96afbbb5af
Certain use-cases may require that people mount additional files into the matrix-nginx-proxy container. Similarly to how we do it for Synapse, we are introducing a new variable that makes this possible (`matrix_nginx_proxy_container_additional_volumes`). This makes the htpasswd file for Synapse Metrics (introduced in #86, Github Pull Request) to also perform mounting using this new mechanism. Hopefully, for such an "extension", keeping htpasswd file-creation and volume definition in the same place (the tasks file) is better. All other major volumes' mounting mechanism remains the same (explicit mounting).
142 lines
5.0 KiB
YAML
142 lines
5.0 KiB
YAML
---
|
|
|
|
#
|
|
# Generic tasks that we always want to happen, regardless
|
|
# if the user wants matrix-nginx-proxy or not.
|
|
#
|
|
# If the user would set up their own nginx proxy server,
|
|
# the config files from matrix-nginx-proxy can be reused.
|
|
#
|
|
# It doesn't hurt to put them in place, even if they turn out
|
|
# to be unnecessary.
|
|
#
|
|
- name: Ensure Matrix nginx-proxy paths exist
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
mode: 0750
|
|
owner: "{{ matrix_user_username }}"
|
|
group: "{{ matrix_user_username }}"
|
|
with_items:
|
|
- "{{ matrix_nginx_proxy_data_path }}"
|
|
- "{{ matrix_nginx_proxy_confd_path }}"
|
|
|
|
- name: Ensure Matrix nginx-proxy configured (main config override)
|
|
template:
|
|
src: "{{ role_path }}/templates/nginx/nginx.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_data_path }}/nginx.conf"
|
|
mode: 0644
|
|
when: "matrix_nginx_proxy_enabled"
|
|
|
|
- name: Ensure matrix-synapse-metrics-htpasswd is present (protecting /_synapse/metrics URI)
|
|
template:
|
|
src: "{{ role_path }}/templates/nginx/matrix-synapse-metrics-htpasswd.j2"
|
|
dest: "{{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd"
|
|
owner: "{{ matrix_user_username }}"
|
|
group: "{{ matrix_user_username }}"
|
|
mode: 0400
|
|
when: "matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled and matrix_nginx_proxy_proxy_synapse_metrics"
|
|
|
|
- name: Ensure matrix-synapse-metrics-htpasswd is mounted into the matrix-nginx-proxy container
|
|
- set_fact:
|
|
matrix_nginx_proxy_container_additional_volumes: >
|
|
{{ matrix_nginx_proxy_container_additional_volumes }}
|
|
+
|
|
{{ [{'src': '{{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd', 'dst': '/etc/nginx/.matrix-synapse-metrics-htpasswd', 'options': 'ro'}] }}
|
|
when: "matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled and matrix_nginx_proxy_proxy_synapse_metrics"
|
|
|
|
- name: Ensure Matrix nginx-proxy configured (generic)
|
|
template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/nginx-http.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/nginx-http.conf"
|
|
mode: 0644
|
|
when: "matrix_nginx_proxy_enabled"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for matrix domain exists
|
|
template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/matrix-synapse.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-synapse.conf"
|
|
mode: 0644
|
|
when: "matrix_nginx_proxy_proxy_matrix_enabled"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for riot domain exists
|
|
template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/matrix-riot-web.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-riot-web.conf"
|
|
mode: 0644
|
|
when: "matrix_nginx_proxy_proxy_riot_enabled"
|
|
|
|
#
|
|
# Tasks related to setting up matrix-nginx-proxy
|
|
#
|
|
- name: Ensure nginx Docker image is pulled
|
|
docker_image:
|
|
name: "{{ matrix_nginx_proxy_docker_image }}"
|
|
when: matrix_nginx_proxy_enabled
|
|
|
|
- name: Allow access to nginx proxy ports in firewalld
|
|
firewalld:
|
|
service: "{{ item }}"
|
|
state: enabled
|
|
immediate: yes
|
|
permanent: yes
|
|
with_items:
|
|
- "http"
|
|
- "https"
|
|
when: "matrix_nginx_proxy_enabled and ansible_os_family == 'RedHat'"
|
|
|
|
- name: Ensure matrix-nginx-proxy.service installed
|
|
template:
|
|
src: "{{ role_path }}/templates/systemd/matrix-nginx-proxy.service.j2"
|
|
dest: "/etc/systemd/system/matrix-nginx-proxy.service"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_enabled
|
|
|
|
|
|
#
|
|
# Tasks related to getting rid of matrix-nginx-proxy (if it was previously enabled)
|
|
#
|
|
|
|
- name: Check existence of matrix-nginx-proxy service
|
|
stat:
|
|
path: "/etc/systemd/system/matrix-nginx-proxy.service"
|
|
register: matrix_nginx_proxy_service_stat
|
|
|
|
- name: Ensure matrix-nginx-proxy is stopped
|
|
service:
|
|
name: matrix-nginx-proxy
|
|
state: stopped
|
|
daemon_reload: yes
|
|
register: stopping_result
|
|
when: "not matrix_nginx_proxy_enabled and matrix_nginx_proxy_service_stat.stat.exists"
|
|
|
|
- name: Ensure matrix-nginx-proxy.service doesn't exist
|
|
file:
|
|
path: "/etc/systemd/system/matrix-nginx-proxy.service"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_enabled and matrix_nginx_proxy_service_stat.stat.exists"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for matrix domain deleted
|
|
file:
|
|
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-synapse.conf"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_proxy_matrix_enabled"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for riot domain deleted
|
|
file:
|
|
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-riot-web.conf"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_proxy_riot_enabled"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for main config override deleted
|
|
file:
|
|
path: "{{ matrix_nginx_proxy_data_path }}/nginx.conf"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_enabled"
|
|
|
|
- name: Ensure Matrix nginx-proxy htpasswd is deleted (protecting /_synapse/metrics URI)
|
|
file:
|
|
path: "{{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled or not matrix_nginx_proxy_proxy_synapse_metrics"
|