Add support for Debian (9+) and Ubuntu (16.04+)
This commit is contained in:
parent
13ab9eb238
commit
ded7c274f6
@ -31,6 +31,8 @@ This is similar to the [EMnify/matrix-synapse-auto-deploy](https://github.com/EM
|
|||||||
|
|
||||||
- this one **can be re-ran many times** without causing trouble
|
- this one **can be re-ran many times** without causing trouble
|
||||||
|
|
||||||
|
- works on both **CentOS** (7.0+) and Debian-based distributions (**Debian** 9/Stretch+, **Ubuntu** 16.04+)
|
||||||
|
|
||||||
- this one **runs everything in Docker containers** (like [silviof/docker-matrix](https://hub.docker.com/r/silviof/docker-matrix/) and [silviof/matrix-riot-docker](https://hub.docker.com/r/silviof/matrix-riot-docker/)), so it's likely more predictable
|
- this one **runs everything in Docker containers** (like [silviof/docker-matrix](https://hub.docker.com/r/silviof/docker-matrix/) and [silviof/matrix-riot-docker](https://hub.docker.com/r/silviof/matrix-riot-docker/)), so it's likely more predictable
|
||||||
|
|
||||||
- this one retrieves and automatically renews free [Let's Encrypt](https://letsencrypt.org/) **SSL certificates** for you
|
- this one retrieves and automatically renews free [Let's Encrypt](https://letsencrypt.org/) **SSL certificates** for you
|
||||||
@ -50,7 +52,7 @@ Special thanks goes to:
|
|||||||
|
|
||||||
## Prerequisites
|
## Prerequisites
|
||||||
|
|
||||||
- **CentOS server** with no services running on port 80/443 (making this run on non-CentOS servers should be possible in the future)
|
- **CentOS** (7.0+), **Debian** (9/Stretch+) or **Ubuntu** (16.04+) server with no services running on port 80/443
|
||||||
|
|
||||||
- the [Ansible](http://ansible.com/) program, which is used to run this playbook and configures everything for you
|
- the [Ansible](http://ansible.com/) program, which is used to run this playbook and configures everything for you
|
||||||
|
|
||||||
|
@ -17,7 +17,7 @@
|
|||||||
key: https://download.docker.com/linux/centos/gpg
|
key: https://download.docker.com/linux/centos/gpg
|
||||||
when: ansible_distribution == 'CentOS'
|
when: ansible_distribution == 'CentOS'
|
||||||
|
|
||||||
- name: Ensure yum packages are installed (base)
|
- name: Ensure yum packages are installed (CentOS)
|
||||||
yum: name="{{ item }}" state=latest update_cache=yes
|
yum: name="{{ item }}" state=latest update_cache=yes
|
||||||
with_items:
|
with_items:
|
||||||
- bash-completion
|
- bash-completion
|
||||||
@ -27,14 +27,54 @@
|
|||||||
- ntp
|
- ntp
|
||||||
when: ansible_distribution == 'CentOS'
|
when: ansible_distribution == 'CentOS'
|
||||||
|
|
||||||
|
- name: Ensure APT usage dependencies are installed (Debian)
|
||||||
|
apt:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
update_cache: yes
|
||||||
|
with_items:
|
||||||
|
- apt-transport-https
|
||||||
|
- ca-certificates
|
||||||
|
when: ansible_os_family == 'Debian'
|
||||||
|
|
||||||
|
- name: Ensure Docker's APT key is trusted (Debian)
|
||||||
|
apt_key:
|
||||||
|
url: https://download.docker.com/linux/ubuntu/gpg
|
||||||
|
id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
|
||||||
|
state: present
|
||||||
|
register: add_repository_key
|
||||||
|
ignore_errors: true
|
||||||
|
when: ansible_os_family == 'Debian'
|
||||||
|
|
||||||
|
- name: Ensure Docker repository is enabled (Debian)
|
||||||
|
apt_repository:
|
||||||
|
repo: "deb https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable"
|
||||||
|
state: present
|
||||||
|
update_cache: yes
|
||||||
|
when: ansible_os_family == 'Debian'
|
||||||
|
|
||||||
|
- name: Ensure APT packages are installed (Debian)
|
||||||
|
apt: name="{{ item }}" state=latest update_cache=yes
|
||||||
|
with_items:
|
||||||
|
- bash-completion
|
||||||
|
- docker-ce
|
||||||
|
- python-docker
|
||||||
|
- ntp
|
||||||
|
when: ansible_os_family == 'Debian'
|
||||||
|
|
||||||
- name: Ensure firewalld is started and autoruns
|
- name: Ensure firewalld is started and autoruns
|
||||||
service: name=firewalld state=started enabled=yes
|
service: name=firewalld state=started enabled=yes
|
||||||
|
when: ansible_os_family == 'RedHat'
|
||||||
|
|
||||||
- name: Ensure Docker is started and autoruns
|
- name: Ensure Docker is started and autoruns
|
||||||
service: name=docker state=started enabled=yes
|
service: name=docker state=started enabled=yes
|
||||||
|
|
||||||
- name: Ensure ntpd is started and autoruns
|
- name: Ensure ntpd is started and autoruns
|
||||||
service: name=ntpd state=started enabled=yes
|
service:
|
||||||
|
name: "{{ 'ntpd' if ansible_os_family == 'RedHat' else 'ntp' }}"
|
||||||
|
state: started
|
||||||
|
enabled: yes
|
||||||
|
|
||||||
- name: Ensure SELinux disabled
|
- name: Ensure SELinux disabled
|
||||||
selinux: state=disabled
|
selinux: state=disabled
|
||||||
|
when: ansible_os_family == 'RedHat'
|
@ -33,6 +33,7 @@
|
|||||||
with_items:
|
with_items:
|
||||||
- "http"
|
- "http"
|
||||||
- "https"
|
- "https"
|
||||||
|
when: ansible_os_family == 'RedHat'
|
||||||
|
|
||||||
- name: Ensure matrix-nginx-proxy.service installed
|
- name: Ensure matrix-nginx-proxy.service installed
|
||||||
template:
|
template:
|
||||||
|
@ -9,6 +9,7 @@
|
|||||||
with_items:
|
with_items:
|
||||||
- http
|
- http
|
||||||
- https
|
- https
|
||||||
|
when: ansible_os_family == 'RedHat'
|
||||||
|
|
||||||
- name: Ensure acmetool Docker image is pulled
|
- name: Ensure acmetool Docker image is pulled
|
||||||
docker_image:
|
docker_image:
|
||||||
|
@ -136,6 +136,7 @@
|
|||||||
- '3478/tcp' # STUN
|
- '3478/tcp' # STUN
|
||||||
- '3478/udp' # STUN
|
- '3478/udp' # STUN
|
||||||
- "{{ matrix_coturn_turn_udp_min_port }}-{{ matrix_coturn_turn_udp_max_port }}/udp" # TURN
|
- "{{ matrix_coturn_turn_udp_min_port }}-{{ matrix_coturn_turn_udp_max_port }}/udp" # TURN
|
||||||
|
when: ansible_os_family == 'RedHat'
|
||||||
|
|
||||||
- name: Ensure matrix-synapse.service installed
|
- name: Ensure matrix-synapse.service installed
|
||||||
template:
|
template:
|
||||||
|
@ -15,7 +15,7 @@ Requires=matrix-s3fs.service
|
|||||||
Type=simple
|
Type=simple
|
||||||
ExecStartPre=-/usr/bin/docker kill matrix-synapse
|
ExecStartPre=-/usr/bin/docker kill matrix-synapse
|
||||||
ExecStartPre=-/usr/bin/docker rm matrix-synapse
|
ExecStartPre=-/usr/bin/docker rm matrix-synapse
|
||||||
ExecStartPre=-/usr/bin/chown {{ matrix_user_username }}:{{ matrix_user_username }} {{ ssl_certs_path }} -R
|
ExecStartPre=-{{ '/usr/bin/chown' if ansible_os_family == 'RedHat' else '/bin/chown' }} {{ matrix_user_username }}:{{ matrix_user_username }} {{ ssl_certs_path }} -R
|
||||||
ExecStart=/usr/bin/docker run --rm --name matrix-synapse \
|
ExecStart=/usr/bin/docker run --rm --name matrix-synapse \
|
||||||
{% if not matrix_postgres_use_external %}
|
{% if not matrix_postgres_use_external %}
|
||||||
--link matrix-postgres:{{ matrix_postgres_connection_hostname }} \
|
--link matrix-postgres:{{ matrix_postgres_connection_hostname }} \
|
||||||
|
Loading…
Reference in New Issue
Block a user