overmind
/
matrix-docker-ansible-deploy
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy
1
0
Fork 0
Code Issues 0 Releases 0 Wiki Activity
Matrix Docker Ansible eploy
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11106 Commits
13 Branches
1.7 GiB
 
 
Tree: c851bb5d32
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c851bb5d32'
${ noResults }
matrix-docker-ansible-deploy/roles/custom/matrix-media-repo/tasks/setup_install.yml

169 lines
7.9 KiB
Raw Blame History 

  1. # SPDX-FileCopyrightText: 2023 - 2024 Michael Hollister

  2. # SPDX-FileCopyrightText: 2024 Daniel A. Maierhofer

  3. # SPDX-FileCopyrightText: 2024 David Mehren

  4. # SPDX-FileCopyrightText: 2024 Slavi Pantaleev

  5. #

  6. # SPDX-License-Identifier: AGPL-3.0-or-later

  7. 

  8. ---

  9. 

  10. - name: Ensure media-repo paths exist

  11.   ansible.builtin.file:

  12.     path: "{{ item.path }}"

  13.     state: directory

  14.     mode: '0750'

  15.     owner: "{{ matrix_user_name }}"

  16.     group: "{{ matrix_group_name }}"

  17.   with_items:

  18.     - path: "{{ matrix_media_repo_base_path }}"

  19.       when: true

  20.     - path: "{{ matrix_media_repo_config_path }}"

  21.       when: true

  22.     - path: "{{ matrix_media_repo_data_path }}"

  23.       when: true

  24.     - path: "{{ matrix_media_repo_container_src_files_path }}"

  25.       when: "{{ matrix_media_repo_container_image_self_build }}"

  26.   when: "item.when | bool"

  27. 

  28. - name: Ensure media-repo support files installed

  29.   ansible.builtin.template:

  30.     src: "{{ role_path }}/templates/media-repo/{{ item }}.j2"

  31.     dest: "{{ matrix_media_repo_base_path }}/{{ item }}"

  32.     mode: '0640'

  33.     owner: "{{ matrix_user_name }}"

  34.     group: "{{ matrix_group_name }}"

  35.   with_items:

  36.     - env

  37.     - labels

  38.   register: matrix_media_repo_support_files_result

  39. 

  40. - name: Ensure media-repo configuration installed

  41.   ansible.builtin.template:

  42.     src: "{{ role_path }}/templates/media-repo/media-repo.yaml.j2"

  43.     dest: "{{ matrix_media_repo_config_path }}/media-repo.yaml"

  44.     mode: '0640'

  45.     owner: "{{ matrix_user_name }}"

  46.     group: "{{ matrix_group_name }}"

  47.   register: matrix_media_repo_config_result

  48. 

  49. - name: Ensure media-repo Docker image is pulled

  50.   community.docker.docker_image:

  51.     name: "{{ matrix_media_repo_container_image }}"

  52.     source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"

  53.     force_source: "{{ matrix_media_repo_container_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"

  54.     force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_media_repo_container_image_force_pull }}"

  55.   when: "not matrix_media_repo_container_image_self_build | bool"

  56.   register: matrix_media_repo_container_image_pull_result

  57.   retries: "{{ devture_playbook_help_container_retries_count }}"

  58.   delay: "{{ devture_playbook_help_container_retries_delay }}"

  59.   until: matrix_media_repo_container_image_pull_result is not failed

  60. 

  61. - when: "matrix_media_repo_container_image_self_build | bool"

  62.   block:

  63.     - name: Ensure media-repo repository is present on self-build

  64.       ansible.builtin.git:

  65.         repo: "{{ matrix_media_repo_container_image_self_build_repo }}"

  66.         dest: "{{ matrix_media_repo_container_src_files_path }}"

  67.         version: "{{ matrix_media_repo_container_image.split(':')[1] }}"

  68.         force: "yes"

  69.       become: true

  70.       become_user: "{{ matrix_user_name }}"

  71.       register: matrix_media_repo_git_pull_results

  72. 

  73.     - name: Check if media-repo Docker image exists

  74.       ansible.builtin.command: "{{ devture_systemd_docker_base_host_command_docker }} images --quiet --filter 'reference={{ matrix_media_repo_container_image }}'"

  75.       register: matrix_media_repo_container_image_check_result

  76.       changed_when: false

  77. 

  78.     # Invoking the `docker build` command here, instead of calling the `docker_image` Ansible module,

  79.     # because the latter does not support BuildKit.

  80.     # See: https://github.com/ansible-collections/community.general/issues/514

  81.     - name: Ensure media-repo Docker image is built

  82.       ansible.builtin.command:

  83.         cmd: "{{ devture_systemd_docker_base_host_command_docker }} build -t {{ matrix_media_repo_container_image }} {{ matrix_media_repo_container_src_files_path }}"

  84.       environment:

  85.         DOCKER_BUILDKIT: 1

  86.       changed_when: true

  87.       when: "matrix_media_repo_git_pull_results.changed | bool or matrix_media_repo_container_image_check_result.stdout == ''"

  88. 

  89. - name: Check existence of media-repo signing key

  90.   ansible.builtin.stat:

  91.     path: "{{ matrix_media_repo_config_path }}/{{ matrix_media_repo_identifier }}.signing.key"

  92.   register: matrix_media_repo_signing_key_stat

  93. 

  94. - when: "matrix_media_repo_generate_signing_key | bool and not (matrix_media_repo_signing_key_stat.stat.exists | bool)"

  95.   block:

  96.     - name: Generate media-repo signing key

  97.       ansible.builtin.command:

  98.         cmd: |

  99.           {{ devture_systemd_docker_base_host_command_docker }} run

  100.           --rm

  101.           --name={{ matrix_media_repo_identifier }}-temp

  102.           --user={{ matrix_synapse_uid }}:{{ matrix_synapse_gid }}

  103.           --cap-drop=ALL

  104.           --mount type=bind,src={{ matrix_media_repo_config_path }},dst=/config

  105.           --workdir='/config'

  106.           --entrypoint='generate_signing_key'

  107.           {{ matrix_media_repo_container_image }}

  108.           -output {{ matrix_media_repo_identifier }}.signing.key.TEMP

  109.         creates: "{{ matrix_media_repo_config_path }}/{{ matrix_media_repo_identifier }}.signing.key.TEMP"

  110. 

  111.     - name: Merge media-repo signing key with homeserver signing key

  112.       ansible.builtin.command:

  113.         cmd: |

  114.           {{ devture_systemd_docker_base_host_command_docker }} run

  115.           --rm

  116.           --name={{ matrix_media_repo_identifier }}-temp

  117.           --user={{ matrix_synapse_uid }}:{{ matrix_synapse_gid }}

  118.           --cap-drop=ALL

  119.           --mount type=bind,src={{ matrix_media_repo_config_path }},dst=/config

  120.           --mount type=bind,src={{ matrix_media_repo_homeserver_signing_key | dirname }},dst=/homeserver-signing-key-dir

  121.           --workdir='/config'

  122.           --entrypoint='combine_signing_keys'

  123.           {{ matrix_media_repo_container_image }}

  124.           -format {{ matrix_homeserver_implementation }} -output /homeserver-signing-key-dir/{{ matrix_media_repo_homeserver_signing_key | basename }}.merged /homeserver-signing-key-dir/{{ matrix_media_repo_homeserver_signing_key | basename }} {{ matrix_media_repo_identifier }}.signing.key.TEMP

  125.         creates: "{{ matrix_media_repo_homeserver_signing_key }}.merged"

  126. 

  127.     - name: Backup existing homeserver signing key before replacing it

  128.       ansible.builtin.copy:

  129.         remote_src: true

  130.         src: "{{ matrix_media_repo_homeserver_signing_key }}"

  131.         dest: "{{ matrix_media_repo_homeserver_signing_key }}.{{ matrix_homeserver_implementation }}.backup"

  132.         mode: '0644'

  133.         owner: "{{ matrix_user_name }}"

  134.         group: "{{ matrix_group_name }}"

  135. 

  136.     - name: Replace homeserver signing key with merged signing key

  137.       ansible.builtin.command:

  138.         cmd: "mv {{ matrix_media_repo_homeserver_signing_key }}.merged {{ matrix_media_repo_homeserver_signing_key }}"

  139.         removes: "{{ matrix_media_repo_homeserver_signing_key }}.merged"

  140. 

  141.     - name: Finalize media-repo signing key setup

  142.       ansible.builtin.command:

  143.         cmd: "mv {{ matrix_media_repo_config_path }}/{{ matrix_media_repo_identifier }}.signing.key.TEMP {{ matrix_media_repo_config_path }}/{{ matrix_media_repo_identifier }}.signing.key"

  144.         removes: "{{ matrix_media_repo_config_path }}/{{ matrix_media_repo_identifier }}.signing.key.TEMP"

  145. 

  146. - name: Ensure media-repo container network is created

  147.   community.general.docker_network:

  148.     enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"

  149.     name: "{{ matrix_media_repo_container_network }}"

  150.     driver: bridge

  151.     driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"

  152. 

  153. - name: Ensure media-repo service installed

  154.   ansible.builtin.template:

  155.     src: "{{ role_path }}/templates/media-repo/systemd/matrix-media-repo.service.j2"

  156.     dest: "{{ devture_systemd_docker_base_systemd_path }}/{{ matrix_media_repo_identifier }}.service"

  157.     mode: '0640'

  158.   register: matrix_media_repo_systemd_service_result

  159. 

  160. - name: Determine whether media-repo needs a restart

  161.   ansible.builtin.set_fact:

  162.     matrix_media_repo_restart_necessary: >-

  163.       {{

  164.         matrix_media_repo_config_result.changed | default(false)

  165.         or matrix_media_repo_support_files_result.changed | default(false)

  166.         or matrix_media_repo_systemd_service_result.changed | default(false)

  167.         or matrix_media_repo_container_image_pull_result.changed | default(false)

  168.       }}