matrix-docker-ansible-deploy/roles/matrix-server/tasks/setup_nginx_proxy.yml

---

#
# Generic tasks that we always want to happen, regardless
# if the user wants matrix-nginx-proxy or not.
#
# If the user would set up their own nginx proxy server,
# the config files from matrix-nginx-proxy can be reused.
#
# It doesn't hurt to put them in place, even if they turn out
# to be unnecessary.
#
- name: Ensure Matrix nginx-proxy paths exists
  file:
    path: "{{ item }}"
    state: directory
    mode: 0750
    owner: root
    group: root
  with_items:
    - "{{ matrix_nginx_proxy_data_path }}"
    - "{{ matrix_nginx_proxy_confd_path }}"

- name: Ensure Matrix Synapse proxy vhost configured
  template:
    src: "{{ role_path }}/templates/nginx-conf.d/{{ item }}.j2"
    dest: "{{ matrix_nginx_proxy_confd_path }}/{{ item }}"
    mode: 0644
  with_items:
    - "matrix-synapse.conf"
    - "matrix-riot-web.conf"

#
# Tasks related to setting up matrix-nginx-proxy
#
- name: Ensure nginx Docker image is pulled
  docker_image:
    name: "{{ docker_nginx_image }}"
  when: matrix_nginx_proxy_enabled

- name: Allow access to nginx proxy ports in firewalld
  firewalld:
    service: "{{ item }}"
    state: enabled
    immediate: yes
    permanent: yes
  with_items:
    - "http"
    - "https"
  when: "ansible_os_family == 'RedHat' and matrix_nginx_proxy_enabled"

- name: Ensure matrix-nginx-proxy.service installed
  template:
    src: "{{ role_path }}/templates/systemd/matrix-nginx-proxy.service.j2"
    dest: "/etc/systemd/system/matrix-nginx-proxy.service"
    mode: 0644
  when: matrix_nginx_proxy_enabled

- name: Ensure periodic restarting of matrix-nginx-proxy is configured (for SSL renewal)
  template:
    src: "{{ role_path }}/templates/cron.d/matrix-nginx-proxy-periodic-restarter.j2"
    dest: "/etc/cron.d/matrix-nginx-proxy-periodic-restarter"
    mode: 0600
  when: matrix_nginx_proxy_enabled

#
# Tasks related to getting rid of matrix-nginx-proxy (if it was previously enabled)
#

- name: Check existence of matrix-nginx-proxy service
  stat: path="/etc/systemd/system/matrix-nginx-proxy.service"
  register: matrix_nginx_proxy_service_stat

- name: Ensure matrix-nginx-proxy is stopped
  service: name=matrix-nginx-proxy state=stopped daemon_reload=yes
  register: stopping_result
  when: "not matrix_nginx_proxy_enabled and matrix_nginx_proxy_service_stat.stat.exists"

- name: Ensure matrix-nginx-proxy.service doesn't exist
  file:
    path: "/etc/systemd/system/matrix-nginx-proxy.service"
    state: absent
  when: "not matrix_nginx_proxy_enabled and matrix_nginx_proxy_service_stat.stat.exists"

- name: Ensure periodic restarting of matrix-nginx-proxy is removed
  file:
    path: "/etc/cron.d/matrix-nginx-proxy-periodic-restarter"
    state: absent
  when: "not matrix_nginx_proxy_enabled"