You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

95 lines
2.8 KiB

7 years ago
---
#
# Generic tasks that we always want to happen, regardless
# if the user wants matrix-nginx-proxy or not.
#
# If the user would set up their own nginx proxy server,
# the config files from matrix-nginx-proxy can be reused.
#
# It doesn't hurt to put them in place, even if they turn out
# to be unnecessary.
#
6 years ago
- name: Ensure Matrix nginx-proxy paths exist
7 years ago
file:
path: "{{ item }}"
state: directory
mode: 0750
owner: root
group: root
with_items:
- "{{ matrix_nginx_proxy_data_path }}"
- "{{ matrix_nginx_proxy_confd_path }}"
- name: Ensure Matrix nginx-proxy configured
7 years ago
template:
src: "{{ role_path }}/templates/nginx-conf.d/{{ item }}.j2"
dest: "{{ matrix_nginx_proxy_confd_path }}/{{ item }}"
mode: 0644
with_items:
- "nginx-http.conf"
7 years ago
- "matrix-synapse.conf"
- "matrix-riot-web.conf"
#
# Tasks related to setting up matrix-nginx-proxy
#
- name: Ensure nginx Docker image is pulled
docker_image:
name: "{{ matrix_nginx_proxy_docker_image }}"
when: matrix_nginx_proxy_enabled
7 years ago
- name: Allow access to nginx proxy ports in firewalld
firewalld:
service: "{{ item }}"
state: enabled
immediate: yes
permanent: yes
with_items:
- "http"
- "https"
when: "ansible_os_family == 'RedHat' and matrix_nginx_proxy_enabled"
7 years ago
- name: Ensure matrix-nginx-proxy.service installed
template:
src: "{{ role_path }}/templates/systemd/matrix-nginx-proxy.service.j2"
dest: "/etc/systemd/system/matrix-nginx-proxy.service"
mode: 0644
when: matrix_nginx_proxy_enabled
- name: Ensure periodic restarting of matrix-nginx-proxy is configured (for SSL renewal)
template:
src: "{{ role_path }}/templates/cron.d/matrix-nginx-proxy-periodic-restarter.j2"
dest: "/etc/cron.d/matrix-nginx-proxy-periodic-restarter"
mode: 0600
when: "matrix_nginx_proxy_enabled and matrix_ssl_retrieval_method == 'lets-encrypt'"
#
# Tasks related to getting rid of matrix-nginx-proxy (if it was previously enabled)
#
- name: Check existence of matrix-nginx-proxy service
stat:
path: "/etc/systemd/system/matrix-nginx-proxy.service"
register: matrix_nginx_proxy_service_stat
- name: Ensure matrix-nginx-proxy is stopped
service:
name: matrix-nginx-proxy
state: stopped
daemon_reload: yes
register: stopping_result
when: "not matrix_nginx_proxy_enabled and matrix_nginx_proxy_service_stat.stat.exists"
- name: Ensure matrix-nginx-proxy.service doesn't exist
file:
path: "/etc/systemd/system/matrix-nginx-proxy.service"
state: absent
when: "not matrix_nginx_proxy_enabled and matrix_nginx_proxy_service_stat.stat.exists"
- name: Ensure periodic restarting of matrix-nginx-proxy is removed
file:
path: "/etc/cron.d/matrix-nginx-proxy-periodic-restarter"
state: absent
when: "not matrix_nginx_proxy_enabled or matrix_ssl_retrieval_method != 'lets-encrypt'"