b222d26c86
As suggested in #65 (Github issue), this patch switches cronjob management from using templates to using Ansible's `cron` module. It also moves the management of the nginx-reload cronjob to `setup_ssl_lets_encrypt.yml`, which is a more fitting place for it (given that this cronjob is only required when Let's Encrypt is used). Pros: - using a module is more Ansible-ish than templating our own files in special directories - more reliable: will fail early (during playbook execution) if `/usr/bin/crontab` is not available, which is more of a guarantee that cron is working fine (idea: we should probably install some cron package using the playbook) Cons: - invocation schedule is no longer configurable, unless we define individual variables for everything or do something smart (splitting on ' ', etc.). Likely not necessary, however. - requires us to deprecate and clean-up after the old way of managing cronjobs, because it's not compatible (using the same file as before means appending additional jobs to it)
84 lines
2.2 KiB
YAML
84 lines
2.2 KiB
YAML
---
|
|
|
|
#
|
|
# Generic tasks that we always want to happen, regardless
|
|
# if the user wants matrix-nginx-proxy or not.
|
|
#
|
|
# If the user would set up their own nginx proxy server,
|
|
# the config files from matrix-nginx-proxy can be reused.
|
|
#
|
|
# It doesn't hurt to put them in place, even if they turn out
|
|
# to be unnecessary.
|
|
#
|
|
- name: Ensure Matrix nginx-proxy paths exist
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
mode: 0750
|
|
owner: root
|
|
group: root
|
|
with_items:
|
|
- "{{ matrix_nginx_proxy_data_path }}"
|
|
- "{{ matrix_nginx_proxy_confd_path }}"
|
|
|
|
- name: Ensure Matrix nginx-proxy configured
|
|
template:
|
|
src: "{{ role_path }}/templates/nginx-conf.d/{{ item }}.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/{{ item }}"
|
|
mode: 0644
|
|
with_items:
|
|
- "nginx-http.conf"
|
|
- "matrix-synapse.conf"
|
|
- "matrix-riot-web.conf"
|
|
|
|
|
|
#
|
|
# Tasks related to setting up matrix-nginx-proxy
|
|
#
|
|
- name: Ensure nginx Docker image is pulled
|
|
docker_image:
|
|
name: "{{ matrix_nginx_proxy_docker_image }}"
|
|
when: matrix_nginx_proxy_enabled
|
|
|
|
- name: Allow access to nginx proxy ports in firewalld
|
|
firewalld:
|
|
service: "{{ item }}"
|
|
state: enabled
|
|
immediate: yes
|
|
permanent: yes
|
|
with_items:
|
|
- "http"
|
|
- "https"
|
|
when: "ansible_os_family == 'RedHat' and matrix_nginx_proxy_enabled"
|
|
|
|
- name: Ensure matrix-nginx-proxy.service installed
|
|
template:
|
|
src: "{{ role_path }}/templates/systemd/matrix-nginx-proxy.service.j2"
|
|
dest: "/etc/systemd/system/matrix-nginx-proxy.service"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_enabled
|
|
|
|
|
|
#
|
|
# Tasks related to getting rid of matrix-nginx-proxy (if it was previously enabled)
|
|
#
|
|
|
|
- name: Check existence of matrix-nginx-proxy service
|
|
stat:
|
|
path: "/etc/systemd/system/matrix-nginx-proxy.service"
|
|
register: matrix_nginx_proxy_service_stat
|
|
|
|
- name: Ensure matrix-nginx-proxy is stopped
|
|
service:
|
|
name: matrix-nginx-proxy
|
|
state: stopped
|
|
daemon_reload: yes
|
|
register: stopping_result
|
|
when: "not matrix_nginx_proxy_enabled and matrix_nginx_proxy_service_stat.stat.exists"
|
|
|
|
- name: Ensure matrix-nginx-proxy.service doesn't exist
|
|
file:
|
|
path: "/etc/systemd/system/matrix-nginx-proxy.service"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_enabled and matrix_nginx_proxy_service_stat.stat.exists"
|