jowj/matrix-docker-ansible-deploy
1
0
Fork 0
forked from mirrors/matrix-docker-ansible-deploy
Code Issues Pull Requests Releases Wiki Activity
b3a8698734
matrix-docker-ansible-deploy/roles/matrix-server/tasks/setup_ssl.yml
Slavi Pantaleev cb323f5b4c Move SSL certificates from /etc/pki/acmetool-certs to /matrix/ssl 
Moving keeps everything in the /matrix directory, so that we
wouldn't contaminate anything else on the system or risk
clashing with something else.

Also retrieving certificates separately for the Riot and Matrix domains,
which should help in multiple ways:

- allows them to be very different (completely separate base domain..)

- allows for Riot to be disabled for the playbook some time later
  and still have the code not break
2017-09-11 23:50:14 +03:00

54 lines
1.6 KiB
YAML
Raw Blame History

---
- name: Allow access to HTTP/HTTPS in firewalld
firewalld:
service: "{{ item }}"
state: enabled
immediate: yes
permanent: yes
with_items:
- http
- https
when: ansible_os_family == 'RedHat'
- name: Ensure acmetool Docker image is pulled
docker_image:
name: willwill/acme-docker
- name: Ensure SSL certificates path exists
file:
path: "{{ matrix_ssl_certs_path }}"
state: directory
mode: 0770
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}"
- name: Check matrix-nginx-proxy state
service: name=matrix-nginx-proxy
register: matrix_nginx_proxy_state
- name: Ensure matrix-nginx-proxy is stopped (if previously installed & started)
service: name=matrix-nginx-proxy state=stopped
when: "matrix_nginx_proxy_state.status.ActiveState|default('missing') == 'active'"
- name: Ensure SSL certificates are marked as wanted in acmetool
shell: >-
/usr/bin/docker run --rm --name acmetool-host-grab -p 80:80
-v {{ matrix_ssl_certs_path }}:/certs
-e ACME_EMAIL={{ matrix_ssl_support_email }}
willwill/acme-docker
acmetool want {{ item }} --xlog.severity=debug
with_items:
- "{{ hostname_matrix }}"
- "{{ hostname_riot }}"
- name: Ensure matrix-nginx-proxy is started (if previously installed & started)
service: name=matrix-nginx-proxy state=started
when: "matrix_nginx_proxy_state.status.ActiveState|default('missing') == 'active'"
- name: Ensure periodic SSL renewal cronjob configured
template:
src: "{{ role_path }}/templates/cron.d/matrix-ssl-certificate-renewal.j2"
dest: "/etc/cron.d/matrix-ssl-certificate-renewal"
mode: 0600
Reference in New Issue View Git Blame Copy Permalink