Ensure playbook works if running at SSL-renewal time

matrix-nginx-proxy will be occupying port 80 soon,
so that we can be more user-friendly and have
http->https forwarding for the Riot hostname.

During the playbook run, acmetool also expects to use
port 80 for domain verification.

During an initial playbook run, this wouldn't cause trouble
because matrix-nginx-proxy is not installed yet.

However, on subsequent playbook runs, it would cause trouble.

This ensures that if matrix-nginx-proxy is available
and running, it would be stopped before running acmetool
and started right after.

roles/matrix-server/tasks/setup_ssl.yml

@@ -22,6 +22,14 @@
     owner: "{{ matrix_user_username }}"
     group: "{{ matrix_user_username }}"
 
+- name: Check matrix-nginx-proxy state
+  service: name=matrix-nginx-proxy
+  register: matrix_nginx_proxy_state
+
+- name: Ensure matrix-nginx-proxy is stopped (if previously installed & started)
+  service: name=matrix-nginx-proxy state=stopped
+  when: "matrix_nginx_proxy_state.status.ActiveState == 'active'"
+
 - name: Ensure SSL certificates are marked as wanted in acmetool
   shell: >-
     /usr/bin/docker run --rm --name acmetool-host-grab -p 80:80
@@ -30,6 +38,10 @@
     willwill/acme-docker
     acmetool want {{ hostname_matrix }} {{ hostname_riot }} --xlog.severity=debug
 
+- name: Ensure matrix-nginx-proxy is started (if previously installed & started)
+  service: name=matrix-nginx-proxy state=started
+  when: "matrix_nginx_proxy_state.status.ActiveState == 'active'"
+
 - name: Ensure periodic SSL renewal cronjob configured
   template:
     src: "{{ role_path }}/templates/cron.d/ssl-certificate-renewal.j2"