Extract letsencrypt operations to a separate play

2024-12-05 00:59:15 +00:00 · 2018-12-02 23:25:20 +01:00 · 2018-12-02 23:25:20 +01:00 · 682b55e797
commit 682b55e797
parent 3240f5df73
3 changed files with 31 additions and 19 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -19,3 +19,4 @@ matrix_synapse_macaroon_secret_key: "{{ matrix_macaroon_key }}"
 matrix_synapse_signing_key_path: "/opt/synapse/ssl/{{ matrix_synapse_domain }}.signing.key"
 matrix_synapse_version: "v0.28.1"
 matrix_synapse_log_days_keep: 30
+matrix_synapse_skip_letsencrypt: false
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@ -31,28 +31,13 @@

 - name: Configure logging
  import_tasks: logging.yml
- name: ensure hook directory available
-  file:
-    name: /etc/letsencrypt/renewal-hooks/deploy/
-    state: directory

- name: template ssl post-renewal copier into place
-  template:
-    src: 01-synapse.j2
-    dest: /etc/letsencrypt/renewal-hooks/deploy/01-synapse
-    mode: 0700
-  register: ssl_renewal
-
- name: run post-renewal copier
-  command: /etc/letsencrypt/renewal-hooks/deploy/01-synapse
-  when: ssl_renewal.changed
-  tags:
-    - skip_ansible_lint # because of the when clause
-
- name: create DH parameters
-  command: openssl dhparam -out ssl/{{ matrix_synapse_domain }}.dh 2048
  args:
    creates: /opt/synapse/ssl/{{ matrix_synapse_domain }}.dh
    chdir: /opt/synapse
  become_user: synapse
  become: true
+
+- name: Use letsencrypt certificate
+  include_tasks: letsencrypt.yml
+  when: not skip_letsencrypt
--- a/tasks/letsencrypt.yml
+++ b/tasks/letsencrypt.yml
@ -0,0 +1,26 @@
+---
+- name: ensure hook directory available
+  file:
+    name: /etc/letsencrypt/renewal-hooks/deploy/
+    state: directory
+
+- name: template ssl post-renewal copier into place
+  template:
+    src: 01-synapse.j2
+    dest: /etc/letsencrypt/renewal-hooks/deploy/01-synapse
+    mode: 0700
+  register: ssl_renewal
+
+- name: run post-renewal copier
+  command: /etc/letsencrypt/renewal-hooks/deploy/01-synapse
+  when: ssl_renewal.changed
+  tags:
+    - skip_ansible_lint # because of the when clause
+
+- name: create DH parameters
+  command: openssl dhparam -out ssl/{{ matrix_synapse_domain }}.dh 2048
+  args:
+    creates: /opt/synapse/ssl/{{ matrix_synapse_domain }}.dh
+    chdir: /opt/synapse
+  become_user: synapse
+  become: true