Viyurz
d7190fcf6e
Roles which require backup (etebase, synapse & vaultwarden) have their tasks splitted into two files (backup.yml & update.yml), which are executed based on the value of run_backup & run_update variables. For consistency, move the update tasks to update.yml for every role, even if they do not have any backup task.
81 lines
2.4 KiB
YAML
81 lines
2.4 KiB
YAML
- name: "Create {{ coturn_project_dir }} project directory"
|
|
file:
|
|
path: "{{ coturn_project_dir }}"
|
|
state: directory
|
|
|
|
- name: Template docker-compose.yaml to project directory
|
|
template:
|
|
src: docker-compose.yaml
|
|
dest: "{{ coturn_project_dir }}/docker-compose.yaml"
|
|
owner: "{{ ansible_env['USER'] }}"
|
|
group: "{{ ansible_env['USER'] }}"
|
|
mode: '640'
|
|
|
|
- name: Template turnserver.conf to project directory
|
|
template:
|
|
src: turnserver.conf
|
|
dest: "{{ coturn_project_dir }}/turnserver.conf"
|
|
owner: "{{ ansible_env['USER'] }}"
|
|
mode: '640'
|
|
# Store result to restart services if the file changed
|
|
register: coturn_template_turnserver_result
|
|
|
|
# Separate task because template module cannot chown/chgrp to a non-existing user/group
|
|
- name: "Change group of turnserver.conf to coturn GID ({{ users['coturn'] + uid_shift }})"
|
|
file:
|
|
path: "{{ coturn_project_dir }}/turnserver.conf"
|
|
group: "{{ users['coturn'] + uid_shift }}"
|
|
become: true
|
|
|
|
- name: Set limited permissions on certificate directories
|
|
file:
|
|
path: "/etc/{{ item }}"
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: '751'
|
|
become: true
|
|
loop:
|
|
- letsencrypt
|
|
- letsencrypt/live
|
|
- letsencrypt/archive
|
|
|
|
- name: Set limited permissions on certificate directories
|
|
file:
|
|
path: "/etc/letsencrypt/{{ item }}/turn.{{ domain }}"
|
|
state: directory
|
|
owner: "{{ host_uid }}"
|
|
group: "{{ users['coturn'] + uid_shift }}"
|
|
mode: '550'
|
|
become: true
|
|
loop:
|
|
- live
|
|
- archive
|
|
|
|
- name: Set limited permissions on certificate key file
|
|
file:
|
|
path: "/etc/letsencrypt/live/turn.{{ domain }}/privkey.pem"
|
|
owner: root
|
|
group: "{{ users['coturn'] + uid_shift }}"
|
|
mode: '640'
|
|
become: true
|
|
|
|
- name: Pull project services
|
|
community.docker.docker_compose:
|
|
project_src: "{{ coturn_project_dir }}"
|
|
recreate: never
|
|
pull: true
|
|
debug: true
|
|
when: docker_pull_images | bool
|
|
register: coturn_docker_compose_pull_result
|
|
|
|
- name: Display pulled image(s) name
|
|
set_fact:
|
|
coturn_pulled_images: "{{ coturn_pulled_images | default([]) + [item.pulled_image.name] }}"
|
|
loop: "{{ coturn_docker_compose_pull_result['actions'] | default([]) | selectattr('pulled_image', 'defined') }}"
|
|
|
|
- name: Create/Restart project services
|
|
community.docker.docker_compose:
|
|
project_src: "{{ coturn_project_dir }}"
|
|
# Restart if config file(s) changed
|
|
restarted: "{{ coturn_template_turnserver_result['changed'] | bool }}"
|