- name: Update default SELinux contexts community.general.sefcontext: target: "{{ item.target }}" setype: "container_file_t" selevel: "{{ item.selevel }}" state: present loop: - target: "{{ synapse_install_dir }}/data(/.*)?" selevel: "{{ synapse_selinux_level }}" - target: "{{ synapse_install_dir }}/postgres(/.*)?" selevel: "{{ synapse_postgres_selinux_level }}" become: true notify: "synapse selinux context changed" - name: Create synapse directories. ansible.builtin.file: path: "{{ synapse_install_dir }}" owner: "root" group: "root" mode: "0700" state: directory become: true - name: Ensure synapse data directories exist. block: - name: Stat synapse data dir. ansible.builtin.stat: path: "{{ synapse_install_dir }}/data" become: true register: synapse_stat_data_dir - name: Stat synapse postgres dir. ansible.builtin.stat: path: "{{ synapse_install_dir }}/postgres" become: true register: synapse_stat_postgres_dir - name: Create synapse data directories. ansible.builtin.file: path: "{{ item.path }}" state: directory mode: "0700" owner: "{{ item.owner }}" group: "{{ item.group }}" loop: - path: "{{ synapse_install_dir }}/data" owner: "{{ synapse_stat_data_dir.stat.uid | default('root') }}" group: "{{ synapse_stat_data_dir.stat.gid | default('root') }}" - path: "{{ synapse_install_dir }}/postgres" owner: "{{ synapse_stat_postgres_dir.stat.uid | default('root') }}" group: "{{ synapse_stat_postgres_dir.stat.gid | default('root') }}" become: true - name: Deploy synapse environment file. ansible.builtin.template: src: synapse.env.j2 dest: "{{ synapse_install_dir }}/synapse.env" mode: "0600" owner: "root" group: "root" become: true notify: - "synapse service changed" - name: Deploy postgres environment file. ansible.builtin.template: src: synapse-postgres.env.j2 dest: "{{ synapse_install_dir }}/synapse-postgres.env" mode: "0600" owner: "root" group: "root" become: true notify: - "synapse postgres service changed" - name: Add caddy config file. block: - name: Check caddy config dir. ansible.builtin.stat: path: "{{ caddy_install_dir }}/config" become: true register: caddy_stat_config_dir - name: Template caddy config for synapse. ansible.builtin.template: src: synapse.caddy.j2 dest: "{{ caddy_install_dir }}/config/synapse.caddy" mode: "0600" setype: "container_file_t" selevel: "{{ caddy_selinux_level }}" owner: "{{ caddy_stat_config_dir.stat.uid }}" group: "{{ caddy_stat_config_dir.stat.gid }}" notify: "caddy config changed" become: true - name: Create synapse postgres socket volume. ansible.builtin.template: src: synapse-postgres-socket.volume dest: /etc/containers/systemd/synapse-postgres-socket.volume owner: "root" group: "root" mode: "0644" become: true notify: - "synapse service changed" - "synapse postgres service changed" - name: Create synapse container file. ansible.builtin.template: src: synapse.container.j2 dest: /etc/containers/systemd/synapse.container owner: "root" group: "root" mode: "0644" become: true notify: "synapse service changed" - name: Create synapse postgres container file. ansible.builtin.template: src: synapse-postgres.container.j2 dest: /etc/containers/systemd/synapse-postgres.container owner: "root" group: "root" mode: "0644" become: true notify: "synapse postgres service changed" - name: Flush handlers ansible.builtin.meta: flush_handlers - name: Ensure synapse services are started and enabled. ansible.builtin.systemd: state: started enabled: true name: "{{ item }}" daemon_reload: true loop: - synapse.service - synapse-postgres.service become: true