overmind
/
matrix-docker-ansible-deploy
огледало од https://github.com/spantaleev/matrix-docker-ansible-deploy


			
				
					
						
						
							
							# SPDX-FileCopyrightText: 2023 - 2024 Michael Hollister
# SPDX-FileCopyrightText: 2024 Daniel A. Maierhofer
# SPDX-FileCopyrightText: 2024 David Mehren
# SPDX-FileCopyrightText: 2024 Slavi Pantaleev
#
# SPDX-License-Identifier: AGPL-3.0-or-later

---

- name: Ensure media-repo paths exist
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: directory
    mode: '0750'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  with_items:
    - path: "{{ matrix_media_repo_base_path }}"
      when: true
    - path: "{{ matrix_media_repo_config_path }}"
      when: true
    - path: "{{ matrix_media_repo_data_path }}"
      when: true
    - path: "{{ matrix_media_repo_docker_src_files_path }}"
      when: "{{ matrix_media_repo_container_image_self_build }}"
  when: "item.when | bool"

- name: Ensure media-repo support files installed
  ansible.builtin.template:
    src: "{{ role_path }}/templates/media-repo/{{ item }}.j2"
    dest: "{{ matrix_media_repo_base_path }}/{{ item }}"
    mode: '0640'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"
  with_items:
    - env
    - labels

- name: Ensure media-repo configuration installed
  ansible.builtin.template:
    src: "{{ role_path }}/templates/media-repo/media-repo.yaml.j2"
    dest: "{{ matrix_media_repo_config_path }}/media-repo.yaml"
    mode: '0640'
    owner: "{{ matrix_user_name }}"
    group: "{{ matrix_group_name }}"

- name: Ensure media-repo Docker image is pulled
  community.docker.docker_image:
    name: "{{ matrix_media_repo_docker_image }}"
    source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}"
    force_source: "{{ matrix_media_repo_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}"
    force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_media_repo_docker_image_force_pull }}"
  when: "not matrix_media_repo_container_image_self_build | bool"
  register: result
  retries: "{{ devture_playbook_help_container_retries_count }}"
  delay: "{{ devture_playbook_help_container_retries_delay }}"
  until: result is not failed

- when: "matrix_media_repo_container_image_self_build | bool"
  block:
    - name: Ensure media-repo repository is present on self-build
      ansible.builtin.git:
        repo: "{{ matrix_media_repo_container_image_self_build_repo }}"
        dest: "{{ matrix_media_repo_docker_src_files_path }}"
        version: "{{ matrix_media_repo_docker_image.split(':')[1] }}"
        force: "yes"
      become: true
      become_user: "{{ matrix_user_name }}"
      register: matrix_media_repo_git_pull_results

    - name: Check if media-repo Docker image exists
      ansible.builtin.command: "{{ devture_systemd_docker_base_host_command_docker }} images --quiet --filter 'reference={{ matrix_media_repo_docker_image }}'"
      register: matrix_media_repo_docker_image_check_result
      changed_when: false

    # Invoking the `docker build` command here, instead of calling the `docker_image` Ansible module,
    # because the latter does not support BuildKit.
    # See: https://github.com/ansible-collections/community.general/issues/514
    - name: Ensure media-repo Docker image is built
      ansible.builtin.command:
        cmd: "{{ devture_systemd_docker_base_host_command_docker }} build -t {{ matrix_media_repo_docker_image }} {{ matrix_media_repo_docker_src_files_path }}"
      environment:
        DOCKER_BUILDKIT: 1
      changed_when: true
      when: "matrix_media_repo_git_pull_results.changed | bool or matrix_media_repo_docker_image_check_result.stdout == ''"

- name: Check existence of media-repo signing key
  ansible.builtin.stat:
    path: "{{ matrix_media_repo_config_path }}/{{ matrix_media_repo_identifier }}.signing.key"
  register: matrix_media_repo_signing_key_stat

- when: "matrix_media_repo_generate_signing_key | bool and not (matrix_media_repo_signing_key_stat.stat.exists | bool)"
  block:
    - name: Generate media-repo signing key
      ansible.builtin.command:
        cmd: |
          {{ devture_systemd_docker_base_host_command_docker }} run
          --rm
          --name={{ matrix_media_repo_identifier }}-temp
          --user={{ matrix_synapse_uid }}:{{ matrix_synapse_gid }}
          --cap-drop=ALL
          --mount type=bind,src={{ matrix_media_repo_config_path }},dst=/config
          --workdir='/config'
          --entrypoint='generate_signing_key'
          {{ matrix_media_repo_docker_image }}
          -output {{ matrix_media_repo_identifier }}.signing.key.TEMP
        creates: "{{ matrix_media_repo_config_path }}/{{ matrix_media_repo_identifier }}.signing.key.TEMP"

    - name: Merge media-repo signing key with homeserver signing key
      ansible.builtin.command:
        cmd: |
          {{ devture_systemd_docker_base_host_command_docker }} run
          --rm
          --name={{ matrix_media_repo_identifier }}-temp
          --user={{ matrix_synapse_uid }}:{{ matrix_synapse_gid }}
          --cap-drop=ALL
          --mount type=bind,src={{ matrix_media_repo_config_path }},dst=/config
          --mount type=bind,src={{ matrix_media_repo_homeserver_signing_key | dirname }},dst=/homeserver-signing-key-dir
          --workdir='/config'
          --entrypoint='combine_signing_keys'
          {{ matrix_media_repo_docker_image }}
          -format {{ matrix_homeserver_implementation }} -output /homeserver-signing-key-dir/{{ matrix_media_repo_homeserver_signing_key | basename }}.merged /homeserver-signing-key-dir/{{ matrix_media_repo_homeserver_signing_key | basename }} {{ matrix_media_repo_identifier }}.signing.key.TEMP
        creates: "{{ matrix_media_repo_homeserver_signing_key }}.merged"

    - name: Backup existing homeserver signing key before replacing it
      ansible.builtin.copy:
        remote_src: true
        src: "{{ matrix_media_repo_homeserver_signing_key }}"
        dest: "{{ matrix_media_repo_homeserver_signing_key }}.{{ matrix_homeserver_implementation }}.backup"
        mode: '0644'
        owner: "{{ matrix_user_name }}"
        group: "{{ matrix_group_name }}"

    - name: Replace homeserver signing key with merged signing key
      ansible.builtin.command:
        cmd: "mv {{ matrix_media_repo_homeserver_signing_key }}.merged {{ matrix_media_repo_homeserver_signing_key }}"
        removes: "{{ matrix_media_repo_homeserver_signing_key }}.merged"

    - name: Finalize media-repo signing key setup
      ansible.builtin.command:
        cmd: "mv {{ matrix_media_repo_config_path }}/{{ matrix_media_repo_identifier }}.signing.key.TEMP {{ matrix_media_repo_config_path }}/{{ matrix_media_repo_identifier }}.signing.key"
        removes: "{{ matrix_media_repo_config_path }}/{{ matrix_media_repo_identifier }}.signing.key.TEMP"

- name: Ensure media-repo container network is created
  community.general.docker_network:
    enable_ipv6: "{{ devture_systemd_docker_base_ipv6_enabled }}"
    name: "{{ matrix_media_repo_container_network }}"
    driver: bridge
    driver_options: "{{ devture_systemd_docker_base_container_networks_driver_options }}"

- name: Ensure media-repo service installed
  ansible.builtin.template:
    src: "{{ role_path }}/templates/media-repo/systemd/matrix-media-repo.service.j2"
    dest: "{{ devture_systemd_docker_base_systemd_path }}/{{ matrix_media_repo_identifier }}.service"
    mode: '0640'