feat(synapse): add option to refresh container certificates

2024-11-10 21:54:15 +00:00 · 2021-09-22 12:08:03 +02:00 · 2021-09-22 12:08:03 +02:00 · f6ee493e97
commit f6ee493e97
parent 6f3205c533
2 changed files with 14 additions and 0 deletions
--- a/roles/synapse/defaults/main.yml
+++ b/roles/synapse/defaults/main.yml
@ -71,3 +71,7 @@ matrix_synapse_worker_client_endpoints: >-
    + matrix_synapse_worker_client_login_endpoints
  }}

+# Certificate management
+matrix_synapse_container_certificate_refresh: false
+matrix_synapse_container_certificate_refresh_command: "update-ca-certificates --fresh"
+matrix_synapse_container_certificate_refresh_user_id: 0
--- a/roles/synapse/tasks/deployment.yml
+++ b/roles/synapse/tasks/deployment.yml
@ -87,5 +87,15 @@
    volumes: "{{ matrix_synapse_docker_volumes }}"
    restart_policy: unless-stopped
    state: started
+  register: matrix_synapse_container_started
  when: matrix_synapse_deployment_method == "docker"
  tags: ['deploy', 'deploy-synapse']
+
+- name: Refresh container certificates if required
+  community.docker.docker_container_exec:
+    container: "{{ matrix_synapse_container_name }}"
+    command: "{{ matrix_synapse_container_certificate_refresh_command }}"
+    user: "{{ matrix_synapse_container_certificate_refresh_user_id }}"
+    notify: restart matrix-synapse
+  when: matrix_synapse_container_certificate_refresh and matrix_synapse_deployment_method == "docker" and matrix_synapse_container_started.changed
+  tags: ['deploy', 'deploy-synapse']