mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2024-11-11 01:46:22 +00:00
f7aa362961
We always skip at least one of these tasks, depending on which SSL retrieval method is enabled, so it could have been confusing why.
62 lines
2.1 KiB
YAML
62 lines
2.1 KiB
YAML
---
|
|
|
|
#
|
|
# Tasks related to setting up Let's Encrypt's management of certificates
|
|
#
|
|
|
|
- name: (Deprecation) Fail if using outdated configuration
|
|
fail:
|
|
msg: "You're using the `host_specific_matrix_ssl_support_email` variable, which has been superseded by `host_specific_matrix_ssl_lets_encrypt_support_email`. Please change your configuration to use the new name!"
|
|
when: "matrix_ssl_retrieval_method == 'lets-encrypt' and host_specific_matrix_ssl_support_email is defined"
|
|
|
|
- name: Allow access to HTTP/HTTPS in firewalld
|
|
firewalld:
|
|
service: "{{ item }}"
|
|
state: enabled
|
|
immediate: yes
|
|
permanent: yes
|
|
with_items:
|
|
- http
|
|
- https
|
|
when: "matrix_ssl_retrieval_method == 'lets-encrypt' and ansible_os_family == 'RedHat'"
|
|
|
|
- name: Ensure certbot Docker image is pulled
|
|
docker_image:
|
|
name: "{{ matrix_ssl_lets_encrypt_certbot_docker_image }}"
|
|
when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
|
|
|
|
- name: Obtain Let's Encrypt certificates
|
|
include_tasks: "tasks/setup/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml"
|
|
with_items: "{{ domains_requiring_certificates }}"
|
|
loop_control:
|
|
loop_var: domain_name
|
|
when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
|
|
|
|
- name: Ensure SSL renewal script installed
|
|
template:
|
|
src: "{{ role_path }}/templates/usr-local-bin/matrix-ssl-certificates-renew.j2"
|
|
dest: "/usr/local/bin/matrix-ssl-certificates-renew"
|
|
mode: 0750
|
|
when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
|
|
|
|
- name: Ensure periodic SSL renewal cronjob configured
|
|
template:
|
|
src: "{{ role_path }}/templates/cron.d/matrix-ssl-certificate-renewal.j2"
|
|
dest: "/etc/cron.d/matrix-ssl-certificate-renewal"
|
|
mode: 0600
|
|
when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
|
|
|
|
|
|
#
|
|
# Tasks related to getting rid of Let's Encrypt's management of certificates
|
|
#
|
|
|
|
- name: Ensure Let's Encrypt SSL certificate management files removed
|
|
file:
|
|
path: "{{ item }}"
|
|
state: absent
|
|
with_items:
|
|
- /usr/local/bin/matrix-ssl-certificates-renew
|
|
- /etc/cron.d/matrix-ssl-certificate-renewal
|
|
when: "matrix_ssl_retrieval_method != 'lets-encrypt'"
|