Stop using Ansible's cron module

This is mainly to address SSL renewal not working for us due to:
- https://github.com/ansible/ansible/issues/71213
- https://github.com/ansible/ansible/pull/71207

Using the cron module was hacky anyway. We shouldn't need an extra
level of buggy abstraction to manage a cronjob file.

roles/matrix-coturn/tasks/setup_coturn.yml

@@ -91,15 +91,10 @@
 # We optimize for the common use-case though (short-lived Let's Encrypt certificates).
 # Reloading doesn't hurt anyway, so there's no need to make this more flexible.
 - name: Ensure periodic reloading of matrix-coturn is configured for SSL renewal (matrix-coturn-reload)
-  cron:
-    user: root
-    cron_file: matrix-coturn-ssl-reload
-    name: matrix-coturn-ssl-reload
-    state: present
-    hour: "4"
-    minute: "20"
-    day: "*/5"
-    job: "{{ matrix_host_command_systemctl }} reload matrix-coturn.service"
+  template:
+    src: "{{ role_path }}/templates/cron.d/matrix-coturn-ssl-reload.j2"
+    dest: /etc/cron.d/matrix-coturn-ssl-reload
+    mode: 0644
   when: "matrix_coturn_enabled|bool and matrix_coturn_tls_enabled|bool"
 
 
@@ -108,9 +103,8 @@
 #
 
 - name: Ensure matrix-coturn-ssl-reload cronjob removed
-  cron:
-    user: root
-    cron_file: matrix-coturn-ssl-reload
+  file:
+    path: /etc/cron.d/matrix-coturn-ssl-reload
     state: absent
   when: "not matrix_coturn_enabled|bool or not matrix_coturn_tls_enabled|bool"
 

roles/matrix-coturn/templates/cron.d/matrix-coturn-ssl-reload.j2

@@ -0,0 +1 @@
+20 4 */5 * * root {{ matrix_host_command_systemctl }} reload matrix-coturn.service

roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml

@@ -55,37 +55,11 @@
     mode: 0750
   when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
 
-- block:
-  - name: Ensure periodic SSL renewal cronjob configured (MAILTO)
-    cron:
-      user: root
-      cron_file: matrix-ssl-lets-encrypt
-      env: yes
-      name: MAILTO
-      value: "{{ matrix_ssl_lets_encrypt_support_email }}"
-
-  - name: Ensure periodic SSL renewal cronjob configured (matrix-ssl-lets-encrypt-certificates-renew)
-    cron:
-      user: root
-      cron_file: matrix-ssl-lets-encrypt
-      name: matrix-ssl-lets-encrypt-certificates-renew
-      state: present
-      hour: "4"
-      minute: "15"
-      day: "*"
-      job: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew"
-
-  - name: Ensure periodic reloading of matrix-nginx-proxy is configured for SSL renewal (matrix-nginx-proxy-reload)
-    cron:
-      user: root
-      cron_file: matrix-ssl-lets-encrypt
-      name: matrix-nginx-proxy-reload
-      state: present
-      hour: "5"
-      minute: "20"
-      day: "*"
-      job: "{{ matrix_host_command_systemctl }} reload matrix-nginx-proxy.service"
-    when: matrix_nginx_proxy_enabled|bool
+- name: Ensure periodic SSL renewal cronjob configured
+  template:
+    src: "{{ role_path }}/templates/cron.d/matrix-ssl-lets-encrypt.j2"
+    dest: /etc/cron.d/matrix-ssl-lets-encrypt
+    mode: 0644
   when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
 
 
@@ -93,21 +67,9 @@
 # Tasks related to getting rid of Let's Encrypt's management of certificates
 #
 
-# When nginx-proxy is disabled, make sure its reloading cronjob is gone.
-# Other cronjobs can potentially remain there (see below).
-- name: Ensure matrix-nginx-proxy-reload cronjob removed
-  cron:
-    user: root
-    cron_file: matrix-ssl-lets-encrypt
-    name: matrix-nginx-proxy-reload
-    state: absent
-  when: "not matrix_nginx_proxy_enabled|bool"
-
 - name: Ensure matrix-ssl-lets-encrypt-renew cronjob removed
-  cron:
-    user: root
-    cron_file: matrix-ssl-lets-encrypt
-    name: matrix-ssl-lets-encrypt-certificates-renew
+  file:
+    path: /etc/cron.d/matrix-ssl-lets-encrypt
     state: absent
   when: "matrix_ssl_retrieval_method != 'lets-encrypt'"
 

roles/matrix-nginx-proxy/templates/cron.d/matrix-ssl-lets-encrypt.j2

@@ -0,0 +1,5 @@
+MAILTO="{{ matrix_ssl_lets_encrypt_support_email }}"
+15 4 * * * root {{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew
+{% if matrix_nginx_proxy_enabled %}
+20 5 * * * root {{ matrix_host_command_systemctl }} reload matrix-nginx-proxy.service
+{% endif %}