diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 25006590e..e12a94fbd 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -297,7 +297,7 @@ devture_systemd_service_manager_services_list_auto: | ([{ 'name': 'matrix-authentication-service.service', 'priority': 2200, - 'restart_necessary': true, + 'restart_necessary': (matrix_authentication_service_restart_necessary | bool), 'groups': ['matrix', 'matrix-authentication-service'], }] if matrix_authentication_service_enabled else []) + @@ -584,7 +584,7 @@ devture_systemd_service_manager_services_list_auto: | ([{ 'name': (cinny_identifier + '.service'), 'priority': 2000, - 'restart_necessary': true, + 'restart_necessary': (cinny_restart_necessary | bool), 'groups': ['matrix', 'clients', 'cinny', 'client-cinny'], }] if cinny_enabled else []) + @@ -724,7 +724,7 @@ devture_systemd_service_manager_services_list_auto: | ([{ 'name': (exim_relay_identifier ~ '.service'), 'priority': 800, - 'restart_necessary': true, + 'restart_necessary': (exim_relay_restart_necessary | bool), 'groups': ['matrix', 'mailer', 'exim-relay'], }] if exim_relay_enabled else []) + @@ -738,7 +738,7 @@ devture_systemd_service_manager_services_list_auto: | ([{ 'name': (postgres_identifier + '.service'), 'priority': 500, - 'restart_necessary': true, + 'restart_necessary': (postgres_restart_necessary | bool), 'groups': ['matrix', 'postgres'], }] if postgres_enabled else []) + @@ -815,7 +815,7 @@ devture_systemd_service_manager_services_list_auto: | ([{ 'name': (livekit_server_identifier + '.service'), 'priority': 3000, - 'restart_necessary': true, + 'restart_necessary': (livekit_server_restart_necessary | bool), 'groups': ['matrix', 'livekit-server'], }] if livekit_server_enabled else []) + @@ -892,7 +892,7 @@ devture_systemd_service_manager_services_list_auto: | ([{ 'name': (container_socket_proxy_identifier + '.service'), 'priority': 200, - 'restart_necessary': true, + 'restart_necessary': (container_socket_proxy_restart_necessary | bool), 'groups': ['matrix', 'reverse-proxies', 'container-socket-proxy'], }] if container_socket_proxy_enabled else []) + @@ -906,7 +906,7 @@ devture_systemd_service_manager_services_list_auto: | ([{ 'name': (traefik_certs_dumper_identifier + '.service'), 'priority': 300, - 'restart_necessary': true, + 'restart_necessary': (traefik_certs_dumper_restart_necessary | bool), 'groups': ['matrix', 'traefik-certs-dumper'], }] if traefik_certs_dumper_enabled else []) }} diff --git a/requirements.yml b/requirements.yml index 3243f0675..634757355 100644 --- a/requirements.yml +++ b/requirements.yml @@ -7,10 +7,10 @@ version: v1.4.3-2.1.1-0 name: backup_borg - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-cinny.git - version: v4.10.2-1 + version: v4.10.2-2 name: cinny - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-container-socket-proxy.git - version: v0.4.2-1 + version: v0.4.2-2 name: container_socket_proxy - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-coturn.git version: v4.8.0-1 @@ -30,7 +30,7 @@ version: v2.6.1-0 name: etherpad - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git - version: v4.98.1-r0-2-2 + version: v4.98.1-r0-2-3 name: exim_relay - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-grafana.git version: v11.6.5-6 @@ -42,7 +42,7 @@ version: v10741-0 name: jitsi - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git - version: v1.9.11-0 + version: v1.9.11-1 name: livekit_server - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git version: v2.17.0-0 @@ -57,7 +57,7 @@ version: dd6e15246b7a9a2d921e0b3f9cd8a4a917a1bb2f name: playbook_state_preserver - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres.git - version: v18.2-0 + version: v18.2-1 name: postgres - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup.git version: v18-0 @@ -84,7 +84,7 @@ version: v3.6.8-3 name: traefik - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git - version: v2.10.0-4 + version: v2.10.0-5 name: traefik_certs_dumper - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-valkey.git version: v9.0.2-0 diff --git a/roles/custom/matrix-authentication-service/defaults/main.yml b/roles/custom/matrix-authentication-service/defaults/main.yml index 3e66116b9..5569864ee 100644 --- a/roles/custom/matrix-authentication-service/defaults/main.yml +++ b/roles/custom/matrix-authentication-service/defaults/main.yml @@ -654,6 +654,16 @@ matrix_authentication_service_migration_in_progress: false # Ref: https://element-hq.github.io/matrix-authentication-service/topics/admin-api.html#enabling-the-api matrix_authentication_service_admin_api_enabled: false +# matrix_authentication_service_restart_necessary controls whether the service +# will be restarted (when true) or merely started (when false) by the +# systemd service manager role (when conditional restart is enabled). +# +# This value is automatically computed during installation based on whether +# any configuration files, the systemd service file, or the container image changed. +# The default of `false` means "no restart needed" — appropriate when the role's +# installation tasks haven't run (e.g., due to --tags skipping them). +matrix_authentication_service_restart_necessary: false + ######################################################################################## # # # /Misc # diff --git a/roles/custom/matrix-authentication-service/tasks/install.yml b/roles/custom/matrix-authentication-service/tasks/install.yml index 89ee7943b..c644b034a 100644 --- a/roles/custom/matrix-authentication-service/tasks/install.yml +++ b/roles/custom/matrix-authentication-service/tasks/install.yml @@ -40,6 +40,7 @@ mode: 0644 owner: "{{ matrix_user_name }}" group: "{{ matrix_group_name }}" + register: matrix_authentication_service_config_result - name: Ensure Matrix Authentication Service support files created ansible.builtin.template: @@ -61,6 +62,7 @@ - src: "{{ role_path }}/templates/bin/mas-cli.j2" dest: "{{ matrix_authentication_service_bin_path }}/mas-cli" mode: '0755' + register: matrix_authentication_service_support_files_result - name: Ensure Matrix Authentication Service container image is pulled community.docker.docker_image: @@ -69,10 +71,10 @@ force_source: "{{ matrix_authentication_service_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_authentication_service_container_image_force_pull }}" when: "not matrix_authentication_service_container_image_self_build | bool" - register: result + register: matrix_authentication_service_container_image_pull_result retries: "{{ devture_playbook_help_container_retries_count }}" delay: "{{ devture_playbook_help_container_retries_delay }}" - until: result is not failed + until: matrix_authentication_service_container_image_pull_result is not failed - when: "matrix_authentication_service_container_image_self_build | bool" block: @@ -105,3 +107,14 @@ src: "{{ role_path }}/templates/systemd/matrix-authentication-service.service.j2" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-authentication-service.service" mode: 0644 + register: matrix_authentication_service_systemd_service_result + +- name: Determine whether Matrix Authentication Service needs a restart + ansible.builtin.set_fact: + matrix_authentication_service_restart_necessary: >- + {{ + matrix_authentication_service_config_result.changed | default(false) + or matrix_authentication_service_support_files_result.changed | default(false) + or matrix_authentication_service_systemd_service_result.changed | default(false) + or matrix_authentication_service_container_image_pull_result.changed | default(false) + }}