mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2024-11-10 20:57:41 +01:00
a04f6f4e3d
- forego removing Docker images - it's not effective anyway, because it only removes the last version.. which is a drop in the bucket, usually - do not reload systemd - it's none of our business. `--tags=start`, etc., handle this - combine all uninstall tasks under a single block, which only runs if we detect traces (a leftover systemd .service file) of the component. If no such .service is detected, we skip them all. This may lead to incorect cleanup in rare cases, but is good enough for the most part.
361 lines
15 KiB
YAML
361 lines
15 KiB
YAML
---
|
|
|
|
#
|
|
# Generic tasks that we always want to happen, regardless
|
|
# if the user wants matrix-nginx-proxy or not.
|
|
#
|
|
# If the user would set up their own nginx proxy server,
|
|
# the config files from matrix-nginx-proxy can be reused.
|
|
#
|
|
# It doesn't hurt to put them in place, even if they turn out
|
|
# to be unnecessary.
|
|
#
|
|
- name: Ensure Matrix nginx-proxy paths exist
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
mode: 0750
|
|
owner: "{{ matrix_user_username }}"
|
|
group: "{{ matrix_user_groupname }}"
|
|
with_items:
|
|
- "{{ matrix_nginx_proxy_base_path }}"
|
|
- "{{ matrix_nginx_proxy_data_path }}"
|
|
- "{{ matrix_nginx_proxy_confd_path }}"
|
|
|
|
- name: Ensure Matrix nginx-proxy configured (main config override)
|
|
ansible.builtin.template:
|
|
src: "{{ role_path }}/templates/nginx/nginx.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_base_path }}/nginx.conf"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_enabled | bool
|
|
|
|
- name: Setup metrics
|
|
ansible.builtin.include_tasks: "{{ role_path }}/tasks/nginx-proxy/setup_metrics_auth.yml"
|
|
when: matrix_nginx_proxy_proxy_matrix_metrics_enabled | bool and matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled | bool
|
|
|
|
- name: Ensure Matrix nginx-proxy configured (generic)
|
|
ansible.builtin.template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/nginx-http.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/nginx-http.conf"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_enabled | bool
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for matrix-synapse exists
|
|
ansible.builtin.template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/matrix-synapse.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-synapse.conf"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_proxy_synapse_enabled | bool
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for matrix-synapse deleted
|
|
ansible.builtin.file:
|
|
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-synapse.conf"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_proxy_synapse_enabled | bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for matrix-dendrite exists
|
|
ansible.builtin.template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/matrix-dendrite.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-dendrite.conf"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_proxy_dendrite_enabled | bool
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for matrix-dendrite deleted
|
|
ansible.builtin.file:
|
|
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-dendrite.conf"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_proxy_dendrite_enabled | bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for matrix-conduit exists
|
|
ansible.builtin.template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/matrix-conduit.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-conduit.conf"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_proxy_conduit_enabled | bool
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for matrix-conduit deleted
|
|
ansible.builtin.file:
|
|
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-conduit.conf"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_proxy_conduit_enabled | bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for Element domain exists
|
|
ansible.builtin.template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/matrix-client-element.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-element.conf"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_proxy_element_enabled | bool
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for riot domain exists
|
|
ansible.builtin.template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/matrix-riot-web.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-riot-web.conf"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_proxy_riot_compat_redirect_enabled | bool
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for Hydrogen domain exists
|
|
ansible.builtin.template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/matrix-client-hydrogen.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-hydrogen.conf"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_proxy_hydrogen_enabled | bool
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for Cinny domain exists
|
|
ansible.builtin.template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/matrix-client-cinny.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-cinny.conf"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_proxy_cinny_enabled | bool
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for buscarron domain exists
|
|
ansible.builtin.template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/matrix-bot-buscarron.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-bot-buscarron.conf"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_proxy_buscarron_enabled | bool
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for dimension domain exists
|
|
ansible.builtin.template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/matrix-dimension.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-dimension.conf"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_proxy_dimension_enabled | bool
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for etherpad domain exists
|
|
ansible.builtin.template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/matrix-etherpad.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-etherpad.conf"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_proxy_etherpad_enabled | bool
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for goneb domain exists
|
|
ansible.builtin.template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/matrix-bot-go-neb.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-bot-go-neb.conf"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_proxy_bot_go_neb_enabled | bool
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for jitsi domain exists
|
|
ansible.builtin.template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/matrix-jitsi.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-jitsi.conf"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_proxy_jitsi_enabled | bool
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for grafana domain exists
|
|
ansible.builtin.template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/matrix-grafana.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-grafana.conf"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_proxy_grafana_enabled | bool
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for sygnal domain exists
|
|
ansible.builtin.template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/matrix-sygnal.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-sygnal.conf"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_proxy_sygnal_enabled | bool
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for ntfy domain exists
|
|
ansible.builtin.template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/matrix-ntfy.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-ntfy.conf"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_proxy_ntfy_enabled | bool
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for Matrix domain exists
|
|
ansible.builtin.template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/matrix-domain.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-domain.conf"
|
|
mode: 0644
|
|
|
|
- name: Ensure Matrix nginx-proxy data directory for base domain exists
|
|
ansible.builtin.file:
|
|
path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain"
|
|
state: directory
|
|
mode: 0750
|
|
owner: "{{ matrix_user_username }}"
|
|
group: "{{ matrix_user_groupname }}"
|
|
when: matrix_nginx_proxy_base_domain_serving_enabled | bool and matrix_nginx_proxy_base_domain_create_directory | bool
|
|
|
|
- name: Ensure Matrix nginx-proxy homepage for base domain exists
|
|
ansible.builtin.copy:
|
|
content: "{{ matrix_nginx_proxy_base_domain_homepage_template }}"
|
|
dest: "{{ matrix_nginx_proxy_data_path }}/matrix-domain/index.html"
|
|
mode: 0644
|
|
owner: "{{ matrix_user_username }}"
|
|
group: "{{ matrix_user_groupname }}"
|
|
when: matrix_nginx_proxy_base_domain_serving_enabled | bool and matrix_nginx_proxy_base_domain_homepage_enabled | bool and matrix_nginx_proxy_base_domain_create_directory | bool
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for base domain exists
|
|
ansible.builtin.template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/matrix-base-domain.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-base-domain.conf"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_base_domain_serving_enabled | bool
|
|
|
|
#
|
|
# Tasks related to setting up matrix-nginx-proxy
|
|
#
|
|
- name: Ensure nginx Docker image is pulled
|
|
community.docker.docker_image:
|
|
name: "{{ matrix_nginx_proxy_docker_image }}"
|
|
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
|
force_source: "{{ matrix_nginx_proxy_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
|
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_nginx_proxy_docker_image_force_pull }}"
|
|
when: matrix_nginx_proxy_enabled | bool
|
|
register: result
|
|
retries: "{{ devture_playbook_help_container_retries_count }}"
|
|
delay: "{{ devture_playbook_help_container_retries_delay }}"
|
|
until: result is not failed
|
|
|
|
- name: Ensure matrix-nginx-proxy.service installed
|
|
ansible.builtin.template:
|
|
src: "{{ role_path }}/templates/systemd/matrix-nginx-proxy.service.j2"
|
|
dest: "{{ devture_systemd_docker_base_systemd_path }}/matrix-nginx-proxy.service"
|
|
mode: 0644
|
|
register: matrix_nginx_proxy_systemd_service_result
|
|
when: matrix_nginx_proxy_enabled | bool
|
|
|
|
- name: Ensure systemd reloaded after matrix-nginx-proxy.service installation
|
|
ansible.builtin.service:
|
|
daemon_reload: true
|
|
when: "matrix_nginx_proxy_enabled and matrix_nginx_proxy_systemd_service_result.changed"
|
|
|
|
|
|
#
|
|
# Tasks related to getting rid of matrix-nginx-proxy (if it was previously enabled)
|
|
#
|
|
|
|
- name: Check existence of matrix-nginx-proxy service
|
|
ansible.builtin.stat:
|
|
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-nginx-proxy.service"
|
|
register: matrix_nginx_proxy_service_stat
|
|
when: "not matrix_nginx_proxy_enabled | bool"
|
|
|
|
- name: Ensure matrix-nginx-proxy is stopped
|
|
ansible.builtin.service:
|
|
name: matrix-nginx-proxy
|
|
state: stopped
|
|
enabled: false
|
|
daemon_reload: true
|
|
when: "not matrix_nginx_proxy_enabled | bool and matrix_nginx_proxy_service_stat.stat.exists"
|
|
|
|
- name: Ensure matrix-nginx-proxy.service doesn't exist
|
|
ansible.builtin.file:
|
|
path: "{{ devture_systemd_docker_base_systemd_path }}/matrix-nginx-proxy.service"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_enabled | bool and matrix_nginx_proxy_service_stat.stat.exists"
|
|
|
|
- name: Ensure systemd reloaded after matrix-nginx-proxy.service removal
|
|
ansible.builtin.service:
|
|
daemon_reload: true
|
|
when: "not matrix_nginx_proxy_enabled | bool and matrix_nginx_proxy_service_stat.stat.exists"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for matrix domain deleted
|
|
ansible.builtin.file:
|
|
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-domain.conf"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_proxy_matrix_enabled | bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for riot domain deleted
|
|
ansible.builtin.file:
|
|
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-riot-web.conf"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_proxy_riot_compat_redirect_enabled | bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for Hydrogen domain deleted
|
|
ansible.builtin.file:
|
|
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-hydrogen.conf"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_proxy_hydrogen_enabled | bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for Cinny domain deleted
|
|
ansible.builtin.file:
|
|
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-client-cinny.conf"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_proxy_cinny_enabled | bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for buscarron domain deleted
|
|
ansible.builtin.file:
|
|
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-bot-buscarron.conf"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_proxy_buscarron_enabled | bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for dimension domain deleted
|
|
ansible.builtin.file:
|
|
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-dimension.conf"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_proxy_dimension_enabled | bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for goneb domain deleted
|
|
ansible.builtin.file:
|
|
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-bot-go-neb.conf"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_proxy_bot_go_neb_enabled | bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for jitsi domain deleted
|
|
ansible.builtin.file:
|
|
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-jitsi.conf"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_proxy_jitsi_enabled | bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for grafana domain deleted
|
|
ansible.builtin.file:
|
|
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-grafana.conf"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_proxy_grafana_enabled | bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for sygnal domain deleted
|
|
ansible.builtin.file:
|
|
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-sygnal.conf"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_proxy_sygnal_enabled | bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for ntfy domain deleted
|
|
ansible.builtin.file:
|
|
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-ntfy.conf"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_proxy_ntfy_enabled | bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for etherpad domain deleted
|
|
ansible.builtin.file:
|
|
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-etherpad.conf"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_proxy_etherpad_enabled | bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy homepage for base domain deleted
|
|
ansible.builtin.file:
|
|
path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain/index.html"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_base_domain_serving_enabled | bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for base domain deleted
|
|
ansible.builtin.file:
|
|
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-base-domain.conf"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_base_domain_serving_enabled | bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for main config override deleted
|
|
ansible.builtin.file:
|
|
path: "{{ matrix_nginx_proxy_base_path }}/nginx.conf"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_enabled | bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy htpasswd is deleted (protecting /_synapse/metrics URI)
|
|
ansible.builtin.file:
|
|
path: "{{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd"
|
|
state: absent
|
|
|
|
# This file is now generated by the matrix-synapse role and saved in the Synapse directory
|
|
- name: (Cleanup) Ensure old sample prometheus.yml for external scraping is deleted
|
|
ansible.builtin.file:
|
|
path: "{{ matrix_base_data_path }}/external_prometheus.yml.example"
|
|
state: absent
|
|
|
|
- name: Ensure Matrix nginx-proxy htpasswd is deleted (protecting /metrics/* URIs)
|
|
ansible.builtin.file:
|
|
path: "{{ matrix_nginx_proxy_data_path }}/matrix-metrics-htpasswd"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_proxy_matrix_metrics_enabled | bool or not matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled | bool"
|