c10182e5a6
With this change, the following roles are now only dependent on the minimal `matrix-base` role: - `matrix-corporal` - `matrix-coturn` - `matrix-mailer` - `matrix-mxisd` - `matrix-postgres` - `matrix-riot-web` - `matrix-synapse` The `matrix-nginx-proxy` role still does too much and remains dependent on the others. Wiring up the various (now-independent) roles happens via a glue variables file (`group_vars/matrix-servers`). It's triggered for all hosts in the `matrix-servers` group. According to Ansible's rules of priority, we have the following chain of inclusion/overriding now: - role defaults (mostly empty or good for independent usage) - playbook glue variables (`group_vars/matrix-servers`) - inventory host variables (`inventory/host_vars/matrix.<your-domain>`) All roles default to enabling their main component (e.g. `matrix_mxisd_enabled: true`, `matrix_riot_web_enabled: true`). Reasoning: if a role is included in a playbook (especially separately, in another playbook), it should "work" by default. Our playbook disables some of those if they are not generally useful (e.g. `matrix_corporal_enabled: false`).
30 lines
792 B
YAML
30 lines
792 B
YAML
---
|
|
|
|
- name: Fail if using unsupported SSL certificate retrieval method
|
|
fail:
|
|
msg: "The `matrix_ssl_retrieval_method` variable contains an unsupported value"
|
|
when: "matrix_ssl_retrieval_method not in ['lets-encrypt', 'self-signed', 'manually-managed']"
|
|
|
|
|
|
# Common tasks, required by any method below.
|
|
|
|
- name: Ensure SSL certificate paths exists
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
mode: 0770
|
|
owner: "{{ matrix_user_username }}"
|
|
group: "{{ matrix_user_username }}"
|
|
with_items:
|
|
- "{{ matrix_ssl_log_dir_path }}"
|
|
- "{{ matrix_ssl_config_dir_path }}"
|
|
|
|
|
|
# Method specific tasks follow
|
|
|
|
- import_tasks: tasks/ssl/setup_ssl_lets_encrypt.yml
|
|
|
|
- import_tasks: tasks/ssl/setup_ssl_self_signed.yml
|
|
|
|
- import_tasks: tasks/ssl/setup_ssl_manually_managed.yml
|