/usr/local/bin/matrix-ssl-lets-encrypt-certificates-renew -> /matrix/ssl/bin/lets-encrypt-certificates-renew

il y a 3 ans · 707e909b9b
--- a/roles/custom/matrix-base/defaults/main.yml
+++ b/roles/custom/matrix-base/defaults/main.yml
@@ -121,12 +121,6 @@ matrix_bin_path: "{{ matrix_base_data_path }}/bin"

 matrix_static_files_base_path: "{{ matrix_base_data_path }}/static-files"

 # This is now unused. We keep it so that cleanup tasks can use it.
 # To be removed in the future.
 matrix_cron_path: "/etc/cron.d"

 matrix_local_bin_path: "/usr/local/bin"

 matrix_host_command_sleep: "/usr/bin/env sleep"
 matrix_host_command_chown: "/usr/bin/env chown"
 matrix_host_command_fusermount: "/usr/bin/env fusermount"
--- a/roles/custom/matrix-base/tasks/validate_config.yml
+++ b/roles/custom/matrix-base/tasks/validate_config.yml
@@ -17,6 +17,7 @@
    - {'old': 'hostname_matrix', 'new': 'matrix_server_fqn_matrix'}
    - {'old': 'hostname_riot', 'new': 'matrix_server_fqn_element'}
    - {'old': 'matrix_server_fqn_riot', 'new': 'matrix_server_fqn_element'}
    - {'old': 'matrix_local_bin_path', 'new': '<there is no global bin path anymore - each role has its own>'}

 # We have a dedicated check for this variable, because we'd like to have a custom (friendlier) message.
 - name: Fail if matrix_homeserver_generic_secret_key is undefined
--- a/roles/custom/matrix-coturn/tasks/setup_install.yml
+++ b/roles/custom/matrix-coturn/tasks/setup_install.yml
@@ -1,11 +1,5 @@
 ---

 # This is a cleanup/migration task. It can be removed some time in the future.
 - name: (Migration) Remove deprecated cronjob
  ansible.builtin.file:
    path: "{{ matrix_cron_path }}/matrix-coturn-ssl-reload"
    state: absent

 - name: Ensure Matrix Coturn path exists
  ansible.builtin.file:
    path: "{{ item.path }}"
--- a/roles/custom/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml
@@ -573,6 +573,7 @@ matrix_ssl_lets_encrypt_key_type: rsa
 matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl"
 matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config"
 matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log"
 matrix_ssl_bin_dir_path: "{{ matrix_ssl_base_path }}/bin"

 # If you'd like to start some service before a certificate is obtained, specify it here.
 # This could be something like `matrix-dynamic-dns`, etc.
--- a/roles/custom/matrix-nginx-proxy/tasks/ssl/main.yml
+++ b/roles/custom/matrix-nginx-proxy/tasks/ssl/main.yml
@@ -24,6 +24,7 @@
  with_items:
    - "{{ matrix_ssl_log_dir_path }}"
    - "{{ matrix_ssl_config_dir_path }}"
    - "{{ matrix_ssl_bin_dir_path }}"
  when: "matrix_ssl_retrieval_method != 'none'"


--- a/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml
+++ b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml
@@ -1,17 +1,4 @@
 ---

 # This is a cleanup/migration task, because of to the new way we manage cronjobs (`cron` module) and the new script name.
 # This migration task can be removed some time in the future.
 - name: (Migration) Remove deprecated Let's Encrypt SSL certificate management files
  ansible.builtin.file:
    path: "{{ item }}"
    state: absent
  with_items:
    - "{{ matrix_local_bin_path }}/matrix-ssl-certificates-renew"
    - "{{ matrix_cron_path }}/matrix-ssl-certificate-renewal"
    - "{{ matrix_cron_path }}/matrix-nginx-proxy-periodic-restarter"
    - "/etc/cron.d/matrix-ssl-lets-encrypt"

 #
 # Tasks related to setting up Let's Encrypt's management of certificates
 #
@@ -36,8 +23,8 @@

    - name: Ensure Let's Encrypt SSL renewal script installed
      ansible.builtin.template:
        src: "{{ role_path }}/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2"
        dest: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew"
        src: "{{ role_path }}/templates/bin/lets-encrypt-certificates-renew.j2"
        dest: "{{ matrix_ssl_bin_dir_path }}/lets-encrypt-certificates-renew"
        mode: 0755

    - name: Ensure SSL renewal systemd units installed
@@ -63,5 +50,5 @@

    - name: Ensure Let's Encrypt SSL renewal script removed
      ansible.builtin.file:
        path: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew"
        path: "{{ matrix_ssl_bin_dir_path }}/lets-encrypt-certificates-renew"
        state: absent
--- a/roles/custom/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2
+++ b/roles/custom/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2
--- a/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.service.j2
+++ b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.service.j2
@@ -4,4 +4,4 @@ Description=Renews Let's Encrypt SSL certificates
 [Service]
 Type=oneshot
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
 ExecStart={{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew
 ExecStart={{ matrix_ssl_bin_dir_path }}/lets-encrypt-certificates-renew