From c07630ed51f05117659635f45405d946d97d00d6 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Wed, 8 Feb 2023 16:05:38 +0200 Subject: [PATCH] Add com.devture.ansible.role.traefik_certs_dumper role With this, other roles (like Coturn, Postmoogle) will be able to use SSL certificates extracted from Traefik via https://github.com/ldez/traefik-certs-dumper --- group_vars/matrix_servers | 30 ++++++++++++++++++++++++++++++ playbooks/matrix.yml | 3 +++ requirements.yml | 5 ++++- 3 files changed, 37 insertions(+), 1 deletion(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 8ce94f52..08e3bf4e 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -38,6 +38,8 @@ matrix_playbook_traefik_role_enabled: false # installed in another way. matrix_playbook_traefik_labels_enabled: false +matrix_playbook_traefik_certs_dumper_role_enabled: "{{ matrix_playbook_traefik_role_enabled }}" + # Controls the additional network that reverse-proxyable services will be connected to. matrix_playbook_reverse_proxyable_services_additional_network: "{{ devture_traefik_container_network if devture_traefik_enabled else '' }}" @@ -344,6 +346,8 @@ devture_systemd_service_manager_services_list_auto: | ([{'name': 'matrix-synapse-reverse-proxy-companion.service', 'priority': 1500, 'groups': ['matrix', 'homeservers', 'synapse', 'reverse-proxies']}] if matrix_synapse_reverse_proxy_companion_enabled else []) + ([{'name': 'devture-traefik.service', 'priority': 3000, 'groups': ['matrix', 'traefik', 'reverse-proxies']}] if matrix_playbook_traefik_role_enabled else []) + + + ([{'name': (devture_traefik_certs_dumper_identifier + '.service'), 'priority': 3500, 'groups': ['matrix', 'traefik-certs-dumper']}] if matrix_playbook_traefik_certs_dumper_role_enabled else []) }} ######################################################################## @@ -3361,3 +3365,29 @@ devture_traefik_additional_entrypoints_auto: # /com.devture.ansible.role.traefik # # # ######################################################################## + + +######################################################################## +# # +# com.devture.ansible.role.traefik_certs_dumper # +# # +######################################################################## + +# To completely disable the Traefik certs dumper role from running, use `matrix_playbook_traefik_certs_dumper_role_enabled: false`. +# See the comment there for more details about why we have both `devture_traefik_certs_dumper_enabled` and `matrix_playbook_traefik_certs_dumper_role_enabled`. +devture_traefik_certs_dumper_enabled: "{{ matrix_playbook_traefik_certs_dumper_role_enabled and devture_traefik_enabled }}" + +devture_traefik_certs_dumper_identifier: matrix-traefik-certs-dumper + +devture_traefik_certs_dumper_base_path: "{{ matrix_base_data_path }}/traefik-certs-dumper" + +devture_traefik_certs_dumper_uid: "{{ matrix_user_uid }}" +devture_traefik_certs_dumper_gid: "{{ matrix_user_gid }}" + +devture_traefik_certs_dumper_ssl_dir_path: "{{ devture_traefik_ssl_dir_path }}" + +######################################################################## +# # +# /com.devture.ansible.role.traefik_certs_dumper # +# # +######################################################################## diff --git a/playbooks/matrix.yml b/playbooks/matrix.yml index 392a3a0e..3199f8cf 100755 --- a/playbooks/matrix.yml +++ b/playbooks/matrix.yml @@ -118,6 +118,9 @@ - when: matrix_playbook_traefik_role_enabled | bool role: galaxy/com.devture.ansible.role.traefik + - when: matrix_playbook_traefik_certs_dumper_role_enabled | bool + role: galaxy/com.devture.ansible.role.traefik_certs_dumper + - when: devture_systemd_service_manager_enabled | bool role: galaxy/com.devture.ansible.role.systemd_service_manager diff --git a/requirements.yml b/requirements.yml index e0ff1e81..b0dd8d1a 100644 --- a/requirements.yml +++ b/requirements.yml @@ -37,4 +37,7 @@ version: v0.11.1-2 - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git - version: b8609fd07c26c89a72fe2934d183af5fd964bc1c + version: c90a0adcdc1de3d00d256e794b095ffbf466bb05 + +- src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git + version: e7563caa814e634d2f8deec4a41e970caa1c0ae4