/usr/local/bin/matrix-ssl-lets-encrypt-certificates-renew -> /matrix/ssl/bin/lets-encrypt-certificates-renew

2022-11-27 09:53:23 +02:00 · 2022-11-27 09:53:23 +02:00 · 707e909b9b
parent fb86f6d5e7
commit 707e909b9b
8 changed files with 7 additions and 29 deletions
--- a/roles/custom/matrix-base/defaults/main.yml
+++ b/roles/custom/matrix-base/defaults/main.yml
@ -121,12 +121,6 @@ matrix_bin_path: "{{ matrix_base_data_path }}/bin"

 matrix_static_files_base_path: "{{ matrix_base_data_path }}/static-files"

-# This is now unused. We keep it so that cleanup tasks can use it.
-# To be removed in the future.
-matrix_cron_path: "/etc/cron.d"
-
-matrix_local_bin_path: "/usr/local/bin"
-
 matrix_host_command_sleep: "/usr/bin/env sleep"
 matrix_host_command_chown: "/usr/bin/env chown"
 matrix_host_command_fusermount: "/usr/bin/env fusermount"
--- a/roles/custom/matrix-base/tasks/validate_config.yml
+++ b/roles/custom/matrix-base/tasks/validate_config.yml
@ -17,6 +17,7 @@
    - {'old': 'hostname_matrix', 'new': 'matrix_server_fqn_matrix'}
    - {'old': 'hostname_riot', 'new': 'matrix_server_fqn_element'}
    - {'old': 'matrix_server_fqn_riot', 'new': 'matrix_server_fqn_element'}
+    - {'old': 'matrix_local_bin_path', 'new': '<there is no global bin path anymore - each role has its own>'}

 # We have a dedicated check for this variable, because we'd like to have a custom (friendlier) message.
 - name: Fail if matrix_homeserver_generic_secret_key is undefined
--- a/roles/custom/matrix-coturn/tasks/setup_install.yml
+++ b/roles/custom/matrix-coturn/tasks/setup_install.yml
@ -1,11 +1,5 @@
 ---

-# This is a cleanup/migration task. It can be removed some time in the future.
- name: (Migration) Remove deprecated cronjob
-  ansible.builtin.file:
-    path: "{{ matrix_cron_path }}/matrix-coturn-ssl-reload"
-    state: absent
-
 - name: Ensure Matrix Coturn path exists
  ansible.builtin.file:
    path: "{{ item.path }}"
--- a/roles/custom/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml
@ -573,6 +573,7 @@ matrix_ssl_lets_encrypt_key_type: rsa
 matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl"
 matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config"
 matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log"
+matrix_ssl_bin_dir_path: "{{ matrix_ssl_base_path }}/bin"

 # If you'd like to start some service before a certificate is obtained, specify it here.
 # This could be something like `matrix-dynamic-dns`, etc.
--- a/roles/custom/matrix-nginx-proxy/tasks/ssl/main.yml
+++ b/roles/custom/matrix-nginx-proxy/tasks/ssl/main.yml
@ -24,6 +24,7 @@
  with_items:
    - "{{ matrix_ssl_log_dir_path }}"
    - "{{ matrix_ssl_config_dir_path }}"
+    - "{{ matrix_ssl_bin_dir_path }}"
  when: "matrix_ssl_retrieval_method != 'none'"


--- a/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml
+++ b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml
@ -1,17 +1,4 @@
 ---
-
-# This is a cleanup/migration task, because of to the new way we manage cronjobs (`cron` module) and the new script name.
-# This migration task can be removed some time in the future.
- name: (Migration) Remove deprecated Let's Encrypt SSL certificate management files
-  ansible.builtin.file:
-    path: "{{ item }}"
-    state: absent
-  with_items:
-    - "{{ matrix_local_bin_path }}/matrix-ssl-certificates-renew"
-    - "{{ matrix_cron_path }}/matrix-ssl-certificate-renewal"
-    - "{{ matrix_cron_path }}/matrix-nginx-proxy-periodic-restarter"
-    - "/etc/cron.d/matrix-ssl-lets-encrypt"
-
 #
 # Tasks related to setting up Let's Encrypt's management of certificates
 #
@ -36,8 +23,8 @@

    - name: Ensure Let's Encrypt SSL renewal script installed
      ansible.builtin.template:
-        src: "{{ role_path }}/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2"
-        dest: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew"
+        src: "{{ role_path }}/templates/bin/lets-encrypt-certificates-renew.j2"
+        dest: "{{ matrix_ssl_bin_dir_path }}/lets-encrypt-certificates-renew"
        mode: 0755

    - name: Ensure SSL renewal systemd units installed
@ -63,5 +50,5 @@

    - name: Ensure Let's Encrypt SSL renewal script removed
      ansible.builtin.file:
-        path: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew"
+        path: "{{ matrix_ssl_bin_dir_path }}/lets-encrypt-certificates-renew"
        state: absent
--- a/roles/custom/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2
+++ b/roles/custom/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2
--- a/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.service.j2
+++ b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.service.j2
@ -4,4 +4,4 @@ Description=Renews Let's Encrypt SSL certificates
 [Service]
 Type=oneshot
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
-ExecStart={{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew
+ExecStart={{ matrix_ssl_bin_dir_path }}/lets-encrypt-certificates-renew