|
|
|
---
|
|
|
|
|
|
|
|
#
|
|
|
|
# Generic tasks that we always want to happen, regardless
|
|
|
|
# if the user wants matrix-nginx-proxy or not.
|
|
|
|
#
|
|
|
|
# If the user would set up their own nginx proxy server,
|
|
|
|
# the config files from matrix-nginx-proxy can be reused.
|
|
|
|
#
|
|
|
|
# It doesn't hurt to put them in place, even if they turn out
|
|
|
|
# to be unnecessary.
|
|
|
|
#
|
|
|
|
- name: Ensure Matrix nginx-proxy paths exist
|
|
|
|
file:
|
|
|
|
path: "{{ item }}"
|
|
|
|
state: directory
|
|
|
|
mode: 0750
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
with_items:
|
|
|
|
- "{{ matrix_nginx_proxy_data_path }}"
|
|
|
|
- "{{ matrix_nginx_proxy_confd_path }}"
|
|
|
|
|
|
|
|
- name: Ensure Matrix nginx-proxy configured
|
|
|
|
template:
|
|
|
|
src: "{{ role_path }}/templates/nginx-conf.d/{{ item }}.j2"
|
|
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/{{ item }}"
|
|
|
|
mode: 0644
|
|
|
|
with_items:
|
|
|
|
- "nginx-http.conf"
|
|
|
|
- "matrix-synapse.conf"
|
|
|
|
- "matrix-riot-web.conf"
|
|
|
|
|
|
|
|
#
|
|
|
|
# Tasks related to setting up matrix-nginx-proxy
|
|
|
|
#
|
|
|
|
- name: Ensure nginx Docker image is pulled
|
|
|
|
docker_image:
|
|
|
|
name: "{{ matrix_nginx_proxy_docker_image }}"
|
|
|
|
when: matrix_nginx_proxy_enabled
|
|
|
|
|
|
|
|
- name: Allow access to nginx proxy ports in firewalld
|
|
|
|
firewalld:
|
|
|
|
service: "{{ item }}"
|
|
|
|
state: enabled
|
|
|
|
immediate: yes
|
|
|
|
permanent: yes
|
|
|
|
with_items:
|
|
|
|
- "http"
|
|
|
|
- "https"
|
|
|
|
when: "ansible_os_family == 'RedHat' and matrix_nginx_proxy_enabled"
|
|
|
|
|
|
|
|
- name: Ensure matrix-nginx-proxy.service installed
|
|
|
|
template:
|
|
|
|
src: "{{ role_path }}/templates/systemd/matrix-nginx-proxy.service.j2"
|
|
|
|
dest: "/etc/systemd/system/matrix-nginx-proxy.service"
|
|
|
|
mode: 0644
|
|
|
|
when: matrix_nginx_proxy_enabled
|
|
|
|
|
|
|
|
- name: Ensure periodic restarting of matrix-nginx-proxy is configured (for SSL renewal)
|
|
|
|
template:
|
|
|
|
src: "{{ role_path }}/templates/cron.d/matrix-nginx-proxy-periodic-restarter.j2"
|
|
|
|
dest: "/etc/cron.d/matrix-nginx-proxy-periodic-restarter"
|
|
|
|
mode: 0600
|
|
|
|
when: "matrix_nginx_proxy_enabled and matrix_ssl_retrieval_method == 'lets-encrypt'"
|
|
|
|
|
|
|
|
#
|
|
|
|
# Tasks related to getting rid of matrix-nginx-proxy (if it was previously enabled)
|
|
|
|
#
|
|
|
|
|
|
|
|
- name: Check existence of matrix-nginx-proxy service
|
|
|
|
stat:
|
|
|
|
path: "/etc/systemd/system/matrix-nginx-proxy.service"
|
|
|
|
register: matrix_nginx_proxy_service_stat
|
|
|
|
|
|
|
|
- name: Ensure matrix-nginx-proxy is stopped
|
|
|
|
service:
|
|
|
|
name: matrix-nginx-proxy
|
|
|
|
state: stopped
|
|
|
|
daemon_reload: yes
|
|
|
|
register: stopping_result
|
|
|
|
when: "not matrix_nginx_proxy_enabled and matrix_nginx_proxy_service_stat.stat.exists"
|
|
|
|
|
|
|
|
- name: Ensure matrix-nginx-proxy.service doesn't exist
|
|
|
|
file:
|
|
|
|
path: "/etc/systemd/system/matrix-nginx-proxy.service"
|
|
|
|
state: absent
|
|
|
|
when: "not matrix_nginx_proxy_enabled and matrix_nginx_proxy_service_stat.stat.exists"
|
|
|
|
|
|
|
|
- name: Ensure periodic restarting of matrix-nginx-proxy is removed
|
|
|
|
file:
|
|
|
|
path: "/etc/cron.d/matrix-nginx-proxy-periodic-restarter"
|
|
|
|
state: absent
|
|
|
|
when: "not matrix_nginx_proxy_enabled or matrix_ssl_retrieval_method != 'lets-encrypt'"
|