From 707e909b9b2b122be15f6b376c720496ae84430b Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Sun, 27 Nov 2022 09:53:23 +0200
Subject: [PATCH] /usr/local/bin/matrix-ssl-lets-encrypt-certificates-renew ->
 /matrix/ssl/bin/lets-encrypt-certificates-renew

---
 roles/custom/matrix-base/defaults/main.yml    |  6 ------
 .../matrix-base/tasks/validate_config.yml     |  1 +
 .../matrix-coturn/tasks/setup_install.yml     |  6 ------
 .../matrix-nginx-proxy/defaults/main.yml      |  1 +
 .../matrix-nginx-proxy/tasks/ssl/main.yml     |  1 +
 .../tasks/ssl/setup_ssl_lets_encrypt.yml      | 19 +++----------------
 .../lets-encrypt-certificates-renew.j2}       |  0
 ...lets-encrypt-certificates-renew.service.j2 |  2 +-
 8 files changed, 7 insertions(+), 29 deletions(-)
 rename roles/custom/matrix-nginx-proxy/templates/{usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 => bin/lets-encrypt-certificates-renew.j2} (100%)

diff --git a/roles/custom/matrix-base/defaults/main.yml b/roles/custom/matrix-base/defaults/main.yml
index 33805e51..63aee58a 100644
--- a/roles/custom/matrix-base/defaults/main.yml
+++ b/roles/custom/matrix-base/defaults/main.yml
@@ -121,12 +121,6 @@ matrix_bin_path: "{{ matrix_base_data_path }}/bin"
 
 matrix_static_files_base_path: "{{ matrix_base_data_path }}/static-files"
 
-# This is now unused. We keep it so that cleanup tasks can use it.
-# To be removed in the future.
-matrix_cron_path: "/etc/cron.d"
-
-matrix_local_bin_path: "/usr/local/bin"
-
 matrix_host_command_sleep: "/usr/bin/env sleep"
 matrix_host_command_chown: "/usr/bin/env chown"
 matrix_host_command_fusermount: "/usr/bin/env fusermount"
diff --git a/roles/custom/matrix-base/tasks/validate_config.yml b/roles/custom/matrix-base/tasks/validate_config.yml
index b3c7fb18..b3551e2e 100644
--- a/roles/custom/matrix-base/tasks/validate_config.yml
+++ b/roles/custom/matrix-base/tasks/validate_config.yml
@@ -17,6 +17,7 @@
     - {'old': 'hostname_matrix', 'new': 'matrix_server_fqn_matrix'}
     - {'old': 'hostname_riot', 'new': 'matrix_server_fqn_element'}
     - {'old': 'matrix_server_fqn_riot', 'new': 'matrix_server_fqn_element'}
+    - {'old': 'matrix_local_bin_path', 'new': '<there is no global bin path anymore - each role has its own>'}
 
 # We have a dedicated check for this variable, because we'd like to have a custom (friendlier) message.
 - name: Fail if matrix_homeserver_generic_secret_key is undefined
diff --git a/roles/custom/matrix-coturn/tasks/setup_install.yml b/roles/custom/matrix-coturn/tasks/setup_install.yml
index 31b5446c..ab94db27 100644
--- a/roles/custom/matrix-coturn/tasks/setup_install.yml
+++ b/roles/custom/matrix-coturn/tasks/setup_install.yml
@@ -1,11 +1,5 @@
 ---
 
-# This is a cleanup/migration task. It can be removed some time in the future.
-- name: (Migration) Remove deprecated cronjob
-  ansible.builtin.file:
-    path: "{{ matrix_cron_path }}/matrix-coturn-ssl-reload"
-    state: absent
-
 - name: Ensure Matrix Coturn path exists
   ansible.builtin.file:
     path: "{{ item.path }}"
diff --git a/roles/custom/matrix-nginx-proxy/defaults/main.yml b/roles/custom/matrix-nginx-proxy/defaults/main.yml
index 886e3513..0830d4f4 100644
--- a/roles/custom/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml
@@ -573,6 +573,7 @@ matrix_ssl_lets_encrypt_key_type: rsa
 matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl"
 matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config"
 matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log"
+matrix_ssl_bin_dir_path: "{{ matrix_ssl_base_path }}/bin"
 
 # If you'd like to start some service before a certificate is obtained, specify it here.
 # This could be something like `matrix-dynamic-dns`, etc.
diff --git a/roles/custom/matrix-nginx-proxy/tasks/ssl/main.yml b/roles/custom/matrix-nginx-proxy/tasks/ssl/main.yml
index e9d270cf..6eff8cbf 100644
--- a/roles/custom/matrix-nginx-proxy/tasks/ssl/main.yml
+++ b/roles/custom/matrix-nginx-proxy/tasks/ssl/main.yml
@@ -24,6 +24,7 @@
   with_items:
     - "{{ matrix_ssl_log_dir_path }}"
     - "{{ matrix_ssl_config_dir_path }}"
+    - "{{ matrix_ssl_bin_dir_path }}"
   when: "matrix_ssl_retrieval_method != 'none'"
 
 
diff --git a/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml
index 77361f3f..a1b14e3b 100644
--- a/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml
+++ b/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt.yml
@@ -1,17 +1,4 @@
 ---
-
-# This is a cleanup/migration task, because of to the new way we manage cronjobs (`cron` module) and the new script name.
-# This migration task can be removed some time in the future.
-- name: (Migration) Remove deprecated Let's Encrypt SSL certificate management files
-  ansible.builtin.file:
-    path: "{{ item }}"
-    state: absent
-  with_items:
-    - "{{ matrix_local_bin_path }}/matrix-ssl-certificates-renew"
-    - "{{ matrix_cron_path }}/matrix-ssl-certificate-renewal"
-    - "{{ matrix_cron_path }}/matrix-nginx-proxy-periodic-restarter"
-    - "/etc/cron.d/matrix-ssl-lets-encrypt"
-
 #
 # Tasks related to setting up Let's Encrypt's management of certificates
 #
@@ -36,8 +23,8 @@
 
     - name: Ensure Let's Encrypt SSL renewal script installed
       ansible.builtin.template:
-        src: "{{ role_path }}/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2"
-        dest: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew"
+        src: "{{ role_path }}/templates/bin/lets-encrypt-certificates-renew.j2"
+        dest: "{{ matrix_ssl_bin_dir_path }}/lets-encrypt-certificates-renew"
         mode: 0755
 
     - name: Ensure SSL renewal systemd units installed
@@ -63,5 +50,5 @@
 
     - name: Ensure Let's Encrypt SSL renewal script removed
       ansible.builtin.file:
-        path: "{{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew"
+        path: "{{ matrix_ssl_bin_dir_path }}/lets-encrypt-certificates-renew"
         state: absent
diff --git a/roles/custom/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2 b/roles/custom/matrix-nginx-proxy/templates/bin/lets-encrypt-certificates-renew.j2
similarity index 100%
rename from roles/custom/matrix-nginx-proxy/templates/usr-local-bin/matrix-ssl-lets-encrypt-certificates-renew.j2
rename to roles/custom/matrix-nginx-proxy/templates/bin/lets-encrypt-certificates-renew.j2
diff --git a/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.service.j2 b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.service.j2
index c7f372d9..b2f07aca 100644
--- a/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.service.j2
+++ b/roles/custom/matrix-nginx-proxy/templates/systemd/matrix-ssl-lets-encrypt-certificates-renew.service.j2
@@ -4,4 +4,4 @@ Description=Renews Let's Encrypt SSL certificates
 [Service]
 Type=oneshot
 Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}"
-ExecStart={{ matrix_local_bin_path }}/matrix-ssl-lets-encrypt-certificates-renew
+ExecStart={{ matrix_ssl_bin_dir_path }}/lets-encrypt-certificates-renew