add certbot self-building

docs/self-building.md

@@ -10,6 +10,7 @@ Setting that variable will self-build every role which supports self-building. S
 
 List of roles where self-building the docker image is currently possible:
 - synapse
+- ssl-lets-encrypt
 - riot-web
 - coturn
 - ma1sd

group_vars/matrix_servers

@@ -566,6 +566,8 @@ matrix_ssl_domains_to_obtain_certificates_for: |
     ([matrix_domain] if matrix_nginx_proxy_base_domain_serving_enabled else [])
   }}
 
+  matrix_ssl_lets_encrypt_container_image_self_build: "{{ matrix_container_images_self_build }}"
+
 ######################################################################
 #
 # /matrix-nginx-proxy

roles/matrix-nginx-proxy/defaults/main.yml

@@ -233,6 +233,7 @@ matrix_ssl_lets_encrypt_container_standalone_http_host_bind_port: '80'
 matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl"
 matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config"
 matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log"
+matrix_mautrix_hangouts_docker_src_files_path: "{{ matrix_ssl_base_path }}/docker-src"
 
 
 # nginx status page configurations.

roles/matrix-nginx-proxy/tasks/ssl/main.yml

@@ -19,6 +19,7 @@
   with_items:
     - "{{ matrix_ssl_log_dir_path }}"
     - "{{ matrix_ssl_config_dir_path }}"
+    - { "{{ matrix_ssl_lets_encrypt_docker_src_files_path }}", when: "{{ matrix_ssl_lets_encrypt_container_image_self_build }}" }
   when: "matrix_ssl_retrieval_method != 'none'"
 
 

roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml

@@ -39,7 +39,26 @@
     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
     force_source: "{{ matrix_ssl_lets_encrypt_certbot_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_ssl_lets_encrypt_certbot_docker_image_force_pull }}"
-  when: "matrix_ssl_retrieval_method == 'lets-encrypt'"
+  when: "matrix_ssl_retrieval_method == 'lets-encrypt' and not matrix_ssl_lets_encrypt_self_build"
+
+- name: Ensure certbot repository is present on self-build
+  git:
+    repo: https://github.com/certbot-docker/certbot-docker/
+    dest: "{{ matrix_ssl_lets_encrypt_docker_src_files_path }}"
+    version: "{{ matrix_ssl_lets_encrypt_docker_image.split(':')[1] }}"
+    force: "yes"
+  when: "matrix_ssl_lets_encrypt_enabled|bool and matrix_ssl_lets_encrypt_container_image_self_build"
+
+- name: Ensure certbot Docker image is built
+  docker_image:
+    name: "{{ matrix_ssl_lets_encrypt_docker_image }}"
+    source: build
+    build:
+      args: "TARGET_ARCH={{ ansible_architecture }}, CERTBOT_VERSION={{ matrix_ssl_lets_encrypt_docker_image.split('v')[1] }}"
+      dockerfile: "core/Dockerfile"
+      path: "{{ matrix_ssl_lets_encrypt_docker_src_files_path }}"
+      pull: yes
+  when: "matrix_ssl_lets_encrypt_enabled|bool and matrix_ssl_lets_encrypt_container_image_self_build"
 
 - name: Obtain Let's Encrypt certificates
   include_tasks: "{{ role_path }}/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml"