overmind
/
matrix-docker-ansible-deploy
зеркало из https://github.com/spantaleev/matrix-docker-ansible-deploy
1
0
Форкнуть 0
Код Задачи 0 Релизы 0 Вики Активность
Matrix Docker Ansible eploy
Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.
35 коммитов
13 Ветки
36 MiB
 
 
Дерево: 2906ec3045
Ветки Теги
${ item.name }
Создать ветку ${ searchTerm }
из '2906ec3045'
${ noResults }
matrix-docker-ansible-deploy/roles/matrix-server/tasks/setup_ssl.yml

68 строки
2.4 KiB
Исходник Вина История 

  1. ---

  2. 

  3. - name: Determine domains to obtain certificates for (Matrix)

  4.   set_fact:

  5.     domains_to_obtain_certificate_for: "['{{ hostname_matrix }}']"

  6. 

  7. - name: Determine domains to obtain certificates for (Riot)

  8.   set_fact:

  9.     domains_to_obtain_certificate_for: "{{ domains_to_obtain_certificate_for + [hostname_riot] }}"

  10.   when: matrix_riot_web_enabled

  11. 

  12. - name: Allow access to HTTP/HTTPS in firewalld

  13.   firewalld:

  14.     service: "{{ item }}"

  15.     state: enabled

  16.     immediate: yes

  17.     permanent: yes

  18.   with_items:

  19.     - http

  20.     - https

  21.   when: ansible_os_family == 'RedHat'

  22. 

  23. - name: Ensure acmetool Docker image is pulled

  24.   docker_image:

  25.     name: willwill/acme-docker

  26. 

  27. # Granting +rx to others as well, because the `nginx` user from within

  28. # matrix-nginx-proxy needs to be able to read the acme-challenge files inside

  29. # for renewal purposes.

  30. #

  31. # This should not be causing security trouble outside of the container,

  32. # as the parent directory (/matrix) does not allow "others" to access it or any of its children.

  33. # Still, it works when the /ssl subtree is mounted in the container.

  34. - name: Ensure SSL certificates path exists

  35.   file:

  36.     path: "{{ matrix_ssl_certs_path }}"

  37.     state: directory

  38.     mode: 0775

  39.     owner: "{{ matrix_user_username }}"

  40.     group: "{{ matrix_user_username }}"

  41. 

  42. - name: Check matrix-nginx-proxy state

  43.   service: name=matrix-nginx-proxy

  44.   register: matrix_nginx_proxy_state

  45. 

  46. - name: Ensure matrix-nginx-proxy is stopped (if previously installed & started)

  47.   service: name=matrix-nginx-proxy state=stopped

  48.   when: "matrix_nginx_proxy_state.status.ActiveState|default('missing') == 'active'"

  49. 

  50. - name: Ensure SSL certificates are marked as wanted in acmetool

  51.   shell: >-

  52.     /usr/bin/docker run --rm --name acmetool-host-grab -p 80:80

  53.     -v {{ matrix_ssl_certs_path }}:/certs

  54.     -e ACME_EMAIL={{ matrix_ssl_support_email }}

  55.     willwill/acme-docker

  56.     acmetool want {{ item }} --xlog.severity=debug

  57.   with_items: "{{ domains_to_obtain_certificate_for }}"

  58. 

  59. - name: Ensure matrix-nginx-proxy is started (if previously installed & started)

  60.   service: name=matrix-nginx-proxy state=started

  61.   when: "matrix_nginx_proxy_state.status.ActiveState|default('missing') == 'active'"

  62. 

  63. - name: Ensure periodic SSL renewal cronjob configured

  64.   template:

  65.     src: "{{ role_path }}/templates/cron.d/matrix-ssl-certificate-renewal.j2"

  66.     dest: "/etc/cron.d/matrix-ssl-certificate-renewal"

  67.     mode: 0600