finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add conditional restart support to remaining services

Browse Source 
Add change-tracking and restart_necessary computation for:
- matrix-authentication-service (custom role in this repo)
- container-socket-proxy, traefik-certs-dumper, postgres, exim-relay,
  cinny, livekit-server (external roles, bumped in requirements.yml)

Wire all 7 services in group_vars to use their _restart_necessary variable
instead of hardcoded true.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Slavi Pantaleev
2026-02-13 16:21:36 +02:00
parent 0d86610cbe
commit 985740e89d
4 changed files with 38 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
group_vars/matrix_servers
View File

@@ -297,7 +297,7 @@ devture_systemd_service_manager_services_list_auto: |
([{ ([{
'name': 'matrix-authentication-service.service', 'name': 'matrix-authentication-service.service',
'priority': 2200, 'priority': 2200,
'restart_necessary': true, 'restart_necessary': (matrix_authentication_service_restart_necessary | bool),
'groups': ['matrix', 'matrix-authentication-service'], 'groups': ['matrix', 'matrix-authentication-service'],
}] if matrix_authentication_service_enabled else []) }] if matrix_authentication_service_enabled else [])
+ +
@@ -584,7 +584,7 @@ devture_systemd_service_manager_services_list_auto: |
([{ ([{
'name': (cinny_identifier + '.service'), 'name': (cinny_identifier + '.service'),
'priority': 2000, 'priority': 2000,
'restart_necessary': true, 'restart_necessary': (cinny_restart_necessary | bool),
'groups': ['matrix', 'clients', 'cinny', 'client-cinny'], 'groups': ['matrix', 'clients', 'cinny', 'client-cinny'],
}] if cinny_enabled else []) }] if cinny_enabled else [])
+ +
@@ -724,7 +724,7 @@ devture_systemd_service_manager_services_list_auto: |
([{ ([{
'name': (exim_relay_identifier ~ '.service'), 'name': (exim_relay_identifier ~ '.service'),
'priority': 800, 'priority': 800,
'restart_necessary': true, 'restart_necessary': (exim_relay_restart_necessary | bool),
'groups': ['matrix', 'mailer', 'exim-relay'], 'groups': ['matrix', 'mailer', 'exim-relay'],
}] if exim_relay_enabled else []) }] if exim_relay_enabled else [])
+ +
@@ -738,7 +738,7 @@ devture_systemd_service_manager_services_list_auto: |
([{ ([{
'name': (postgres_identifier + '.service'), 'name': (postgres_identifier + '.service'),
'priority': 500, 'priority': 500,
'restart_necessary': true, 'restart_necessary': (postgres_restart_necessary | bool),
'groups': ['matrix', 'postgres'], 'groups': ['matrix', 'postgres'],
}] if postgres_enabled else []) }] if postgres_enabled else [])
+ +
@@ -815,7 +815,7 @@ devture_systemd_service_manager_services_list_auto: |
([{ ([{
'name': (livekit_server_identifier + '.service'), 'name': (livekit_server_identifier + '.service'),
'priority': 3000, 'priority': 3000,
'restart_necessary': true, 'restart_necessary': (livekit_server_restart_necessary | bool),
'groups': ['matrix', 'livekit-server'], 'groups': ['matrix', 'livekit-server'],
}] if livekit_server_enabled else []) }] if livekit_server_enabled else [])
+ +
@@ -892,7 +892,7 @@ devture_systemd_service_manager_services_list_auto: |
([{ ([{
'name': (container_socket_proxy_identifier + '.service'), 'name': (container_socket_proxy_identifier + '.service'),
'priority': 200, 'priority': 200,
'restart_necessary': true, 'restart_necessary': (container_socket_proxy_restart_necessary | bool),
'groups': ['matrix', 'reverse-proxies', 'container-socket-proxy'], 'groups': ['matrix', 'reverse-proxies', 'container-socket-proxy'],
}] if container_socket_proxy_enabled else []) }] if container_socket_proxy_enabled else [])
+ +
@@ -906,7 +906,7 @@ devture_systemd_service_manager_services_list_auto: |
([{ ([{
'name': (traefik_certs_dumper_identifier + '.service'), 'name': (traefik_certs_dumper_identifier + '.service'),
'priority': 300, 'priority': 300,
'restart_necessary': true, 'restart_necessary': (traefik_certs_dumper_restart_necessary | bool),
'groups': ['matrix', 'traefik-certs-dumper'], 'groups': ['matrix', 'traefik-certs-dumper'],
}] if traefik_certs_dumper_enabled else []) }] if traefik_certs_dumper_enabled else [])
}} }}

12
requirements.yml
View File

@@ -7,10 +7,10 @@
version: v1.4.3-2.1.1-0 version: v1.4.3-2.1.1-0
name: backup_borg name: backup_borg
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-cinny.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-cinny.git
version: v4.10.2-1 version: v4.10.2-2
name: cinny name: cinny
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-container-socket-proxy.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-container-socket-proxy.git
version: v0.4.2-1 version: v0.4.2-2
name: container_socket_proxy name: container_socket_proxy
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-coturn.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-coturn.git
version: v4.8.0-1 version: v4.8.0-1
@@ -30,7 +30,7 @@
version: v2.6.1-0 version: v2.6.1-0
name: etherpad name: etherpad
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-exim-relay.git
version: v4.98.1-r0-2-2 version: v4.98.1-r0-2-3
name: exim_relay name: exim_relay
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-grafana.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-grafana.git
version: v11.6.5-6 version: v11.6.5-6
@@ -42,7 +42,7 @@
version: v10741-0 version: v10741-0
name: jitsi name: jitsi
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-livekit-server.git
version: v1.9.11-0 version: v1.9.11-1
name: livekit_server name: livekit_server
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-ntfy.git
version: v2.17.0-0 version: v2.17.0-0
@@ -57,7 +57,7 @@
version: dd6e15246b7a9a2d921e0b3f9cd8a4a917a1bb2f version: dd6e15246b7a9a2d921e0b3f9cd8a4a917a1bb2f
name: playbook_state_preserver name: playbook_state_preserver
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres.git
version: v18.2-0 version: v18.2-1
name: postgres name: postgres
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-postgres-backup.git
version: v18-0 version: v18-0
@@ -84,7 +84,7 @@
version: v3.6.8-3 version: v3.6.8-3
name: traefik name: traefik
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-traefik-certs-dumper.git
version: v2.10.0-4 version: v2.10.0-5
name: traefik_certs_dumper name: traefik_certs_dumper
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-valkey.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-valkey.git
version: v9.0.2-0 version: v9.0.2-0

10
roles/custom/matrix-authentication-service/defaults/main.yml
View File

@@ -654,6 +654,16 @@ matrix_authentication_service_migration_in_progress: false
# Ref: https://element-hq.github.io/matrix-authentication-service/topics/admin-api.html#enabling-the-api # Ref: https://element-hq.github.io/matrix-authentication-service/topics/admin-api.html#enabling-the-api
matrix_authentication_service_admin_api_enabled: false matrix_authentication_service_admin_api_enabled: false
# matrix_authentication_service_restart_necessary controls whether the service
# will be restarted (when true) or merely started (when false) by the
# systemd service manager role (when conditional restart is enabled).
#
# This value is automatically computed during installation based on whether
# any configuration files, the systemd service file, or the container image changed.
# The default of `false` means "no restart needed" — appropriate when the role's
# installation tasks haven't run (e.g., due to --tags skipping them).
matrix_authentication_service_restart_necessary: false
######################################################################################## ########################################################################################
# # # #
# /Misc # # /Misc #

17
roles/custom/matrix-authentication-service/tasks/install.yml
View File

@@ -40,6 +40,7 @@
mode: 0644 mode: 0644
owner: "{{ matrix_user_name }}" owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}" group: "{{ matrix_group_name }}"
register: matrix_authentication_service_config_result
- name: Ensure Matrix Authentication Service support files created - name: Ensure Matrix Authentication Service support files created
ansible.builtin.template: ansible.builtin.template:
@@ -61,6 +62,7 @@
- src: "{{ role_path }}/templates/bin/mas-cli.j2" - src: "{{ role_path }}/templates/bin/mas-cli.j2"
dest: "{{ matrix_authentication_service_bin_path }}/mas-cli" dest: "{{ matrix_authentication_service_bin_path }}/mas-cli"
mode: '0755' mode: '0755'
register: matrix_authentication_service_support_files_result
- name: Ensure Matrix Authentication Service container image is pulled - name: Ensure Matrix Authentication Service container image is pulled
community.docker.docker_image: community.docker.docker_image:
@@ -69,10 +71,10 @@
force_source: "{{ matrix_authentication_service_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" force_source: "{{ matrix_authentication_service_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_authentication_service_container_image_force_pull }}" force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_authentication_service_container_image_force_pull }}"
when: "not matrix_authentication_service_container_image_self_build | bool" when: "not matrix_authentication_service_container_image_self_build | bool"
register: result register: matrix_authentication_service_container_image_pull_result
retries: "{{ devture_playbook_help_container_retries_count }}" retries: "{{ devture_playbook_help_container_retries_count }}"
delay: "{{ devture_playbook_help_container_retries_delay }}" delay: "{{ devture_playbook_help_container_retries_delay }}"
until: result is not failed until: matrix_authentication_service_container_image_pull_result is not failed
- when: "matrix_authentication_service_container_image_self_build | bool" - when: "matrix_authentication_service_container_image_self_build | bool"
block: block:
@@ -105,3 +107,14 @@
src: "{{ role_path }}/templates/systemd/matrix-authentication-service.service.j2" src: "{{ role_path }}/templates/systemd/matrix-authentication-service.service.j2"
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-authentication-service.service" dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-authentication-service.service"
mode: 0644 mode: 0644
register: matrix_authentication_service_systemd_service_result
- name: Determine whether Matrix Authentication Service needs a restart
ansible.builtin.set_fact:
matrix_authentication_service_restart_necessary: >-
{{
matrix_authentication_service_config_result.changed | default(false)
or matrix_authentication_service_support_files_result.changed | default(false)
or matrix_authentication_service_systemd_service_result.changed | default(false)
or matrix_authentication_service_container_image_pull_result.changed | default(false)
}}