main.yml (7114B)
1 --- 2 - name: Get the list of services 3 service_facts: 4 5 - name: Ensure taler-exchange service is stopped before we upgrade 6 ansible.builtin.systemd: 7 name: taler-exchange.target 8 state: stopped 9 enabled: false 10 when: "'taler-exchange.target' in services" 11 12 - name: Ensure sanctionscheck service is stopped before we upgrade 13 ansible.builtin.systemd: 14 name: taler-exchange-sanctionscheck 15 state: stopped 16 enabled: false 17 when: "'taler-exchange-sanctionscheck.service' in services" 18 19 - name: Install latest Taler exchange package 20 ansible.builtin.apt: 21 name: 22 - taler-exchange 23 - taler-exchange-typst 24 - taler-terms-generator 25 state: latest 26 when: ansible_os_family == 'Debian' 27 28 - name: Install pdftk 29 ansible.builtin.apt: 30 name: 31 - pdftk 32 state: latest 33 when: ansible_os_family == 'Debian' 34 35 36 - name: Check if Typst binary exists 37 ansible.builtin.stat: 38 path: "{{ typst_bin_path | default('/usr/local/bin/typst') }}" 39 register: typst_stat 40 41 - name: Get current Typst version 42 ansible.builtin.command: "{{ typst_bin_path | default('/usr/local/bin/typst') }} --version" 43 register: typst_version_check 44 changed_when: false 45 failed_when: false 46 when: typst_stat.stat.exists 47 48 - name: Install or Update Typst 49 # Only runs if binary is missing OR the version string doesn't match our target 50 when: > 51 not typst_stat.stat.exists or 52 typst_version not in (typst_version_check.stdout | default('')) 53 block: 54 - name: Create temporary directory for extraction 55 ansible.builtin.tempfile: 56 state: directory 57 suffix: typst_install 58 register: temp_dir 59 60 - name: Download Typst release archive 61 ansible.builtin.get_url: 62 url: "https://github.com/typst/typst/releases/download/v{{ typst_version }}/typst-x86_64-unknown-linux-musl.tar.xz" 63 dest: "{{ temp_dir.path }}/typst.tar.xz" 64 checksum: "{{ typst_checksum }}" 65 mode: '0644' 66 67 - name: Unarchive Typst binary 68 ansible.builtin.unarchive: 69 src: "{{ temp_dir.path }}/typst.tar.xz" 70 dest: "{{ temp_dir.path }}" 71 remote_src: true 72 73 - name: Copy binary to destination 74 ansible.builtin.copy: 75 # Note: The folder inside the tar.xz matches the release name 76 src: "{{ temp_dir.path }}/typst-x86_64-unknown-linux-musl/typst" 77 dest: "{{ typst_bin_path | default('/usr/local/bin/typst') }}" 78 mode: '0755' 79 owner: root 80 group: root 81 remote_src: true 82 83 - name: Cleanup temporary directory 84 ansible.builtin.file: 85 path: "{{ temp_dir.path }}" 86 state: absent 87 88 - name: Verify Typst is functional 89 ansible.builtin.command: "{{ typst_bin_path | default('/usr/local/bin/typst') }} --version" 90 register: typst_final_check 91 changed_when: false 92 failed_when: "typst_version not in typst_final_check.stdout" 93 94 - name: Ensure Taler exchange virtualhost configuration file exists 95 ansible.builtin.template: 96 src: templates/etc/nginx/sites-available/exchange-nginx.conf.j2 97 dest: /etc/nginx/sites-available/exchange-nginx.conf 98 owner: root 99 group: root 100 mode: "0644" 101 102 - name: Ensure Taler exchange HTTP virtualhost configuration file exists 103 ansible.builtin.template: 104 src: templates/etc/nginx/sites-available/exchange-http.conf.j2 105 dest: /etc/nginx/sites-available/exchange-http.conf 106 owner: root 107 group: root 108 mode: "0644" 109 110 - name: Secure the exchange site with Letsencrypt 111 when: exchange_use_letsencrypt 112 ansible.builtin.include_role: 113 name: cert 114 vars: 115 cert_name: exchange 116 wanted_cert_domains: 117 - "{{ exchange_domain }}" 118 nginx_sites: 119 - exchange-http.conf 120 - exchange-nginx.conf 121 122 - name: Enable Taler exchange HTTP reverse proxy configuration 123 ansible.builtin.file: 124 src: /etc/nginx/sites-available/exchange-http.conf 125 dest: /etc/nginx/sites-enabled/exchange-http.conf 126 state: link 127 notify: Restart nginx 128 129 - name: Enable Taler exchange reverse proxy configuration 130 ansible.builtin.file: 131 src: /etc/nginx/sites-available/exchange-nginx.conf 132 dest: /etc/nginx/sites-enabled/exchange-nginx.conf 133 state: link 134 notify: Restart nginx 135 136 - name: Ensure /etc/taler-exchange/config.d/ directory exists 137 ansible.builtin.stat: 138 path: "/etc/taler-exchange/conf.d/" 139 register: st 140 failed_when: not (st.stat.exists is defined and st.stat.exists) 141 142 - name: Check that /etc/taler-exchange/secrets/ directory exists 143 ansible.builtin.stat: 144 path: "/etc/taler-exchange/secrets/" 145 register: st 146 failed_when: not (st.stat.exists is defined and st.stat.exists) 147 148 - name: Place taler-exchange account credentials 149 ansible.builtin.template: 150 src: templates/etc/taler-exchange/secrets/exchange-accountcredentials-primary.secret.conf.j2 151 dest: /etc/taler-exchange/secrets/exchange-accountcredentials-primary.secret.conf 152 owner: taler-exchange-wire 153 group: root 154 mode: "0400" 155 156 - name: Place taler-exchange business config 157 ansible.builtin.template: 158 src: templates/etc/taler-exchange/conf.d/exchange-business.conf.j2 159 dest: /etc/taler-exchange/conf.d/exchange-business.conf 160 owner: root 161 group: root 162 mode: "0644" 163 164 - name: Setup or upgrade Taler Exchange database 165 ansible.builtin.command: 166 cmd: taler-exchange-dbconfig -c /etc/taler-exchange/taler-exchange.conf 167 chdir: /tmp 168 169 - name: Ensure /var/lib/taler-exchange/terms/ directory exists 170 ansible.builtin.file: 171 path: "/var/lib/taler-exchange/terms/" 172 state: directory 173 owner: taler-exchange-httpd 174 group: root 175 mode: "0755" 176 177 - name: Apply deployment-specific exchange configuration 178 ansible.builtin.include_role: 179 name: "exchange_{{ DEPLOYMENT_KIND }}" 180 181 # FIXME: Implement this as handler, so it's only 182 # done when necessary. 183 - name: Ensure taler-exchange service is enabled and restarted 184 service: 185 daemon_reload: true 186 name: taler-exchange.target 187 state: restarted 188 enabled: true 189 190 # Setup sanction list 191 - name: Check if local sanction list file exists 192 delegate_to: localhost 193 run_once: true 194 ansible.builtin.stat: 195 path: "{{ role_path }}/files/var/lib/taler-exchange/{{ SANCTION_LIST }}" 196 register: sanction_list_stat 197 when: SANCTION_LIST is defined 198 199 - name: Fail if sanction list file does not exist 200 delegate_to: localhost 201 run_once: true 202 ansible.builtin.fail: 203 msg: "The local file 'files/var/lib/taler-exchange/{{ SANCTION_LIST }}' does not exist. Aborting." 204 when: 205 - SANCTION_LIST is defined 206 - not sanction_list_stat.stat.exists 207 208 - name: Copy sanction list to server if SANCTION_LIST is defined 209 ansible.builtin.copy: 210 src: "var/lib/taler-exchange/{{ SANCTION_LIST }}" 211 dest: "/var/lib/taler-exchange/{{ SANCTION_LIST }}" 212 owner: root 213 group: root 214 mode: "0644" 215 when: SANCTION_LIST is defined 216 notify: sanctions-reset 217 218 - name: Ensure sanctionscheck service is restarted after the upgrade 219 ansible.builtin.systemd: 220 daemon_reload: true 221 name: taler-exchange-sanctionscheck 222 state: started 223 enabled: true 224 when: 225 - "'taler-exchange-sanctionscheck.service' in services" 226 - SANCTION_LIST is defined