diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml index 33805e51e..63aee58ac 100644 --- a/roles/custom/matrix-base/defaults/main.yml +++ b/roles/custom/matrix-base/defaults/main.yml @@ -121,12 +121,6 @@ matrix_bin_path: "{{ matrix_base_data_path }}/bin" matrix_static_files_base_path: "{{ matrix_base_data_path }}/static-files" -# This is now unused. We keep it so that cleanup tasks can use it. -# To be removed in the future. -matrix_cron_path: "/etc/cron.d" - -matrix_local_bin_path: "/usr/local/bin" - matrix_host_command_sleep: "/usr/bin/env sleep" matrix_host_command_chown: "/usr/bin/env chown" matrix_host_command_fusermount: "/usr/bin/env fusermount" diff --git a/roles/custom/matrix-base/tasks/validate_config.yml b/roles/custom/matrix-base/tasks/validate_config.yml index b3c7fb18c..b3551e2e3 100644 --- a/roles/custom/matrix-base/tasks/validate_config.yml +++ b/roles/custom/matrix-base/tasks/validate_config.yml @@ -17,6 +17,7 @@ - {'old': 'hostname_matrix', 'new': 'matrix_server_fqn_matrix'} - {'old': 'hostname_riot', 'new': 'matrix_server_fqn_element'} - {'old': 'matrix_server_fqn_riot', 'new': 'matrix_server_fqn_element'} + - {'old': 'matrix_local_bin_path', 'new': ''} # We have a dedicated check for this variable, because we'd like to have a custom (friendlier) message. - name: Fail if matrix_homeserver_generic_secret_key is undefined diff --git a/roles/custom/matrix-coturn/tasks/setup_install.yml b/roles/custom/matrix-coturn/tasks/setup_install.yml index 31b5446cb..ab94db27e 100644 --- a/roles/custom/matrix-coturn/tasks/setup_install.yml +++ b/roles/custom/matrix-coturn/tasks/setup_install.yml @@ -1,11 +1,5 @@ --- -# This is a cleanup/migration task. It can be removed some time in the future. -- name: (Migration) Remove deprecated cronjob - ansible.builtin.file: - path: "{{ matrix_cron_path }}/matrix-coturn-ssl-reload" - state: absent - - name: Ensure Matrix Coturn path exists ansible.builtin.file: path: "{{ item.path }}" diff --git a/roles/custom/matrix-nginx-proxy/defaults/main.yml b/roles/custom/matrix-nginx-proxy/defaults/main.yml index 886e35131..0830d4f41 100644 --- a/roles/custom/matrix-nginx-proxy/defaults/main.yml +++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml @@ -573,6 +573,7 @@ matrix_ssl_lets_encrypt_key_type: rsa matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl" matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config" matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log" +matrix_ssl_bin_dir_path: "{{ matrix_ssl_base_path }}/bin" # If you'd like to start some service before a certificate is obtained, specify it here. # This could be something like `matrix-dynamic-dns`, etc. diff --git a/roles/custom/matrix-nginx-proxy/tasks/ssl/main.yml b/roles/custom/matrix-nginx-proxy/tasks/ssl/main.yml index e9d270cfe..6eff8cbf7 100644 --- a/roles/custom/matrix-nginx-proxy/tasks/ssl/main.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/ssl/main.yml @@ -24,6 +24,7 @@ with_items: - "{{ matrix_ssl_log_dir_path }}" - "{{ matrix_ssl_config_dir_path }}" + - "{{ matrix_ssl_bin_dir_path }}" when: "matrix_ssl_retrieval_method != 'none'" diff --git a/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml index 77361f3ff..a1b14e3b2 100644 --- a/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml @@ -1,17 +1,4 @@ --- - -# This is a cleanup/migration task, because of to the new way we manage cronjobs (`cron` module) and the new script name. -# This migration task can be removed some time in the future. -- name: (Migration) Remove deprecated Let's Encrypt SSL certificate management files - ansible.builtin.file: - path: "{{ item }}" - state: absent - with_items: - - "{{ matrix_local_bin_path }}/matrix-ssl-certificates-renew" - - "{{ matrix_cron_path }}/matrix-ssl-certificate-renewal" - - "{{ matrix_cron_path }}/matrix-nginx-proxy-periodic-restarter" - - "/etc/cron.d/matrix-ssl-lets-encrypt" - # # Tasks related to setting up Let's Encrypt's management of certificates # @@ -36,8 +23,8 @@ - name: Ensure Let's Encrypt SSL renewal script installed ansible.builtin.template: - src: "{{ role_path }}/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2" - dest: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew" + src: "{{ role_path }}/templates/bin/lets-encrypt-certificates-renew.j2" + dest: "{{ matrix_ssl_bin_dir_path }}/lets-encrypt-certificates-renew" mode: 0755 - name: Ensure SSL renewal systemd units installed @@ -63,5 +50,5 @@ - name: Ensure Let's Encrypt SSL renewal script removed ansible.builtin.file: - path: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew" + path: "{{ matrix_ssl_bin_dir_path }}/lets-encrypt-certificates-renew" state: absent diff --git a/roles/custom/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 b/roles/custom/matrix-nginx-proxy/templates/bin/lets-encrypt-certificates-renew.j2 similarity index 100% rename from roles/custom/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 rename to roles/custom/matrix-nginx-proxy/templates/bin/lets-encrypt-certificates-renew.j2 diff --git a/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.service.j2 b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.service.j2 index c7f372d9a..b2f07aca7 100644 --- a/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.service.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.service.j2 @@ -4,4 +4,4 @@ Description=Renews Let's Encrypt SSL certificates [Service] Type=oneshot Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" -ExecStart={{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew +ExecStart={{ matrix_ssl_bin_dir_path }}/lets-encrypt-certificates-renew