matrix-docker-ansible-deploy/roles/matrix-nginx-proxy/tasks/ssl/main.yml
Slavi Pantaleev 51312b8250 Split playbook into multiple roles
As suggested in #63 (Github issue), splitting the
playbook's logic into multiple roles will be beneficial for
maintainability.

This patch realizes this split. Still, some components
affect others, so the roles are not really independent of one
another. For example:
- disabling mxisd (`matrix_mxisd_enabled: false`), causes Synapse
and riot-web to reconfigure themselves with other (public)
Identity servers.

- enabling matrix-corporal (`matrix_corporal_enabled: true`) affects
how reverse-proxying (by `matrix-nginx-proxy`) is done, in order to
put matrix-corporal's gateway server in front of Synapse

We may be able to move away from such dependencies in the future,
at the expense of a more complicated manual configuration, but
it's probably not worth sacrificing the convenience we have now.

As part of this work, the way we do "start components" has been
redone now to use a loop, as suggested in #65 (Github issue).
This should make restarting faster and more reliable.
2019-01-12 18:01:10 +02:00

39 lines
1.1 KiB
YAML

---
- name: Fail if using unsupported SSL certificate retrieval method
fail:
msg: "The `matrix_ssl_retrieval_method` variable contains an unsupported value"
when: "matrix_ssl_retrieval_method not in ['lets-encrypt', 'self-signed', 'manually-managed']"
# Common tasks, required by any method below.
- name: Determine domains that we require certificates for (Matrix)
set_fact:
domains_requiring_certificates: "['{{ hostname_matrix }}']"
- name: Determine domains that we require certificates for (Riot)
set_fact:
domains_requiring_certificates: "{{ domains_requiring_certificates + [hostname_riot] }}"
when: "matrix_riot_web_enabled"
- name: Ensure SSL certificate paths exists
file:
path: "{{ item }}"
state: directory
mode: 0770
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}"
with_items:
- "{{ matrix_ssl_log_dir_path }}"
- "{{ matrix_ssl_config_dir_path }}"
# Method specific tasks follow
- import_tasks: tasks/ssl/setup_ssl_lets_encrypt.yml
- import_tasks: tasks/ssl/setup_ssl_self_signed.yml
- import_tasks: tasks/ssl/setup_ssl_manually_managed.yml