You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

50 lines
1.5 KiB

---
- name: Allow access to HTTP/HTTPS in firewalld
firewalld:
service: "{{ item }}"
state: enabled
immediate: yes
permanent: yes
with_items:
- http
- https
- name: Ensure acmetool Docker image is pulled
docker_image:
name: willwill/acme-docker
- name: Ensure SSL certificates path exists
file:
path: "{{ ssl_certs_path }}"
state: directory
mode: 0770
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}"
- name: Check matrix-nginx-proxy state
service: name=matrix-nginx-proxy
register: matrix_nginx_proxy_state
- name: Ensure matrix-nginx-proxy is stopped (if previously installed & started)
service: name=matrix-nginx-proxy state=stopped
when: "matrix_nginx_proxy_state.status.ActiveState == 'active'"
- name: Ensure SSL certificates are marked as wanted in acmetool
shell: >-
/usr/bin/docker run --rm --name acmetool-host-grab -p 80:80
-v {{ ssl_certs_path }}:/certs
-e ACME_EMAIL={{ ssl_support_email }}
willwill/acme-docker
acmetool want {{ hostname_matrix }} {{ hostname_riot }} --xlog.severity=debug
- name: Ensure matrix-nginx-proxy is started (if previously installed & started)
service: name=matrix-nginx-proxy state=started
when: "matrix_nginx_proxy_state.status.ActiveState == 'active'"
- name: Ensure periodic SSL renewal cronjob configured
template:
src: "{{ role_path }}/templates/cron.d/ssl-certificate-renewal.j2"
dest: "/etc/cron.d/ssl-certificate-renewal"
mode: 0600