||||
src: "{{ role_path }}/templates/nginx/nginx.conf.j2"
|
||||
dest: "{{ matrix_nginx_proxy_base_path }}/nginx.conf"
|
||||
mode: 0644
|
||||
when: "matrix_nginx_proxy_enabled"
|
||||
when: matrix_nginx_proxy_enabled|bool
|
||||
|
||||
- name: Ensure matrix-synapse-metrics-htpasswd is present (protecting /_synapse/metrics URI)
|
||||
template:
|
||||
@ -36,35 +36,35 @@
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_username }}"
|
||||
mode: 0400
|
||||
when: "matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled and matrix_nginx_proxy_proxy_synapse_metrics"
|
||||
when: "matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled|bool and matrix_nginx_proxy_proxy_synapse_metrics|bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configured (generic)
|
||||
template:
|
||||
src: "{{ role_path }}/templates/nginx/conf.d/nginx-http.conf.j2"
|
||||
dest: "{{ matrix_nginx_proxy_confd_path }}/nginx-http.conf"
|
||||
mode: 0644
|
||||
when: "matrix_nginx_proxy_enabled"
|
||||
when: matrix_nginx_proxy_enabled|bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for matrix domain exists
|
||||
template:
|
||||
src: "{{ role_path }}/templates/nginx/conf.d/matrix-synapse.conf.j2"
|
||||
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-synapse.conf"
|
||||
mode: 0644
|
||||
when: "matrix_nginx_proxy_proxy_matrix_enabled"
|
||||
when: matrix_nginx_proxy_proxy_matrix_enabled|bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for riot domain exists
|
||||
template:
|
||||
src: "{{ role_path }}/templates/nginx/conf.d/matrix-riot-web.conf.j2"
|
||||
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-riot-web.conf"
|
||||
mode: 0644
|
||||
when: "matrix_nginx_proxy_proxy_riot_enabled"
|
||||
when: matrix_nginx_proxy_proxy_riot_enabled|bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for dimension domain exists
|
||||
template:
|
||||
src: "{{ role_path }}/templates/nginx/conf.d/matrix-dimension.conf.j2"
|
||||
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-dimension.conf"
|
||||
mode: 0644
|
||||
when: "matrix_nginx_proxy_proxy_dimension_enabled"
|
||||
when: matrix_nginx_proxy_proxy_dimension_enabled|bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy data directory for base domain exists
|
||||
file:
|
||||
@ -73,7 +73,7 @@
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_username }}"
|
||||
when: "matrix_nginx_proxy_base_domain_serving_enabled"
|
||||
when: matrix_nginx_proxy_base_domain_serving_enabled|bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy homepage for base domain exists
|
||||
copy:
|
||||
@ -82,14 +82,14 @@
|
||||
mode: 0644
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_username }}"
|
||||
when: "matrix_nginx_proxy_base_domain_serving_enabled"
|
||||
when: matrix_nginx_proxy_base_domain_serving_enabled|bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for base domain exists
|
||||
template:
|
||||
src: "{{ role_path }}/templates/nginx/conf.d/matrix-domain.conf.j2"
|
||||
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-domain.conf"
|
||||
mode: 0644
|
||||
when: "matrix_nginx_proxy_base_domain_serving_enabled"
|
||||
when: matrix_nginx_proxy_base_domain_serving_enabled|bool
|
||||
|
||||
#
|
||||
# Tasks related to setting up matrix-nginx-proxy
|
||||
@ -97,7 +97,8 @@
|
||||
- name: Ensure nginx Docker image is pulled
|
||||
docker_image:
|
||||
name: "{{ matrix_nginx_proxy_docker_image }}"
|
||||
when: matrix_nginx_proxy_enabled
|
||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||
when: matrix_nginx_proxy_enabled|bool
|
||||
|
||||
- name: Ensure matrix-nginx-proxy.service installed
|
||||
template:
|
||||
@ -105,7 +106,7 @@
|
||||
dest: "/etc/systemd/system/matrix-nginx-proxy.service"
|
||||
mode: 0644
|
||||
register: matrix_nginx_proxy_systemd_service_result
|
||||
when: matrix_nginx_proxy_enabled
|
||||
when: matrix_nginx_proxy_enabled|bool
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-nginx-proxy.service installation
|
||||
service:
|
||||
@ -121,7 +122,7 @@
|
||||
stat:
|
||||
path: "/etc/systemd/system/matrix-nginx-proxy.service"
|
||||
register: matrix_nginx_proxy_service_stat
|
||||
when: "not matrix_nginx_proxy_enabled"
|
||||
when: "not matrix_nginx_proxy_enabled|bool"
|
||||
|
||||
- name: Ensure matrix-nginx-proxy is stopped
|
||||
service:
|
||||
@ -129,57 +130,57 @@
|
||||
state: stopped
|
||||
daemon_reload: yes
|
||||
register: stopping_result
|
||||
when: "not matrix_nginx_proxy_enabled and matrix_nginx_proxy_service_stat.stat.exists"
|
||||
when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists"
|
||||
|
||||
- name: Ensure matrix-nginx-proxy.service doesn't exist
|
||||
file:
|
||||
path: "/etc/systemd/system/matrix-nginx-proxy.service"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_enabled and matrix_nginx_proxy_service_stat.stat.exists"
|
||||
when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists"
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-nginx-proxy.service removal
|
||||
service:
|
||||
daemon_reload: yes
|
||||
when: "not matrix_nginx_proxy_enabled and matrix_nginx_proxy_service_stat.stat.exists"
|
||||
when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for matrix domain deleted
|
||||
file:
|
||||
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-synapse.conf"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_proxy_matrix_enabled"
|
||||
when: "not matrix_nginx_proxy_proxy_matrix_enabled|bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for riot domain deleted
|
||||
file:
|
||||
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-riot-web.conf"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_proxy_riot_enabled"
|
||||
when: "not matrix_nginx_proxy_proxy_riot_enabled|bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for dimension domain deleted
|
||||
file:
|
||||
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-dimension.conf"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_proxy_dimension_enabled"
|
||||
when: "not matrix_nginx_proxy_proxy_dimension_enabled|bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy homepage for base domain deleted
|
||||
file:
|
||||
path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain/index.html"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_base_domain_serving_enabled"
|
||||
when: "not matrix_nginx_proxy_base_domain_serving_enabled|bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for base domain deleted
|
||||
file:
|
||||
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-domain.conf"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_base_domain_serving_enabled"
|
||||
when: "not matrix_nginx_proxy_base_domain_serving_enabled|bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for main config override deleted
|
||||
file:
|
||||
path: "{{ matrix_nginx_proxy_base_path }}/nginx.conf"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_enabled"
|
||||
when: "not matrix_nginx_proxy_enabled|bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy htpasswd is deleted (protecting /_synapse/metrics URI)
|
||||
file:
|
||||
path: "{{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled or not matrix_nginx_proxy_proxy_synapse_metrics"
|
||||
when: "not matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled|bool or not matrix_nginx_proxy_proxy_synapse_metrics|bool"
|
||||
|
||||
@ -36,6 +36,7 @@
|
||||
- name: Ensure certbot Docker image is pulled
|
||||
docker_image:
|
||||
name: "{{ matrix_ssl_lets_encrypt_certbot_docker_image }}"
|
||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||
when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
|
||||
|
||||
- name: Obtain Let's Encrypt certificates
|
||||
@ -67,8 +68,8 @@
|
||||
cron_file: matrix-ssl-lets-encrypt
|
||||
name: matrix-ssl-lets-encrypt-certificates-renew
|
||||
state: present
|
||||
hour: 4
|
||||
minute: 15
|
||||
hour: "4"
|
||||
minute: "15"
|
||||
day: "*"
|
||||
job: /usr/local/bin/matrix-ssl-lets-encrypt-certificates-renew
|
||||
|
||||
@ -78,11 +79,11 @@
|
||||
cron_file: matrix-ssl-lets-encrypt
|
||||
name: matrix-nginx-proxy-reload
|
||||
state: present
|
||||
hour: 5
|
||||
minute: 20
|
||||
hour: "5"
|
||||
minute: "20"
|
||||
day: "*"
|
||||
job: /bin/systemctl reload matrix-nginx-proxy.service
|
||||
when: matrix_nginx_proxy_enabled
|
||||
when: matrix_nginx_proxy_enabled|bool
|
||||
when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
|
||||
|
||||
|
||||
@ -98,7 +99,7 @@
|
||||
cron_file: matrix-ssl-lets-encrypt
|
||||
name: matrix-nginx-proxy-reload
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_enabled"
|
||||
when: "not matrix_nginx_proxy_enabled|bool"
|
||||
|
||||
# When Let's Encrypt is not used at all, remove all cronjobs in that cron file.
|
||||
- name: Ensure matrix-ssl-lets-encrypt-renew cronjob removed
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
msg: "Dealing with SSL certificate retrieval for domain: {{ domain_name }}"
|
||||
|
||||
- set_fact:
|
||||
domain_name_certificate_path: "{{ matrix_ssl_config_dir_path }}/live/{{ domain_name }}/cert.pem"
|
||||
domain_name_certificate_path: "{{ matrix_ssl_config_dir_path }}/live/{{ domain_name }}/fullchain.pem"
|
||||
|
||||
- name: Check if a certificate for the domain already exists
|
||||
stat:
|
||||
@ -35,7 +35,7 @@
|
||||
--agree-tos
|
||||
--email={{ matrix_ssl_lets_encrypt_support_email }}
|
||||
-d {{ domain_name }}
|
||||
when: "domain_name_needs_cert"
|
||||
when: domain_name_needs_cert|bool
|
||||
register: result_certbot_direct
|
||||
ignore_errors: true
|
||||
|
||||
|
||||
@ -44,6 +44,7 @@ ExecStop=-/usr/bin/docker rm matrix-nginx-proxy
|
||||
ExecReload=/usr/bin/docker exec matrix-nginx-proxy /usr/sbin/nginx -s reload
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
SyslogIdentifier=matrix-nginx-proxy
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
Reference in New Issue
Block a user