overmind
/
matrix-docker-ansible-deploy
espelhamento de https://github.com/spantaleev/matrix-docker-ansible-deploy
1
0
Fork 0
Código Issues 0 Versões 0 Wiki Atividade
Matrix Docker Ansible eploy
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
4767 Commits
13 Branches
1.0 GiB
 
 
Tag: 1ce52f963a
Branches Tags
${ item.name }
Criar branch ${ searchTerm }
de 1ce52f963a
${ noResults }
matrix-docker-ansible-deploy/roles/matrix-nginx-proxy/tasks/validate_config.yml

137 linhas
8.5 KiB
Original Anotar Histórico 

  1. ---

  2. 

  3. - name: (Deprecation) Catch and report renamed settings

  4.   ansible.builtin.fail:

  5.     msg: >-

  6.       Your configuration contains a variable, which now has a different name.

  7.       Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).

  8.   when: "item.old in vars"

  9.   with_items:

  10.     - {'old': 'matrix_nginx_proxy_matrix_client_api_addr_with_proxy_container', 'new': 'matrix_nginx_proxy_proxy_matrix_client_api_addr_with_container'}

  11.     - {'old': 'matrix_nginx_proxy_matrix_client_api_addr_sans_proxy_container', 'new': 'matrix_nginx_proxy_proxy_matrix_client_api_addr_sans_container'}

  12.     # People who configured this to disable Riot, would now wish to be disabling Element.

  13.     # We now also have `matrix_nginx_proxy_proxy_riot_compat_redirect_`, but that's something else and is disabled by default.

  14.     - {'old': 'matrix_nginx_proxy_proxy_riot_enabled', 'new': 'matrix_nginx_proxy_proxy_element_enabled'}

  15.     - {'old': 'matrix_ssl_lets_encrypt_renew_cron_time_definition', 'new': '<not configurable anymore>'}

  16.     - {'old': 'matrix_nginx_proxy_reload_cron_time_definition', 'new': '<not configurable anymore>'}

  17. 

  18. - name: Fail on unknown matrix_ssl_retrieval_method

  19.   ansible.builtin.fail:

  20.     msg: >-

  21.       `matrix_ssl_retrieval_method` needs to be set to a known value.

  22.   when: "matrix_ssl_retrieval_method not in ['lets-encrypt', 'self-signed', 'manually-managed', 'none']"

  23. 

  24. - name: Fail on unknown matrix_nginx_proxy_ssl_config

  25.   ansible.builtin.fail:

  26.     msg: >-

  27.       `matrix_nginx_proxy_ssl_preset` needs to be set to a known value.

  28.   when: "matrix_nginx_proxy_ssl_preset not in ['modern', 'intermediate', 'old']"

  29. 

  30. - name: Fail if Basic Auth enabled for metrics, but no credentials supplied

  31.   ansible.builtin.fail:

  32.     msg: |

  33.       Enabling Basic Auth for metrics (`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled`) requires:

  34.       - either a username/password (provided in `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password`)

  35.       - or raw htpasswd content (provided in `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content`)

  36.   when: "matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled | bool and (matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content == '' and (matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username == '' or matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password == ''))"

  37. 

  38. - block:

  39.     - name: (Deprecation) Catch and report renamed settings

  40.       ansible.builtin.fail:

  41.         msg: >-

  42.           Your configuration contains a variable, which now has a different name.

  43.           Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).

  44.       with_items:

  45.         - {'old': 'host_specific_matrix_ssl_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'}

  46.         - {'old': 'host_specific_matrix_ssl_lets_encrypt_support_email', 'new': 'matrix_ssl_lets_encrypt_support_email'}

  47.         - {'old': 'matrix_nginx_proxy_proxy_synapse_workers_enabled_list', 'new': '<no longer used>'}

  48.       when: "item.old in vars"

  49. 

  50.     - name: Fail if required variables are undefined

  51.       ansible.builtin.fail:

  52.         msg: "The `{{ item }}` variable must be defined and have a non-null value"

  53.       with_items:

  54.         - "matrix_ssl_lets_encrypt_support_email"

  55.         - "matrix_nginx_proxy_proxy_synapse_federation_api_addr_sans_container"

  56.         - "matrix_nginx_proxy_proxy_synapse_federation_api_addr_with_container"

  57.         - "matrix_nginx_proxy_proxy_synapse_client_api_addr_with_container"

  58.         - "matrix_nginx_proxy_proxy_synapse_client_api_addr_sans_container"

  59.         - "matrix_ssl_lets_encrypt_certbot_challenge_image"

  60.       when: "vars[item] == '' or vars[item] is none"

  61. 

  62.     - name: "Fail if unsupported matrix_ssl_lets_encrypt_certbot_challenge_image"

  63.       ansible.builtin.fail:

  64.         msg: >-

  65.           `matrix_ssl_lets_encrypt_certbot_challenge_image` must be set to a known value: 'http' (default), 'dns' or 'custom'.

  66.       when: "matrix_ssl_lets_encrypt_certbot_challenge_image not in ['http', 'dns', 'custom']"

  67. 

  68.     - name: "Fail if custom certbot image is missing when required"

  69.       ansible.builtin.fail:

  70.         msg: >-

  71.           No `matrix_ssl_lets_encrypt_certbot_custom_docker_image` has been provided while `matrix_ssl_lets_encrypt_certbot_challenge_image` is set to 'custom'.

  72.       when: "matrix_ssl_lets_encrypt_certbot_challenge_image == 'custom' and (matrix_ssl_lets_encrypt_certbot_custom_docker_image == '' or matrix_ssl_lets_encrypt_certbot_custom_docker_image is none)"

  73. 

  74.     - name: "Fail if DNS certbot official image is not supported"

  75.       ansible.builtin.fail:

  76.         msg: >-

  77.           `matrix_ssl_lets_encrypt_certbot_official_dns_provider` needs to be set to a known value.

  78.       when: "matrix_ssl_lets_encrypt_certbot_challenge_image == 'dns' and matrix_ssl_lets_encrypt_certbot_official_dns_provider not in ['cloudflare', 'cloudxns', 'digitalocean', 'dnsmadeeasy', 'dnssimple', 'gehirn', 'google', 'linode', 'luadns', 'nsone', 'ovh', 'rfc2136', 'route53', 'sakuracloud']"

  79. 

  80.     - block:

  81.         - name: "Fail if DNS challenge configured with image supporting only HTTP challenge"

  82.           ansible.builtin.fail:

  83.             msg: >-

  84.               `matrix_ssl_lets_encrypt_dns_challenge_domains` is defined but the configured image doesn't support DNS challenges.

  85.           when: matrix_ssl_lets_encrypt_certbot_challenge_image not in ['dns', 'custom']

  86. 

  87.         - name: "Fail if required variables are undefined for an entry of `matrix_ssl_lets_encrypt_dns_challenge_domains`"

  88.           ansible.builtin.fail:

  89.             msg: >-

  90.               The `{{ item[1] }}` variable must be defined for configuration `{{ item[0] }}`

  91.           loop: "{{ matrix_ssl_lets_encrypt_dns_challenge_domains | product(['domain', 'provider', 'config_file']) | list }}"

  92.           when: "item[0][item[1]] is not defined"

  93. 

  94.         - name: "Fail if domain configured for DNS challenge is unkown"

  95.           ansible.builtin.fail:

  96.             msg: >-

  97.               The domain `{{ dns_challenge_domain.domain }}` is not in the list of domains for which a certificate will be requested.

  98.               The associated module might be enabled or it might be added to `matrix_ssl_additional_domains_to_obtain_certificates_for`.

  99.           with_items: "{{ matrix_ssl_lets_encrypt_dns_challenge_domains }}"

  100.           loop_control:

  101.             loop_var: dns_challenge_domain

  102.           when: "dns_challenge_domain.domain not in matrix_ssl_domains_to_obtain_certificates_for | list"

  103. 

  104.         - name: "Fail if DNS provider is not supported"

  105.           ansible.builtin.fail:

  106.             msg: >-

  107.               The DNS provider `{{ dns_challenge_domain.provider }}` is not supported for DNS challenges.

  108.           with_items: "{{ matrix_ssl_lets_encrypt_dns_challenge_domains }}"

  109.           loop_control:

  110.             loop_var: dns_challenge_domain

  111.           when: "dns_challenge_domain.provider not in ['cloudflare', 'cloudxns', 'digitalocean', 'dnsmadeeasy', 'dnssimple', 'gehirn', 'google', 'linode', 'luadns', 'nsone', 'ovh', 'rfc2136', 'route53', 'sakuracloud']"

  112. 

  113.         - name: "Fail if DNS provider configuration is missing"

  114.           ansible.builtin.fail:

  115.             msg: >-

  116.               The configuration file `{{ dns_challenge_domain.config_file }}` is not declared in `matrix_ssl_lets_encrypt_dns_config`.

  117.           with_items: "{{ matrix_ssl_lets_encrypt_dns_challenge_domains }}"

  118.           loop_control:

  119.             loop_var: dns_challenge_domain

  120.           when: "dns_challenge_domain.config_file not in matrix_ssl_lets_encrypt_dns_config | map(attribute='name') | list"

  121.       when: "(matrix_ssl_lets_encrypt_dns_challenge_domains is defined) and (matrix_ssl_lets_encrypt_dns_challenge_domains | length > 0)"

  122.   when: "matrix_ssl_retrieval_method == 'lets-encrypt'"

  123. 

  124. - name: (Deprecation) Catch and report old metrics usage

  125.   ansible.builtin.fail:

  126.     msg: >-

  127.       Your configuration contains a variable (`{{ item }}`), which refers to the old metrics collection system for Synapse,

  128.       which exposed metrics on `https://matrix.DOMAIN/_synapse/metrics` and `https://matrix.DOMAIN/_synapse-worker-TYPE-ID/metrics`.

  129. 

  130.       We now recommend exposing Synapse metrics in another way, from another URL.

  131.       Refer to the changelog for more details: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#2022-06-22

  132.   with_items:

  133.     - matrix_nginx_proxy_proxy_synapse_metrics

  134.     - matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled

  135.     - matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_key

  136.   when: "item in vars"