You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
50 lines
1.5 KiB
50 lines
1.5 KiB
---
|
|
|
|
- name: Allow access to HTTP/HTTPS in firewalld
|
|
firewalld:
|
|
service: "{{ item }}"
|
|
state: enabled
|
|
immediate: yes
|
|
permanent: yes
|
|
with_items:
|
|
- http
|
|
- https
|
|
|
|
- name: Ensure acmetool Docker image is pulled
|
|
docker_image:
|
|
name: willwill/acme-docker
|
|
|
|
- name: Ensure SSL certificates path exists
|
|
file:
|
|
path: "{{ ssl_certs_path }}"
|
|
state: directory
|
|
mode: 0770
|
|
owner: "{{ matrix_user_username }}"
|
|
group: "{{ matrix_user_username }}"
|
|
|
|
- name: Check matrix-nginx-proxy state
|
|
service: name=matrix-nginx-proxy
|
|
register: matrix_nginx_proxy_state
|
|
|
|
- name: Ensure matrix-nginx-proxy is stopped (if previously installed & started)
|
|
service: name=matrix-nginx-proxy state=stopped
|
|
when: "matrix_nginx_proxy_state.status.ActiveState == 'active'"
|
|
|
|
- name: Ensure SSL certificates are marked as wanted in acmetool
|
|
shell: >-
|
|
/usr/bin/docker run --rm --name acmetool-host-grab -p 80:80
|
|
-v {{ ssl_certs_path }}:/certs
|
|
-e ACME_EMAIL={{ ssl_support_email }}
|
|
willwill/acme-docker
|
|
acmetool want {{ hostname_matrix }} {{ hostname_riot }} --xlog.severity=debug
|
|
|
|
- name: Ensure matrix-nginx-proxy is started (if previously installed & started)
|
|
service: name=matrix-nginx-proxy state=started
|
|
when: "matrix_nginx_proxy_state.status.ActiveState == 'active'"
|
|
|
|
- name: Ensure periodic SSL renewal cronjob configured
|
|
template:
|
|
src: "{{ role_path }}/templates/cron.d/ssl-certificate-renewal.j2"
|
|
dest: "/etc/cron.d/ssl-certificate-renewal"
|
|
mode: 0600
|