- name: "Create {{ coturn_project_dir }} project directory" file: path: "{{ coturn_project_dir }}" state: directory - name: Template docker-compose.yaml to project directory template: src: docker-compose.yaml dest: "{{ coturn_project_dir }}/docker-compose.yaml" owner: "{{ ansible_env['USER'] }}" group: "{{ ansible_env['USER'] }}" mode: '640' - name: Template turnserver.conf to project directory template: src: turnserver.conf dest: "{{ coturn_project_dir }}/turnserver.conf" owner: "{{ ansible_env['USER'] }}" mode: '640' # Store result to restart services if the file changed register: coturn_template_turnserver_result # Separate task because template module cannot chown/chgrp to a non-existing user/group - name: "Change group of turnserver.conf to coturn GID ({{ users['coturn'] + uid_shift }})" file: path: "{{ coturn_project_dir }}/turnserver.conf" group: "{{ users['coturn'] + uid_shift }}" become: true - name: Set limited permissions on certificate directories file: path: "/etc/{{ item }}" state: directory owner: root group: root mode: '751' become: true loop: - letsencrypt - letsencrypt/live - letsencrypt/archive - name: Set limited permissions on certificate directories file: path: "/etc/letsencrypt/{{ item }}/turn.{{ domain }}" state: directory owner: "{{ host_uid }}" group: "{{ users['coturn'] + uid_shift }}" mode: '550' become: true loop: - live - archive - name: Set limited permissions on certificate key file file: path: "/etc/letsencrypt/live/turn.{{ domain }}/privkey.pem" owner: root group: "{{ users['coturn'] + uid_shift }}" mode: '640' become: true - name: Pull project services community.docker.docker_compose: project_src: "{{ coturn_project_dir }}" recreate: never pull: true when: docker_pull_images | bool - name: Create/Restart project services community.docker.docker_compose: project_src: "{{ coturn_project_dir }}" # Restart if config file(s) changed restarted: "{{ coturn_template_turnserver_result['changed'] | bool }}"