--- - name: (Deprecation) Catch and report renamed settings ansible.builtin.fail: msg: >- Your configuration contains a variable, which now has a different name. Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). when: "item.old in vars" with_items: - {'old': 'matrix_nginx_proxy_matrix_client_api_addr_with_proxy_container', 'new': 'matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container'} - {'old': 'matrix_nginx_proxy_matrix_client_api_addr_sans_proxy_container', 'new': 'matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container'} # People who configured this to disable Riot, would now wish to be disabling Element. # We now also have `matrix_nginx_proxy_proxy_riot_compat_redirect_`, but that's something else and is disabled by default. - {'old': 'matrix_nginx_proxy_proxy_riot_enabled', 'new': 'matrix_nginx_proxy_proxy_element_enabled'} - {'old': 'matrix_ssl_lets_encrypt_renew_cron_time_definition', 'new': ''} - {'old': 'matrix_nginx_proxy_reload_cron_time_definition', 'new': ''} - name: Fail on unknown matrix_ssl_retrieval_method ansible.builtin.fail: msg: >- `matrix_ssl_retrieval_method` needs to be set to a known value. when: "matrix_ssl_retrieval_method not in ['lets-encrypt', 'self-signed', 'manually-managed', 'none']" - name: Fail on unknown matrix_nginx_proxy_ssl_config ansible.builtin.fail: msg: >- `matrix_nginx_proxy_ssl_preset` needs to be set to a known value. when: "matrix_nginx_proxy_ssl_preset not in ['modern', 'intermediate', 'old']" - name: Fail if Basic Auth enabled for metrics, but no credentials supplied ansible.builtin.fail: msg: | Enabling Basic Auth for metrics (`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled`) requires: - either a username/password (provided in `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password`) - or raw htpasswd content (provided in `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content`) when: "matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled | bool and (matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content == '' and (matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username == '' or matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password == ''))" - block: - name: (Deprecation) Catch and report renamed settings ansible.builtin.fail: msg: >- Your configuration contains a variable, which now has a different name. Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`). with_items: - {'old': 'host_specific_matrix_ssl_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'} - {'old': 'host_specific_matrix_ssl_lets_encrypt_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'} - {'old': 'matrix_nginx_proxy_proxy_synapse_workers_enabled_list', 'new': ''} when: "item.old in vars" - name: Fail if required variables are undefined ansible.builtin.fail: msg: "The `{{ item }}` variable must be defined and have a non-null value" with_items: - "matrix_ssl_lets_encrypt_support_email" - "matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container" - "matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container" - "matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container" - "matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container" - "matrix_ssl_lets_encrypt_certbot_challenge_image" when: "vars[item] == '' or vars[item] is none" - name: "Fail if unsupported matrix_ssl_lets_encrypt_certbot_challenge_image" ansible.builtin.fail: msg: >- `matrix_ssl_lets_encrypt_certbot_challenge_image` must be set to a known value: 'http' (default), 'dns' or 'custom'. when: "matrix_ssl_lets_encrypt_certbot_challenge_image not in ['http', 'dns', 'custom']" - name: "Fail if custom certbot image is missing when required" ansible.builtin.fail: msg: >- No `matrix_ssl_lets_encrypt_certbot_custom_docker_image` has been provided while `matrix_ssl_lets_encrypt_certbot_challenge_image` is set to 'custom'. when: "matrix_ssl_lets_encrypt_certbot_challenge_image == 'custom' and (matrix_ssl_lets_encrypt_certbot_custom_docker_image == '' or matrix_ssl_lets_encrypt_certbot_custom_docker_image is none)" - name: "Fail if DNS certbot official image is not supported" ansible.builtin.fail: msg: >- `matrix_ssl_lets_encrypt_certbot_official_dns_provider` needs to be set to a known value. when: "matrix_ssl_lets_encrypt_certbot_challenge_image == 'dns' and matrix_ssl_lets_encrypt_certbot_official_dns_provider not in ['cloudflare', 'cloudxns', 'digitalocean', 'dnsmadeeasy', 'dnssimple', 'gehirn', 'google', 'linode', 'luadns', 'nsone', 'ovh', 'rfc2136', 'route53', 'sakuracloud']" - block: - name: "Fail if DNS challenge configured with image supporting only HTTP challenge" ansible.builtin.fail: msg: >- `matrix_ssl_lets_encrypt_dns_challenge_domains` is defined but the configured image doesn't support DNS challenges. when: matrix_ssl_lets_encrypt_certbot_challenge_image not in ['dns', 'custom'] - name: "Fail if required variables are undefined for an entry of `matrix_ssl_lets_encrypt_dns_challenge_domains`" ansible.builtin.fail: msg: >- The `{{ item[1] }}` variable must be defined for configuration `{{ item[0] }}` loop: "{{ matrix_ssl_lets_encrypt_dns_challenge_domains | product(['domain', 'provider', 'config_file']) | list }}" when: "item[0][item[1]] is not defined" - name: "Fail if domain configured for DNS challenge is unkown" ansible.builtin.fail: msg: >- The domain `{{ dns_challenge_domain.domain }}` is not in the list of domains for which a certificate will be requested. The associated module might be enabled or it might be added to `matrix_ssl_additional_domains_to_obtain_certificates_for`. with_items: "{{ matrix_ssl_lets_encrypt_dns_challenge_domains }}" loop_control: loop_var: dns_challenge_domain when: "dns_challenge_domain.domain not in matrix_ssl_domains_to_obtain_certificates_for | list" - name: "Fail if DNS provider is not supported" ansible.builtin.fail: msg: >- The DNS provider `{{ dns_challenge_domain.provider }}` is not supported for DNS challenges. with_items: "{{ matrix_ssl_lets_encrypt_dns_challenge_domains }}" loop_control: loop_var: dns_challenge_domain when: "dns_challenge_domain.provider not in ['cloudflare', 'cloudxns', 'digitalocean', 'dnsmadeeasy', 'dnssimple', 'gehirn', 'google', 'linode', 'luadns', 'nsone', 'ovh', 'rfc2136', 'route53', 'sakuracloud']" - name: "Fail if DNS provider configuration is missing" ansible.builtin.fail: msg: >- The configuration file `{{ dns_challenge_domain.config_file }}` is not declared in `matrix_ssl_lets_encrypt_dns_config`. with_items: "{{ matrix_ssl_lets_encrypt_dns_challenge_domains }}" loop_control: loop_var: dns_challenge_domain when: "dns_challenge_domain.config_file not in matrix_ssl_lets_encrypt_dns_config | map(attribute='name') | list" when: "(matrix_ssl_lets_encrypt_dns_challenge_domains is defined) and (matrix_ssl_lets_encrypt_dns_challenge_domains | length > 0)" when: "matrix_ssl_retrieval_method == 'lets-encrypt'" - name: (Deprecation) Catch and report old metrics usage ansible.builtin.fail: msg: >- Your configuration contains a variable (`{{ item }}`), which refers to the old metrics collection system for Synapse, which exposed metrics on `https://matrix.DOMAIN/_synapse/metrics` and `https://matrix.DOMAIN/_synapse-worker-TYPE-ID/metrics`. We now recommend exposing Synapse metrics in another way, from another URL. Refer to the changelog for more details: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#2022-06-22 with_items: - matrix_nginx_proxy_proxy_synapse_metrics - matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled - matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key when: "item in vars"