More ansible-lint fixes
This commit is contained in:
Slavi Pantaleev
@ -1,9 +1,9 @@
|
||||
---
|
||||
- ansible.builtin.set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-nginx-proxy.service'] }}"
|
||||
when: matrix_nginx_proxy_enabled|bool
|
||||
when: matrix_nginx_proxy_enabled | bool
|
||||
|
||||
- ansible.builtin.set_fact:
|
||||
matrix_systemd_services_list: "{{ matrix_systemd_services_list + [item.name] }}"
|
||||
when: "item.applicable|bool and item.enableable|bool"
|
||||
when: "item.applicable | bool and item.enableable | bool"
|
||||
with_items: "{{ matrix_ssl_renewal_systemd_units_list }}"
|
||||
|
||||
@ -1,34 +1,34 @@
|
||||
---
|
||||
- import_tasks: "{{ role_path }}/tasks/init.yml"
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/init.yml"
|
||||
tags:
|
||||
- always
|
||||
|
||||
# Always validating the configuration, even if `matrix_nginx_proxy: false`.
|
||||
# This role performs actions even if the role is disabled, so we need
|
||||
# to ensure there's a valid configuration in any case.
|
||||
- import_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||
when: run_setup|bool
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/validate_config.yml"
|
||||
when: run_setup | bool
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-nginx-proxy
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/ssl/main.yml"
|
||||
when: run_setup|bool
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ssl/main.yml"
|
||||
when: run_setup | bool
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-nginx-proxy
|
||||
- setup-ssl
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/setup_nginx_proxy.yml"
|
||||
when: run_setup|bool
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/setup_nginx_proxy.yml"
|
||||
when: run_setup | bool
|
||||
tags:
|
||||
- setup-all
|
||||
- setup-nginx-proxy
|
||||
|
||||
- import_tasks: "{{ role_path }}/tasks/self_check_well_known.yml"
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/tasks/self_check_well_known.yml"
|
||||
delegate_to: 127.0.0.1
|
||||
become: false
|
||||
when: run_self_check|bool
|
||||
when: run_self_check | bool
|
||||
tags:
|
||||
- self-check
|
||||
|
||||
|
||||
@ -21,10 +21,10 @@
|
||||
- name: Determine domains that we require certificates for (ma1sd)
|
||||
ansible.builtin.set_fact:
|
||||
well_known_file_checks: "{{ well_known_file_checks + [well_known_file_check_matrix_server] }}"
|
||||
when: matrix_well_known_matrix_server_enabled|bool
|
||||
when: matrix_well_known_matrix_server_enabled | bool
|
||||
|
||||
- name: Perform well-known checks
|
||||
include_tasks: "{{ role_path }}/tasks/self_check_well_known_file.yml"
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/self_check_well_known_file.yml"
|
||||
with_items: "{{ well_known_file_checks }}"
|
||||
loop_control:
|
||||
loop_var: well_known_file_check
|
||||
|
||||
@ -22,128 +22,128 @@
|
||||
- {path: "{{ matrix_nginx_proxy_data_path }}", when: true}
|
||||
- {path: "{{ matrix_nginx_proxy_confd_path }}", when: true}
|
||||
- {path: "{{ matrix_nginx_proxy_synapse_cache_path }}", when: "{{ matrix_nginx_proxy_synapse_cache_enabled and not matrix_nginx_proxy_enabled }}"}
|
||||
when: item.when|bool
|
||||
when: item.when | bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configured (main config override)
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/templates/nginx/nginx.conf.j2"
|
||||
dest: "{{ matrix_nginx_proxy_base_path }}/nginx.conf"
|
||||
mode: 0644
|
||||
when: matrix_nginx_proxy_enabled|bool
|
||||
when: matrix_nginx_proxy_enabled | bool
|
||||
|
||||
- name: Setup metrics
|
||||
include_tasks: "{{ role_path }}/tasks/nginx-proxy/setup_metrics_auth.yml"
|
||||
when: matrix_nginx_proxy_proxy_matrix_metrics_enabled|bool and matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled|bool
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/nginx-proxy/setup_metrics_auth.yml"
|
||||
when: matrix_nginx_proxy_proxy_matrix_metrics_enabled | bool and matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled | bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configured (generic)
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/templates/nginx/conf.d/nginx-http.conf.j2"
|
||||
dest: "{{ matrix_nginx_proxy_confd_path }}/nginx-http.conf"
|
||||
mode: 0644
|
||||
when: matrix_nginx_proxy_enabled|bool
|
||||
when: matrix_nginx_proxy_enabled | bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for matrix-synapse exists
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/templates/nginx/conf.d/matrix-synapse.conf.j2"
|
||||
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-synapse.conf"
|
||||
mode: 0644
|
||||
when: matrix_nginx_proxy_proxy_synapse_enabled|bool
|
||||
when: matrix_nginx_proxy_proxy_synapse_enabled | bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for matrix-synapse deleted
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-synapse.conf"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_proxy_synapse_enabled|bool"
|
||||
when: "not matrix_nginx_proxy_proxy_synapse_enabled | bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for matrix-dendrite exists
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/templates/nginx/conf.d/matrix-dendrite.conf.j2"
|
||||
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-dendrite.conf"
|
||||
mode: 0644
|
||||
when: matrix_nginx_proxy_proxy_dendrite_enabled|bool
|
||||
when: matrix_nginx_proxy_proxy_dendrite_enabled | bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for matrix-dendrite deleted
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-dendrite.conf"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_proxy_dendrite_enabled|bool"
|
||||
when: "not matrix_nginx_proxy_proxy_dendrite_enabled | bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for Element domain exists
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/templates/nginx/conf.d/matrix-client-element.conf.j2"
|
||||
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-element.conf"
|
||||
mode: 0644
|
||||
when: matrix_nginx_proxy_proxy_element_enabled|bool
|
||||
when: matrix_nginx_proxy_proxy_element_enabled | bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for riot domain exists
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/templates/nginx/conf.d/matrix-riot-web.conf.j2"
|
||||
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-riot-web.conf"
|
||||
mode: 0644
|
||||
when: matrix_nginx_proxy_proxy_riot_compat_redirect_enabled|bool
|
||||
when: matrix_nginx_proxy_proxy_riot_compat_redirect_enabled | bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for Hydrogen domain exists
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/templates/nginx/conf.d/matrix-client-hydrogen.conf.j2"
|
||||
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-hydrogen.conf"
|
||||
mode: 0644
|
||||
when: matrix_nginx_proxy_proxy_hydrogen_enabled|bool
|
||||
when: matrix_nginx_proxy_proxy_hydrogen_enabled | bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for Cinny domain exists
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/templates/nginx/conf.d/matrix-client-cinny.conf.j2"
|
||||
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-cinny.conf"
|
||||
mode: 0644
|
||||
when: matrix_nginx_proxy_proxy_cinny_enabled|bool
|
||||
when: matrix_nginx_proxy_proxy_cinny_enabled | bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for buscarron domain exists
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2"
|
||||
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-bot-buscarron.conf"
|
||||
mode: 0644
|
||||
when: matrix_nginx_proxy_proxy_buscarron_enabled|bool
|
||||
when: matrix_nginx_proxy_proxy_buscarron_enabled | bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for dimension domain exists
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/templates/nginx/conf.d/matrix-dimension.conf.j2"
|
||||
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-dimension.conf"
|
||||
mode: 0644
|
||||
when: matrix_nginx_proxy_proxy_dimension_enabled|bool
|
||||
when: matrix_nginx_proxy_proxy_dimension_enabled | bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for goneb domain exists
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/templates/nginx/conf.d/matrix-bot-go-neb.conf.j2"
|
||||
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-bot-go-neb.conf"
|
||||
mode: 0644
|
||||
when: matrix_nginx_proxy_proxy_bot_go_neb_enabled|bool
|
||||
when: matrix_nginx_proxy_proxy_bot_go_neb_enabled | bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for jitsi domain exists
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/templates/nginx/conf.d/matrix-jitsi.conf.j2"
|
||||
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-jitsi.conf"
|
||||
mode: 0644
|
||||
when: matrix_nginx_proxy_proxy_jitsi_enabled|bool
|
||||
when: matrix_nginx_proxy_proxy_jitsi_enabled | bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for grafana domain exists
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/templates/nginx/conf.d/matrix-grafana.conf.j2"
|
||||
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-grafana.conf"
|
||||
mode: 0644
|
||||
when: matrix_nginx_proxy_proxy_grafana_enabled|bool
|
||||
when: matrix_nginx_proxy_proxy_grafana_enabled | bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for sygnal domain exists
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/templates/nginx/conf.d/matrix-sygnal.conf.j2"
|
||||
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-sygnal.conf"
|
||||
mode: 0644
|
||||
when: matrix_nginx_proxy_proxy_sygnal_enabled|bool
|
||||
when: matrix_nginx_proxy_proxy_sygnal_enabled | bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for ntfy domain exists
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/templates/nginx/conf.d/matrix-ntfy.conf.j2"
|
||||
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-ntfy.conf"
|
||||
mode: 0644
|
||||
when: matrix_nginx_proxy_proxy_ntfy_enabled|bool
|
||||
when: matrix_nginx_proxy_proxy_ntfy_enabled | bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for Matrix domain exists
|
||||
ansible.builtin.template:
|
||||
@ -158,7 +158,7 @@
|
||||
mode: 0750
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
when: matrix_nginx_proxy_base_domain_serving_enabled|bool and matrix_nginx_proxy_base_domain_create_directory|bool
|
||||
when: matrix_nginx_proxy_base_domain_serving_enabled | bool and matrix_nginx_proxy_base_domain_create_directory | bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy homepage for base domain exists
|
||||
ansible.builtin.copy:
|
||||
@ -167,14 +167,14 @@
|
||||
mode: 0644
|
||||
owner: "{{ matrix_user_username }}"
|
||||
group: "{{ matrix_user_groupname }}"
|
||||
when: matrix_nginx_proxy_base_domain_serving_enabled|bool and matrix_nginx_proxy_base_domain_homepage_enabled|bool and matrix_nginx_proxy_base_domain_create_directory|bool
|
||||
when: matrix_nginx_proxy_base_domain_serving_enabled | bool and matrix_nginx_proxy_base_domain_homepage_enabled | bool and matrix_nginx_proxy_base_domain_create_directory | bool
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for base domain exists
|
||||
ansible.builtin.template:
|
||||
src: "{{ role_path }}/templates/nginx/conf.d/matrix-base-domain.conf.j2"
|
||||
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-base-domain.conf"
|
||||
mode: 0644
|
||||
when: matrix_nginx_proxy_base_domain_serving_enabled|bool
|
||||
when: matrix_nginx_proxy_base_domain_serving_enabled | bool
|
||||
|
||||
#
|
||||
# Tasks related to setting up matrix-nginx-proxy
|
||||
@ -185,7 +185,7 @@
|
||||
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
||||
force_source: "{{ matrix_nginx_proxy_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_nginx_proxy_docker_image_force_pull }}"
|
||||
when: matrix_nginx_proxy_enabled|bool
|
||||
when: matrix_nginx_proxy_enabled | bool
|
||||
register: result
|
||||
retries: "{{ matrix_container_retries_count }}"
|
||||
delay: "{{ matrix_container_retries_delay }}"
|
||||
@ -197,7 +197,7 @@
|
||||
dest: "{{ matrix_systemd_path }}/matrix-nginx-proxy.service"
|
||||
mode: 0644
|
||||
register: matrix_nginx_proxy_systemd_service_result
|
||||
when: matrix_nginx_proxy_enabled|bool
|
||||
when: matrix_nginx_proxy_enabled | bool
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-nginx-proxy.service installation
|
||||
ansible.builtin.service:
|
||||
@ -210,10 +210,10 @@
|
||||
#
|
||||
|
||||
- name: Check existence of matrix-nginx-proxy service
|
||||
stat:
|
||||
ansible.builtin.stat:
|
||||
path: "{{ matrix_systemd_path }}/matrix-nginx-proxy.service"
|
||||
register: matrix_nginx_proxy_service_stat
|
||||
when: "not matrix_nginx_proxy_enabled|bool"
|
||||
when: "not matrix_nginx_proxy_enabled | bool"
|
||||
|
||||
- name: Ensure matrix-nginx-proxy is stopped
|
||||
ansible.builtin.service:
|
||||
@ -222,102 +222,102 @@
|
||||
enabled: false
|
||||
daemon_reload: true
|
||||
register: stopping_result
|
||||
when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists"
|
||||
when: "not matrix_nginx_proxy_enabled | bool and matrix_nginx_proxy_service_stat.stat.exists"
|
||||
|
||||
- name: Ensure matrix-nginx-proxy.service doesn't exist
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_systemd_path }}/matrix-nginx-proxy.service"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists"
|
||||
when: "not matrix_nginx_proxy_enabled | bool and matrix_nginx_proxy_service_stat.stat.exists"
|
||||
|
||||
- name: Ensure systemd reloaded after matrix-nginx-proxy.service removal
|
||||
ansible.builtin.service:
|
||||
daemon_reload: true
|
||||
when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists"
|
||||
when: "not matrix_nginx_proxy_enabled | bool and matrix_nginx_proxy_service_stat.stat.exists"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for matrix domain deleted
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-domain.conf"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_proxy_matrix_enabled|bool"
|
||||
when: "not matrix_nginx_proxy_proxy_matrix_enabled | bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for riot domain deleted
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-riot-web.conf"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_proxy_riot_compat_redirect_enabled|bool"
|
||||
when: "not matrix_nginx_proxy_proxy_riot_compat_redirect_enabled | bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for Hydrogen domain deleted
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-hydrogen.conf"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_proxy_hydrogen_enabled|bool"
|
||||
when: "not matrix_nginx_proxy_proxy_hydrogen_enabled | bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for Cinny domain deleted
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-cinny.conf"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_proxy_cinny_enabled|bool"
|
||||
when: "not matrix_nginx_proxy_proxy_cinny_enabled | bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for buscarron domain deleted
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-bot-buscarron.conf"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_proxy_buscarron_enabled|bool"
|
||||
when: "not matrix_nginx_proxy_proxy_buscarron_enabled | bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for dimension domain deleted
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-dimension.conf"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_proxy_dimension_enabled|bool"
|
||||
when: "not matrix_nginx_proxy_proxy_dimension_enabled | bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for goneb domain deleted
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-bot-go-neb.conf"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_proxy_bot_go_neb_enabled|bool"
|
||||
when: "not matrix_nginx_proxy_proxy_bot_go_neb_enabled | bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for jitsi domain deleted
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-jitsi.conf"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_proxy_jitsi_enabled|bool"
|
||||
when: "not matrix_nginx_proxy_proxy_jitsi_enabled | bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for grafana domain deleted
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-grafana.conf"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_proxy_grafana_enabled|bool"
|
||||
when: "not matrix_nginx_proxy_proxy_grafana_enabled | bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for sygnal domain deleted
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-sygnal.conf"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_proxy_sygnal_enabled|bool"
|
||||
when: "not matrix_nginx_proxy_proxy_sygnal_enabled | bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for ntfy domain deleted
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-ntfy.conf"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_proxy_ntfy_enabled|bool"
|
||||
when: "not matrix_nginx_proxy_proxy_ntfy_enabled | bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy homepage for base domain deleted
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain/index.html"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_base_domain_serving_enabled|bool"
|
||||
when: "not matrix_nginx_proxy_base_domain_serving_enabled | bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for base domain deleted
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-base-domain.conf"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_base_domain_serving_enabled|bool"
|
||||
when: "not matrix_nginx_proxy_base_domain_serving_enabled | bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy configuration for main config override deleted
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_nginx_proxy_base_path }}/nginx.conf"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_enabled|bool"
|
||||
when: "not matrix_nginx_proxy_enabled | bool"
|
||||
|
||||
- name: Ensure Matrix nginx-proxy htpasswd is deleted (protecting /_synapse/metrics URI)
|
||||
ansible.builtin.file:
|
||||
@ -334,4 +334,4 @@
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_nginx_proxy_data_path }}/matrix-metrics-htpasswd"
|
||||
state: absent
|
||||
when: "not matrix_nginx_proxy_proxy_matrix_metrics_enabled|bool or not matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled|bool"
|
||||
when: "not matrix_nginx_proxy_proxy_matrix_metrics_enabled | bool or not matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled | bool"
|
||||
|
||||
@ -29,8 +29,8 @@
|
||||
|
||||
# Method specific tasks follow
|
||||
|
||||
- import_tasks: tasks/ssl/setup_ssl_lets_encrypt.yml
|
||||
- ansible.builtin.import_tasks: tasks/ssl/setup_ssl_lets_encrypt.yml
|
||||
|
||||
- import_tasks: tasks/ssl/setup_ssl_self_signed.yml
|
||||
- ansible.builtin.import_tasks: tasks/ssl/setup_ssl_self_signed.yml
|
||||
|
||||
- import_tasks: tasks/ssl/setup_ssl_manually_managed.yml
|
||||
- ansible.builtin.import_tasks: tasks/ssl/setup_ssl_manually_managed.yml
|
||||
|
||||
@ -25,7 +25,7 @@
|
||||
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_ssl_lets_encrypt_certbot_docker_image_force_pull }}"
|
||||
|
||||
- name: Obtain Let's Encrypt certificates
|
||||
include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml"
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml"
|
||||
with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for }}"
|
||||
loop_control:
|
||||
loop_var: domain_name
|
||||
@ -41,7 +41,7 @@
|
||||
src: "{{ role_path }}/templates/systemd/{{ item.name }}.j2"
|
||||
dest: "{{ matrix_systemd_path }}/{{ item.name }}"
|
||||
mode: 0644
|
||||
when: "item.applicable|bool"
|
||||
when: "item.applicable | bool"
|
||||
with_items: "{{ matrix_ssl_renewal_systemd_units_list }}"
|
||||
when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
|
||||
|
||||
@ -54,7 +54,7 @@
|
||||
ansible.builtin.file:
|
||||
path: "{{ matrix_systemd_path }}/{{ item.name }}"
|
||||
state: absent
|
||||
when: "not item.applicable|bool"
|
||||
when: "not item.applicable | bool"
|
||||
with_items: "{{ matrix_ssl_renewal_systemd_units_list }}"
|
||||
|
||||
- name: Ensure Let's Encrypt SSL renewal script removed
|
||||
|
||||
@ -6,7 +6,7 @@
|
||||
domain_name_certificate_path: "{{ matrix_ssl_config_dir_path }}/live/{{ domain_name }}/fullchain.pem"
|
||||
|
||||
- name: Check if a certificate for the domain already exists
|
||||
stat:
|
||||
ansible.builtin.stat:
|
||||
path: "{{ domain_name_certificate_path }}"
|
||||
register: domain_name_certificate_path_stat
|
||||
|
||||
@ -21,10 +21,10 @@
|
||||
register: matrix_ssl_pre_obtaining_required_service_start_result
|
||||
|
||||
- name: Wait some time, so that the required service for obtaining can start
|
||||
wait_for:
|
||||
ansible.builtin.wait_for:
|
||||
timeout: "{{ matrix_ssl_pre_obtaining_required_service_start_wait_time_seconds }}"
|
||||
when: "matrix_ssl_pre_obtaining_required_service_start_result.changed|bool"
|
||||
when: "domain_name_needs_cert|bool and matrix_ssl_pre_obtaining_required_service_name != ''"
|
||||
when: "matrix_ssl_pre_obtaining_required_service_start_result.changed | bool"
|
||||
when: "domain_name_needs_cert | bool and matrix_ssl_pre_obtaining_required_service_name != ''"
|
||||
|
||||
# This will fail if there is something running on port 80 (like matrix-nginx-proxy).
|
||||
# We suppress the error, as we'll try another method below.
|
||||
@ -51,7 +51,7 @@
|
||||
--agree-tos
|
||||
--email={{ matrix_ssl_lets_encrypt_support_email }}
|
||||
-d {{ domain_name }}
|
||||
when: domain_name_needs_cert|bool
|
||||
when: domain_name_needs_cert | bool
|
||||
register: result_certbot_direct
|
||||
ignore_errors: true
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
|
||||
- name: Verify certificates
|
||||
include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml"
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_manually_managed_verify_for_domain.yml"
|
||||
with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for }}"
|
||||
loop_control:
|
||||
loop_var: domain_name
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
matrix_ssl_certificate_verification_cert_key_path: "{{ matrix_ssl_config_dir_path }}/live/{{ domain_name }}/privkey.pem"
|
||||
|
||||
- name: Check if SSL certificate file exists
|
||||
stat:
|
||||
ansible.builtin.stat:
|
||||
path: "{{ matrix_ssl_certificate_verification_cert_path }}"
|
||||
register: matrix_ssl_certificate_verification_cert_path_stat_result
|
||||
|
||||
@ -14,7 +14,7 @@
|
||||
when: "not matrix_ssl_certificate_verification_cert_path_stat_result.stat.exists"
|
||||
|
||||
- name: Check if SSL certificate key file exists
|
||||
stat:
|
||||
ansible.builtin.stat:
|
||||
path: "{{ matrix_ssl_certificate_verification_cert_key_path }}"
|
||||
register: matrix_ssl_certificate_verification_cert_key_path_stat_result
|
||||
|
||||
|
||||
@ -1,10 +1,10 @@
|
||||
---
|
||||
|
||||
- import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml"
|
||||
- ansible.builtin.import_tasks: "{{ role_path }}/../matrix-base/tasks/util/ensure_openssl_installed.yml"
|
||||
when: "matrix_ssl_retrieval_method == 'self-signed'"
|
||||
|
||||
- name: Generate self-signed certificates
|
||||
include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml"
|
||||
ansible.builtin.include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_self_signed_obtain_for_domain.yml"
|
||||
with_items: "{{ matrix_ssl_domains_to_obtain_certificates_for }}"
|
||||
loop_control:
|
||||
loop_var: domain_name
|
||||
|
||||
@ -6,7 +6,7 @@
|
||||
matrix_ssl_certificate_cert_key_path: "{{ matrix_ssl_config_dir_path }}/live/{{ domain_name }}/privkey.pem"
|
||||
|
||||
- name: Check if SSL certificate file exists
|
||||
stat:
|
||||
ansible.builtin.stat:
|
||||
path: "{{ matrix_ssl_certificate_cert_path }}"
|
||||
register: matrix_ssl_certificate_cert_path_stat_result
|
||||
|
||||
|
||||
@ -33,7 +33,7 @@
|
||||
Enabling Basic Auth for metrics (`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled`) requires:
|
||||
- either a username/password (provided in `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password`)
|
||||
- or raw htpasswd content (provided in `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content`)
|
||||
when: "matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled|bool and (matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content == '' and (matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username == '' or matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password == ''))"
|
||||
when: "matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled | bool and (matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content == '' and (matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username == '' or matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password == ''))"
|
||||
|
||||
- block:
|
||||
- name: (Deprecation) Catch and report renamed settings
|
||||
|
||||
@ -11,8 +11,8 @@ matrix_ssl_renewal_systemd_units_list:
|
||||
applicable: "{{ matrix_ssl_retrieval_method == 'lets-encrypt' }}"
|
||||
enableable: true
|
||||
- name: matrix-ssl-nginx-proxy-reload.service
|
||||
applicable: "{{ matrix_ssl_retrieval_method == 'lets-encrypt' and matrix_nginx_proxy_enabled|bool }}"
|
||||
applicable: "{{ matrix_ssl_retrieval_method == 'lets-encrypt' and matrix_nginx_proxy_enabled | bool }}"
|
||||
enableable: false
|
||||
- name: matrix-ssl-nginx-proxy-reload.timer
|
||||
applicable: "{{ matrix_ssl_retrieval_method == 'lets-encrypt' and matrix_nginx_proxy_enabled|bool }}"
|
||||
applicable: "{{ matrix_ssl_retrieval_method == 'lets-encrypt' and matrix_nginx_proxy_enabled | bool }}"
|
||||
enableable: true
|
||||
|
||||
Reference in New Issue
Block a user