jowj/matrix-docker-ansible-deploy
1
0
Fork 0
forked from mirrors/matrix-docker-ansible-deploy
Code Issues Pull Requests Releases Wiki Activity
3953705682
matrix-docker-ansible-deploy/roles/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml
Slavi Pantaleev af1c9ae59d Do not force firewalld on people 
In most cases, there's not really a need to touch the system
firewall, as Docker manages iptables by itself
(see https://docs.docker.com/network/iptables/).

All ports exposed by Docker containers are automatically whitelisted
in iptables and wired to the correct container.

This made installing firewalld and whitelisting ports pointless,
as far as this playbook's services are concerned.

People that wish to install firewalld (for other reasons), can do so
manually from now on.

This is inspired by and fixes #97 (Github Issue).
2019-04-03 11:37:20 +03:00

186 lines
6.7 KiB
YAML
Raw Blame History

---
#
# Generic tasks that we always want to happen, regardless
# if the user wants matrix-nginx-proxy or not.
#
# If the user would set up their own nginx proxy server,
# the config files from matrix-nginx-proxy can be reused.
#
# It doesn't hurt to put them in place, even if they turn out
# to be unnecessary.
#
- name: Ensure Matrix nginx-proxy paths exist
file:
path: "{{ item }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}"
with_items:
- "{{ matrix_nginx_proxy_base_path }}"
- "{{ matrix_nginx_proxy_data_path }}"
- "{{ matrix_nginx_proxy_confd_path }}"
- name: Ensure Matrix nginx-proxy configured (main config override)
template:
src: "{{ role_path }}/templates/nginx/nginx.conf.j2"
dest: "{{ matrix_nginx_proxy_base_path }}/nginx.conf"
mode: 0644
when: "matrix_nginx_proxy_enabled"
- name: Ensure matrix-synapse-metrics-htpasswd is present (protecting /_synapse/metrics URI)
template:
src: "{{ role_path }}/templates/nginx/matrix-synapse-metrics-htpasswd.j2"
dest: "{{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}"
mode: 0400
when: "matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled and matrix_nginx_proxy_proxy_synapse_metrics"
- name: Ensure Matrix nginx-proxy configured (generic)
template:
src: "{{ role_path }}/templates/nginx/conf.d/nginx-http.conf.j2"
dest: "{{ matrix_nginx_proxy_confd_path }}/nginx-http.conf"
mode: 0644
when: "matrix_nginx_proxy_enabled"
- name: Ensure Matrix nginx-proxy configuration for matrix domain exists
template:
src: "{{ role_path }}/templates/nginx/conf.d/matrix-synapse.conf.j2"
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-synapse.conf"
mode: 0644
when: "matrix_nginx_proxy_proxy_matrix_enabled"
- name: Ensure Matrix nginx-proxy configuration for riot domain exists
template:
src: "{{ role_path }}/templates/nginx/conf.d/matrix-riot-web.conf.j2"
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-riot-web.conf"
mode: 0644
when: "matrix_nginx_proxy_proxy_riot_enabled"
- name: Ensure Matrix nginx-proxy configuration for dimension domain exists
template:
src: "{{ role_path }}/templates/nginx/conf.d/matrix-dimension.conf.j2"
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-dimension.conf"
mode: 0644
when: "matrix_nginx_proxy_proxy_dimension_enabled"
- name: Ensure Matrix nginx-proxy data directory for base domain exists
file:
path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}"
when: "matrix_nginx_proxy_base_domain_serving_enabled"
- name: Ensure Matrix nginx-proxy homepage for base domain exists
copy:
content: "{{ matrix_nginx_proxy_base_domain_homepage_template }}"
dest: "{{ matrix_nginx_proxy_data_path }}/matrix-domain/index.html"
mode: 0644
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}"
when: "matrix_nginx_proxy_base_domain_serving_enabled"
- name: Ensure Matrix nginx-proxy configuration for base domain exists
template:
src: "{{ role_path }}/templates/nginx/conf.d/matrix-domain.conf.j2"
dest: "{{ matrix_nginx_proxy_confd_path }}/matrix-domain.conf"
mode: 0644
when: "matrix_nginx_proxy_base_domain_serving_enabled"
#
# Tasks related to setting up matrix-nginx-proxy
#
- name: Ensure nginx Docker image is pulled
docker_image:
name: "{{ matrix_nginx_proxy_docker_image }}"
when: matrix_nginx_proxy_enabled
- name: Ensure matrix-nginx-proxy.service installed
template:
src: "{{ role_path }}/templates/systemd/matrix-nginx-proxy.service.j2"
dest: "/etc/systemd/system/matrix-nginx-proxy.service"
mode: 0644
register: matrix_nginx_proxy_systemd_service_result
when: matrix_nginx_proxy_enabled
- name: Ensure systemd reloaded after matrix-nginx-proxy.service installation
service:
daemon_reload: yes
when: "matrix_nginx_proxy_enabled and matrix_nginx_proxy_systemd_service_result.changed"
#
# Tasks related to getting rid of matrix-nginx-proxy (if it was previously enabled)
#
- name: Check existence of matrix-nginx-proxy service
stat:
path: "/etc/systemd/system/matrix-nginx-proxy.service"
register: matrix_nginx_proxy_service_stat
when: "not matrix_nginx_proxy_enabled"
- name: Ensure matrix-nginx-proxy is stopped
service:
name: matrix-nginx-proxy
state: stopped
daemon_reload: yes
register: stopping_result
when: "not matrix_nginx_proxy_enabled and matrix_nginx_proxy_service_stat.stat.exists"
- name: Ensure matrix-nginx-proxy.service doesn't exist
file:
path: "/etc/systemd/system/matrix-nginx-proxy.service"
state: absent
when: "not matrix_nginx_proxy_enabled and matrix_nginx_proxy_service_stat.stat.exists"
- name: Ensure systemd reloaded after matrix-nginx-proxy.service removal
service:
daemon_reload: yes
when: "not matrix_nginx_proxy_enabled and matrix_nginx_proxy_service_stat.stat.exists"
- name: Ensure Matrix nginx-proxy configuration for matrix domain deleted
file:
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-synapse.conf"
state: absent
when: "not matrix_nginx_proxy_proxy_matrix_enabled"
- name: Ensure Matrix nginx-proxy configuration for riot domain deleted
file:
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-riot-web.conf"
state: absent
when: "not matrix_nginx_proxy_proxy_riot_enabled"
- name: Ensure Matrix nginx-proxy configuration for dimension domain deleted
file:
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-dimension.conf"
state: absent
when: "not matrix_nginx_proxy_proxy_dimension_enabled"
- name: Ensure Matrix nginx-proxy homepage for base domain deleted
file:
path: "{{ matrix_nginx_proxy_data_path }}/matrix-domain/index.html"
state: absent
when: "not matrix_nginx_proxy_base_domain_serving_enabled"
- name: Ensure Matrix nginx-proxy configuration for base domain deleted
file:
path: "{{ matrix_nginx_proxy_confd_path }}/matrix-domain.conf"
state: absent
when: "not matrix_nginx_proxy_base_domain_serving_enabled"
- name: Ensure Matrix nginx-proxy configuration for main config override deleted
file:
path: "{{ matrix_nginx_proxy_base_path }}/nginx.conf"
state: absent
when: "not matrix_nginx_proxy_enabled"
- name: Ensure Matrix nginx-proxy htpasswd is deleted (protecting /_synapse/metrics URI)
file:
path: "{{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd"
state: absent
when: "not matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled or not matrix_nginx_proxy_proxy_synapse_metrics"
Reference in New Issue View Git Blame Copy Permalink