mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2024-11-10 20:57:41 +01:00
51312b8250
As suggested in #63 (Github issue), splitting the playbook's logic into multiple roles will be beneficial for maintainability. This patch realizes this split. Still, some components affect others, so the roles are not really independent of one another. For example: - disabling mxisd (`matrix_mxisd_enabled: false`), causes Synapse and riot-web to reconfigure themselves with other (public) Identity servers. - enabling matrix-corporal (`matrix_corporal_enabled: true`) affects how reverse-proxying (by `matrix-nginx-proxy`) is done, in order to put matrix-corporal's gateway server in front of Synapse We may be able to move away from such dependencies in the future, at the expense of a more complicated manual configuration, but it's probably not worth sacrificing the convenience we have now. As part of this work, the way we do "start components" has been redone now to use a loop, as suggested in #65 (Github issue). This should make restarting faster and more reliable.
84 lines
2.2 KiB
YAML
84 lines
2.2 KiB
YAML
---
|
|
|
|
#
|
|
# Generic tasks that we always want to happen, regardless
|
|
# if the user wants matrix-nginx-proxy or not.
|
|
#
|
|
# If the user would set up their own nginx proxy server,
|
|
# the config files from matrix-nginx-proxy can be reused.
|
|
#
|
|
# It doesn't hurt to put them in place, even if they turn out
|
|
# to be unnecessary.
|
|
#
|
|
- name: Ensure Matrix nginx-proxy paths exist
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
mode: 0750
|
|
owner: root
|
|
group: root
|
|
with_items:
|
|
- "{{ matrix_nginx_proxy_data_path }}"
|
|
- "{{ matrix_nginx_proxy_confd_path }}"
|
|
|
|
- name: Ensure Matrix nginx-proxy configured
|
|
template:
|
|
src: "{{ role_path }}/templates/nginx-conf.d/{{ item }}.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/{{ item }}"
|
|
mode: 0644
|
|
with_items:
|
|
- "nginx-http.conf"
|
|
- "matrix-synapse.conf"
|
|
- "matrix-riot-web.conf"
|
|
|
|
|
|
#
|
|
# Tasks related to setting up matrix-nginx-proxy
|
|
#
|
|
- name: Ensure nginx Docker image is pulled
|
|
docker_image:
|
|
name: "{{ matrix_nginx_proxy_docker_image }}"
|
|
when: matrix_nginx_proxy_enabled
|
|
|
|
- name: Allow access to nginx proxy ports in firewalld
|
|
firewalld:
|
|
service: "{{ item }}"
|
|
state: enabled
|
|
immediate: yes
|
|
permanent: yes
|
|
with_items:
|
|
- "http"
|
|
- "https"
|
|
when: "ansible_os_family == 'RedHat' and matrix_nginx_proxy_enabled"
|
|
|
|
- name: Ensure matrix-nginx-proxy.service installed
|
|
template:
|
|
src: "{{ role_path }}/templates/systemd/matrix-nginx-proxy.service.j2"
|
|
dest: "/etc/systemd/system/matrix-nginx-proxy.service"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_enabled
|
|
|
|
|
|
#
|
|
# Tasks related to getting rid of matrix-nginx-proxy (if it was previously enabled)
|
|
#
|
|
|
|
- name: Check existence of matrix-nginx-proxy service
|
|
stat:
|
|
path: "/etc/systemd/system/matrix-nginx-proxy.service"
|
|
register: matrix_nginx_proxy_service_stat
|
|
|
|
- name: Ensure matrix-nginx-proxy is stopped
|
|
service:
|
|
name: matrix-nginx-proxy
|
|
state: stopped
|
|
daemon_reload: yes
|
|
register: stopping_result
|
|
when: "not matrix_nginx_proxy_enabled and matrix_nginx_proxy_service_stat.stat.exists"
|
|
|
|
- name: Ensure matrix-nginx-proxy.service doesn't exist
|
|
file:
|
|
path: "/etc/systemd/system/matrix-nginx-proxy.service"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_enabled and matrix_nginx_proxy_service_stat.stat.exists"
|