From d0c1e4519650d17b8778923fc3f744e411c9c929 Mon Sep 17 00:00:00 2001
From: Mark Janssen -- Sig-I/O Automatisering <mark@sig-io.nl>
Date: Thu, 18 Jul 2024 21:30:05 +0200
Subject: [PATCH] pad

---
 bitlair.yaml                   |   1 +
 roles/etherpad/tasks/main.yaml | 244 +++++++++++++++++----------------
 2 files changed, 125 insertions(+), 120 deletions(-)

diff --git a/bitlair.yaml b/bitlair.yaml
index 71e06f0..be65660 100644
--- a/bitlair.yaml
+++ b/bitlair.yaml
@@ -47,6 +47,7 @@
 - hosts: pad
   roles:
     - { role: "acme", tags: [ "acme" ] }
+    - { role: "nginx", tags: [ "nginx" ] }
     - { role: "etherpad", tags: [ "etherpad" ] }
 
 - hosts: services
diff --git a/roles/etherpad/tasks/main.yaml b/roles/etherpad/tasks/main.yaml
index 851cc02..cebeca2 100644
--- a/roles/etherpad/tasks/main.yaml
+++ b/roles/etherpad/tasks/main.yaml
@@ -1,137 +1,141 @@
 ---
-- tags: etherpad
-  block:
-    - name: Install dependencies
-      ansible.builtin.apt:
-        name: [ gpg, postgresql, python3-psycopg2, apt-transport-https ]
 
-    - name: Import nodesource signing key
-      ansible.builtin.shell:
-        cmd: curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor
-          -o /usr/share/keyrings/nodesource.gpg
-      args:
-        creates: /usr/share/keyrings/nodesource.gpg
-      notify: apt update
+- name: Install dependencies
+  ansible.builtin.apt:
+    state: present
+    pkg: 
+      - gpg
+      - postgresql
+      - python3-psycopg2
+      - apt-transport-https
 
-    - name: Install nodesource source list
-      ansible.builtin.template:
-        src: nodesource.list
-        dest: /etc/apt/sources.list.d/nodesource.list
-        owner: root
-        group: root
-        mode: 0644
-      notify: apt update
+- name: Import nodesource signing key
+  ansible.builtin.shell:
+    cmd: curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor
+      -o /usr/share/keyrings/nodesource.gpg
+  args:
+    creates: /usr/share/keyrings/nodesource.gpg
+  notify: apt update
 
-    - name: Install nodejs apt preference
-      ansible.builtin.template:
-        src: nodejs-apt-pref
-        dest: /etc/apt/preferences.d/nodejs
-        owner: root
-        group: root
-        mode: 0644
-      notify: apt update
+- name: Install nodesource source list
+  ansible.builtin.template:
+    src: nodesource.list
+    dest: /etc/apt/sources.list.d/nodesource.list
+    owner: root
+    group: root
+    mode: 0644
+  notify: apt update
 
-    - ansible.builtin.meta: flush_handlers
+- name: Install nodejs apt preference
+  ansible.builtin.template:
+    src: nodejs-apt-pref
+    dest: /etc/apt/preferences.d/nodejs
+    owner: root
+    group: root
+    mode: 0644
+  notify: apt update
 
-    - name: Install nodejs
-      ansible.builtin.apt:
-        name: nodejs
+- ansible.builtin.meta: flush_handlers
 
-    - name: Add database user
-      become: true
-      become_method: su
-      become_user: postgres
-      no_log: yes
-      community.postgresql.postgresql_user:
-        name: etherpad
-        password: "{{ etherpad_db_password }}"
+- name: Install nodejs
+  ansible.builtin.apt:
+    name: nodejs
 
-    - name: Add database
-      become: true
-      become_method: su
-      become_user: postgres
-      community.postgresql.postgresql_db:
-        name: "{{ etherpad_db_name }}"
-        owner: "{{ etherpad_db_user }}"
+- name: Add database user
+  become: true
+  become_method: su
+  become_user: postgres
+  no_log: yes
+  community.postgresql.postgresql_user:
+    name: etherpad
+    password: "{{ etherpad_db_password }}"
 
-    - name: Add etherpad user
-      ansible.builtin.user:
-        name: etherpad
-        home: /var/lib/etherpad
+- name: Add database
+  become: true
+  become_method: su
+  become_user: postgres
+  community.postgresql.postgresql_db:
+    name: "{{ etherpad_db_name }}"
+    owner: "{{ etherpad_db_user }}"
 
-    - name: Create log file
-      ansible.builtin.file:
-        path: /var/log/etherpad.log
-        state: touch
-        owner: etherpad
-        group: etherpad
-        mode: 0644
+- name: Add etherpad user
+  ansible.builtin.user:
+    name: etherpad
+    home: /var/lib/etherpad
 
-    - name: Create source directory
-      ansible.builtin.file:
-        path: /opt/etherpad
-        state: directory
-        owner: etherpad
-        group: etherpad
-        mode: 0755
+- name: Create log file
+  ansible.builtin.file:
+    path: /var/log/etherpad.log
+    state: touch
+    owner: etherpad
+    group: etherpad
+    mode: 0644
 
-    - name: Clone etherpad source
-      become: yes
-      become_method: su
-      become_user: etherpad
-      ansible.builtin.git:
-        repo: https://github.com/ether/etherpad-lite.git
-        version: master
-        dest: /opt/etherpad
-        accept_hostkey: yes
-      notify: restart etherpad
+- name: Create source directory
+  ansible.builtin.file:
+    path: /opt/etherpad
+    state: directory
+    owner: etherpad
+    group: etherpad
+    mode: 0755
 
-    - name: Install etherpad config
-      ansible.builtin.template:
-        src: settings.json
-        dest: /opt/etherpad/settings.json
-        owner: root
-        group: root
-        mode: 0644
-      notify: restart etherpad
+- name: Clone etherpad source
+  become: yes
+  become_method: su
+  become_user: etherpad
+  ansible.builtin.git:
+    repo: https://github.com/ether/etherpad-lite.git
+    version: master
+    dest: /opt/etherpad
+    accept_hostkey: yes
+  notify: restart etherpad
 
-    - name: Install etherpad service
-      ansible.builtin.template:
-        src: etherpad.service
-        dest: /etc/systemd/system/etherpad.service
-        owner: root
-        group: root
-        mode: 0644
-      notify: restart etherpad
+- name: Install etherpad config
+  ansible.builtin.template:
+    src: settings.json
+    dest: /opt/etherpad/settings.json
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart etherpad
 
-    - name: Start etherpad
-      ansible.builtin.systemd:
-        daemon_reload: true
-        name: etherpad
-        state: started
-        enabled: yes
+- name: Install etherpad service
+  ansible.builtin.template:
+    src: etherpad.service
+    dest: /etc/systemd/system/etherpad.service
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart etherpad
 
-    - name: Install nginx config
-      ansible.builtin.template:
-        src: nginx-site.conf
-        dest: /etc/nginx/sites-enabled/etherpad
-        owner: root
-        group: root
-        mode: 0644
-      notify: reload nginx
+- name: Start etherpad
+  ansible.builtin.systemd:
+    daemon_reload: true
+    name: etherpad
+    state: started
+    enabled: yes
 
-    - name: Allow HTTP and HTTPS
-      ansible.builtin.iptables:
-        chain: INPUT
-        protocol: tcp
-        destination_port: "{{ item.port }}"
-        ctstate: NEW
-        jump: ACCEPT
-        ip_version: "{{ item.ip }}"
-        action: insert
-      with_items:
-        - { ip: ipv4, port: 80 }
-        - { ip: ipv4, port: 443 }
-        - { ip: ipv6, port: 80 }
-        - { ip: ipv6, port: 443 }
-      notify: persist iptables
+- name: Install nginx config
+  ansible.builtin.template:
+    src: nginx-site.conf
+    dest: /etc/nginx/sites-enabled/etherpad
+    owner: root
+    group: root
+    mode: 0644
+  notify: reload nginx
+
+- name: Allow HTTP and HTTPS
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    destination_port: "{{ item.port }}"
+    ctstate: NEW
+    jump: ACCEPT
+    ip_version: "{{ item.ip }}"
+    action: insert
+  with_items:
+    - { ip: ipv4, port: 80 }
+    - { ip: ipv4, port: 443 }
+    - { ip: ipv6, port: 80 }
+    - { ip: ipv6, port: 443 }
+  notify: persist iptables