mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2025-01-25 12:06:18 +00:00
7d3adc4512
We do use some `:latest` images by default for the following services: - matrix-dimension - Goofys (in the matrix-synapse role) - matrix-bridge-appservice-irc - matrix-bridge-appservice-discord - matrix-bridge-mautrix-facebook - matrix-bridge-mautrix-whatsapp It's terribly unfortunate that those software projects don't release anything other than `:latest`, but that's how it is for now. Updating that software requires that users manually do `docker pull` on the server. The playbook didn't force-repull images that it already had. With this patch, it starts doing so. Any image tagged `:latest` will be force re-pulled by the playbook every time it's executed. It should be noted that even though we ask the `docker_image` module to force-pull, it only reports "changed" when it actually pulls something new. This is nice, because it lets people know exactly when something gets updated, as opposed to giving the indication that it's always updating the images (even though it isn't).
189 lines
7.1 KiB
YAML
189 lines
7.1 KiB
YAML
---
|
|
|
|
#
|
|
# Generic tasks that we always want to happen, regardless
|
|
# if the user wants matrix-nginx-proxy or not.
|
|
#
|
|
# If the user would set up their own nginx proxy server,
|
|
# the config files from matrix-nginx-proxy can be reused.
|
|
#
|
|
# It doesn't hurt to put them in place, even if they turn out
|
|
# to be unnecessary.
|
|
#
|
|
- name: Ensure Matrix nginx-proxy paths exist
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
mode: 0750
|
|
owner: "{{ matrix_user_username }}"
|
|
group: "{{ matrix_user_username }}"
|
|
with_items:
|
|
- "{{ matrix_nginx_proxy_base_path }}"
|
|
- "{{ matrix_nginx_proxy_data_path }}"
|
|
- "{{ matrix_nginx_proxy_confd_path }}"
|
|
|
|
- name: Ensure Matrix nginx-proxy configured (main config override)
|
|
template:
|
|
src: "{{ role_path }}/templates/nginx/nginx.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_base_path }}/nginx.conf"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_enabled|bool
|
|
|
|
- name: Ensure matrix-synapse-metrics-htpasswd is present (protecting /_synapse/metrics URI)
|
|
template:
|
|
src: "{{ role_path }}/templates/nginx/matrix-synapse-metrics-htpasswd.j2"
|
|
dest: "{{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd"
|
|
owner: "{{ matrix_user_username }}"
|
|
group: "{{ matrix_user_username }}"
|
|
mode: 0400
|
|
when: "matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled|bool and matrix_nginx_proxy_proxy_synapse_metrics|bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy configured (generic)
|
|
template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/nginx-http.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/nginx-http.conf"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_enabled|bool
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for matrix domain exists
|
|
template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/matrix-synapse.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-synapse.conf"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_proxy_matrix_enabled|bool
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for riot domain exists
|
|
template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/matrix-riot-web.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-riot-web.conf"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_proxy_riot_enabled|bool
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for dimension domain exists
|
|
template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/matrix-dimension.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-dimension.conf"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_proxy_dimension_enabled|bool
|
|
|
|
- name: Ensure Matrix nginx-proxy data directory for base domain exists
|
|
file:
|
|
path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain"
|
|
state: directory
|
|
mode: 0750
|
|
owner: "{{ matrix_user_username }}"
|
|
group: "{{ matrix_user_username }}"
|
|
when: matrix_nginx_proxy_base_domain_serving_enabled|bool
|
|
|
|
- name: Ensure Matrix nginx-proxy homepage for base domain exists
|
|
copy:
|
|
content: "{{ matrix_nginx_proxy_base_domain_homepage_template }}"
|
|
dest: "{{ matrix_nginx_proxy_data_path }}/matrix-domain/index.html"
|
|
mode: 0644
|
|
owner: "{{ matrix_user_username }}"
|
|
group: "{{ matrix_user_username }}"
|
|
when: matrix_nginx_proxy_base_domain_serving_enabled|bool
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for base domain exists
|
|
template:
|
|
src: "{{ role_path }}/templates/nginx/conf.d/matrix-domain.conf.j2"
|
|
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-domain.conf"
|
|
mode: 0644
|
|
when: matrix_nginx_proxy_base_domain_serving_enabled|bool
|
|
|
|
#
|
|
# Tasks related to setting up matrix-nginx-proxy
|
|
#
|
|
- name: Ensure nginx Docker image is pulled
|
|
docker_image:
|
|
name: "{{ matrix_nginx_proxy_docker_image }}"
|
|
source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
|
|
force_source: "{{ matrix_nginx_proxy_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
|
|
force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_nginx_proxy_docker_image_force_pull }}"
|
|
when: matrix_nginx_proxy_enabled|bool
|
|
|
|
- name: Ensure matrix-nginx-proxy.service installed
|
|
template:
|
|
src: "{{ role_path }}/templates/systemd/matrix-nginx-proxy.service.j2"
|
|
dest: "/etc/systemd/system/matrix-nginx-proxy.service"
|
|
mode: 0644
|
|
register: matrix_nginx_proxy_systemd_service_result
|
|
when: matrix_nginx_proxy_enabled|bool
|
|
|
|
- name: Ensure systemd reloaded after matrix-nginx-proxy.service installation
|
|
service:
|
|
daemon_reload: yes
|
|
when: "matrix_nginx_proxy_enabled and matrix_nginx_proxy_systemd_service_result.changed"
|
|
|
|
|
|
#
|
|
# Tasks related to getting rid of matrix-nginx-proxy (if it was previously enabled)
|
|
#
|
|
|
|
- name: Check existence of matrix-nginx-proxy service
|
|
stat:
|
|
path: "/etc/systemd/system/matrix-nginx-proxy.service"
|
|
register: matrix_nginx_proxy_service_stat
|
|
when: "not matrix_nginx_proxy_enabled|bool"
|
|
|
|
- name: Ensure matrix-nginx-proxy is stopped
|
|
service:
|
|
name: matrix-nginx-proxy
|
|
state: stopped
|
|
daemon_reload: yes
|
|
register: stopping_result
|
|
when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists"
|
|
|
|
- name: Ensure matrix-nginx-proxy.service doesn't exist
|
|
file:
|
|
path: "/etc/systemd/system/matrix-nginx-proxy.service"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists"
|
|
|
|
- name: Ensure systemd reloaded after matrix-nginx-proxy.service removal
|
|
service:
|
|
daemon_reload: yes
|
|
when: "not matrix_nginx_proxy_enabled|bool and matrix_nginx_proxy_service_stat.stat.exists"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for matrix domain deleted
|
|
file:
|
|
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-synapse.conf"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_proxy_matrix_enabled|bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for riot domain deleted
|
|
file:
|
|
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-riot-web.conf"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_proxy_riot_enabled|bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for dimension domain deleted
|
|
file:
|
|
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-dimension.conf"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_proxy_dimension_enabled|bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy homepage for base domain deleted
|
|
file:
|
|
path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain/index.html"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_base_domain_serving_enabled|bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for base domain deleted
|
|
file:
|
|
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-domain.conf"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_base_domain_serving_enabled|bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy configuration for main config override deleted
|
|
file:
|
|
path: "{{ matrix_nginx_proxy_base_path }}/nginx.conf"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_enabled|bool"
|
|
|
|
- name: Ensure Matrix nginx-proxy htpasswd is deleted (protecting /_synapse/metrics URI)
|
|
file:
|
|
path: "{{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd"
|
|
state: absent
|
|
when: "not matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled|bool or not matrix_nginx_proxy_proxy_synapse_metrics|bool"
|