51312b8250
As suggested in #63 (Github issue), splitting the playbook's logic into multiple roles will be beneficial for maintainability. This patch realizes this split. Still, some components affect others, so the roles are not really independent of one another. For example: - disabling mxisd (`matrix_mxisd_enabled: false`), causes Synapse and riot-web to reconfigure themselves with other (public) Identity servers. - enabling matrix-corporal (`matrix_corporal_enabled: true`) affects how reverse-proxying (by `matrix-nginx-proxy`) is done, in order to put matrix-corporal's gateway server in front of Synapse We may be able to move away from such dependencies in the future, at the expense of a more complicated manual configuration, but it's probably not worth sacrificing the convenience we have now. As part of this work, the way we do "start components" has been redone now to use a loop, as suggested in #65 (Github issue). This should make restarting faster and more reliable.
117 lines
3.8 KiB
YAML
117 lines
3.8 KiB
YAML
---
|
|
|
|
#
|
|
# Tasks related to setting up mxisd
|
|
#
|
|
|
|
- name: (Deprecation) Warn about mxisd variables that are not used anymore
|
|
fail:
|
|
msg: >
|
|
The `{{ item }}` variable defined in your configuration is not used by this playbook anymore!
|
|
You'll need to adapt to the new way of extending mxisd configuration.
|
|
See the CHANGELOG and the `matrix_mxisd_configuration_extension_yaml` variable for more information and examples.
|
|
when: "matrix_mxisd_enabled and item in vars"
|
|
with_items:
|
|
- 'matrix_mxisd_ldap_enabled'
|
|
- 'matrix_mxisd_ldap_connection_host'
|
|
- 'matrix_mxisd_ldap_connection_tls'
|
|
- 'matrix_mxisd_ldap_connection_port'
|
|
- 'matrix_mxisd_ldap_connection_baseDn'
|
|
- 'matrix_mxisd_ldap_connection_baseDns'
|
|
- 'matrix_mxisd_ldap_connection_bindDn'
|
|
- 'matrix_mxisd_ldap_connection_bindPassword'
|
|
- 'matrix_mxisd_ldap_filter'
|
|
- 'matrix_mxisd_ldap_attribute_uid_type'
|
|
- 'matrix_mxisd_ldap_attribute_uid_value'
|
|
- 'matrix_mxisd_ldap_connection_bindPassword'
|
|
- 'matrix_mxisd_ldap_attribute_name'
|
|
- 'matrix_mxisd_ldap_attribute_threepid_email'
|
|
- 'matrix_mxisd_ldap_attribute_threepid_msisdn'
|
|
- 'matrix_mxisd_ldap_identity_filter'
|
|
- 'matrix_mxisd_ldap_identity_medium'
|
|
- 'matrix_mxisd_ldap_auth_filter'
|
|
- 'matrix_mxisd_ldap_directory_filter'
|
|
- 'matrix_mxisd_template_config'
|
|
|
|
- name: Ensure mxisd configuration does not contain any dot-notation keys
|
|
fail:
|
|
msg: >
|
|
Since version 1.3.0, mxisd will not accept property-style configuration keys.
|
|
You have defined a key (`{{ item.key }}`) which contains a dot.
|
|
Instead, use nesting. See: https://github.com/kamax-matrix/mxisd/wiki/Upgrade#v130
|
|
when: "matrix_mxisd_enabled and '.' in item.key"
|
|
with_dict: "{{ matrix_mxisd_configuration }}"
|
|
|
|
- name: Fail if mailer is not enabled
|
|
fail:
|
|
msg: "You need to enable the mailer service (`matrix_mailer_enabled`) to install mxisd"
|
|
when: "matrix_mxisd_enabled and not matrix_mailer_enabled"
|
|
|
|
- name: Ensure mxisd paths exist
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
mode: 0750
|
|
owner: "{{ matrix_user_username }}"
|
|
group: "{{ matrix_user_username }}"
|
|
with_items:
|
|
- "{{ matrix_mxisd_config_path }}"
|
|
- "{{ matrix_mxisd_data_path }}"
|
|
when: matrix_mxisd_enabled
|
|
|
|
- name: Ensure mxisd image is pulled
|
|
docker_image:
|
|
name: "{{ matrix_mxisd_docker_image }}"
|
|
when: matrix_mxisd_enabled
|
|
|
|
- name: Ensure mxisd config installed
|
|
copy:
|
|
content: "{{ matrix_mxisd_configuration|to_nice_yaml }}"
|
|
dest: "{{ matrix_mxisd_config_path }}/mxisd.yaml"
|
|
mode: 0644
|
|
owner: "{{ matrix_user_username }}"
|
|
group: "{{ matrix_user_username }}"
|
|
when: matrix_mxisd_enabled
|
|
|
|
- name: Ensure matrix-mxisd.service installed
|
|
template:
|
|
src: "{{ role_path }}/templates/systemd/matrix-mxisd.service.j2"
|
|
dest: "/etc/systemd/system/matrix-mxisd.service"
|
|
mode: 0644
|
|
when: matrix_mxisd_enabled
|
|
|
|
#
|
|
# Tasks related to getting rid of mxisd (if it was previously enabled)
|
|
#
|
|
|
|
- name: Check existence of matrix-mxisd service
|
|
stat:
|
|
path: "/etc/systemd/system/matrix-mxisd.service"
|
|
register: matrix_mxisd_service_stat
|
|
|
|
- name: Ensure matrix-mxisd is stopped
|
|
service:
|
|
name: matrix-mxisd
|
|
state: stopped
|
|
daemon_reload: yes
|
|
register: stopping_result
|
|
when: "not matrix_mxisd_enabled and matrix_mxisd_service_stat.stat.exists"
|
|
|
|
- name: Ensure matrix-mxisd.service doesn't exist
|
|
file:
|
|
path: "/etc/systemd/system/matrix-mxisd.service"
|
|
state: absent
|
|
when: "not matrix_mxisd_enabled and matrix_mxisd_service_stat.stat.exists"
|
|
|
|
- name: Ensure Matrix mxisd paths don't exist
|
|
file:
|
|
path: "{{ matrix_mxisd_base_path }}"
|
|
state: absent
|
|
when: "not matrix_mxisd_enabled"
|
|
|
|
- name: Ensure mxisd Docker image doesn't exist
|
|
docker_image:
|
|
name: "{{ matrix_mxisd_docker_image }}"
|
|
state: absent
|
|
when: "not matrix_mxisd_enabled"
|