forked from bitlair/ansible
pad
This commit is contained in:
parent
980ec6c4f6
commit
d0c1e45196
2 changed files with 125 additions and 120 deletions
|
|
@ -47,6 +47,7 @@
|
||||||
- hosts: pad
|
- hosts: pad
|
||||||
roles:
|
roles:
|
||||||
- { role: "acme", tags: [ "acme" ] }
|
- { role: "acme", tags: [ "acme" ] }
|
||||||
|
- { role: "nginx", tags: [ "nginx" ] }
|
||||||
- { role: "etherpad", tags: [ "etherpad" ] }
|
- { role: "etherpad", tags: [ "etherpad" ] }
|
||||||
|
|
||||||
- hosts: services
|
- hosts: services
|
||||||
|
|
|
||||||
|
|
@ -1,137 +1,141 @@
|
||||||
---
|
---
|
||||||
- tags: etherpad
|
|
||||||
block:
|
|
||||||
- name: Install dependencies
|
|
||||||
ansible.builtin.apt:
|
|
||||||
name: [ gpg, postgresql, python3-psycopg2, apt-transport-https ]
|
|
||||||
|
|
||||||
- name: Import nodesource signing key
|
- name: Install dependencies
|
||||||
ansible.builtin.shell:
|
ansible.builtin.apt:
|
||||||
cmd: curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor
|
state: present
|
||||||
-o /usr/share/keyrings/nodesource.gpg
|
pkg:
|
||||||
args:
|
- gpg
|
||||||
creates: /usr/share/keyrings/nodesource.gpg
|
- postgresql
|
||||||
notify: apt update
|
- python3-psycopg2
|
||||||
|
- apt-transport-https
|
||||||
|
|
||||||
- name: Install nodesource source list
|
- name: Import nodesource signing key
|
||||||
ansible.builtin.template:
|
ansible.builtin.shell:
|
||||||
src: nodesource.list
|
cmd: curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor
|
||||||
dest: /etc/apt/sources.list.d/nodesource.list
|
-o /usr/share/keyrings/nodesource.gpg
|
||||||
owner: root
|
args:
|
||||||
group: root
|
creates: /usr/share/keyrings/nodesource.gpg
|
||||||
mode: 0644
|
notify: apt update
|
||||||
notify: apt update
|
|
||||||
|
|
||||||
- name: Install nodejs apt preference
|
- name: Install nodesource source list
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: nodejs-apt-pref
|
src: nodesource.list
|
||||||
dest: /etc/apt/preferences.d/nodejs
|
dest: /etc/apt/sources.list.d/nodesource.list
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: 0644
|
||||||
notify: apt update
|
notify: apt update
|
||||||
|
|
||||||
- ansible.builtin.meta: flush_handlers
|
- name: Install nodejs apt preference
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: nodejs-apt-pref
|
||||||
|
dest: /etc/apt/preferences.d/nodejs
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
notify: apt update
|
||||||
|
|
||||||
- name: Install nodejs
|
- ansible.builtin.meta: flush_handlers
|
||||||
ansible.builtin.apt:
|
|
||||||
name: nodejs
|
|
||||||
|
|
||||||
- name: Add database user
|
- name: Install nodejs
|
||||||
become: true
|
ansible.builtin.apt:
|
||||||
become_method: su
|
name: nodejs
|
||||||
become_user: postgres
|
|
||||||
no_log: yes
|
|
||||||
community.postgresql.postgresql_user:
|
|
||||||
name: etherpad
|
|
||||||
password: "{{ etherpad_db_password }}"
|
|
||||||
|
|
||||||
- name: Add database
|
- name: Add database user
|
||||||
become: true
|
become: true
|
||||||
become_method: su
|
become_method: su
|
||||||
become_user: postgres
|
become_user: postgres
|
||||||
community.postgresql.postgresql_db:
|
no_log: yes
|
||||||
name: "{{ etherpad_db_name }}"
|
community.postgresql.postgresql_user:
|
||||||
owner: "{{ etherpad_db_user }}"
|
name: etherpad
|
||||||
|
password: "{{ etherpad_db_password }}"
|
||||||
|
|
||||||
- name: Add etherpad user
|
- name: Add database
|
||||||
ansible.builtin.user:
|
become: true
|
||||||
name: etherpad
|
become_method: su
|
||||||
home: /var/lib/etherpad
|
become_user: postgres
|
||||||
|
community.postgresql.postgresql_db:
|
||||||
|
name: "{{ etherpad_db_name }}"
|
||||||
|
owner: "{{ etherpad_db_user }}"
|
||||||
|
|
||||||
- name: Create log file
|
- name: Add etherpad user
|
||||||
ansible.builtin.file:
|
ansible.builtin.user:
|
||||||
path: /var/log/etherpad.log
|
name: etherpad
|
||||||
state: touch
|
home: /var/lib/etherpad
|
||||||
owner: etherpad
|
|
||||||
group: etherpad
|
|
||||||
mode: 0644
|
|
||||||
|
|
||||||
- name: Create source directory
|
- name: Create log file
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: /opt/etherpad
|
path: /var/log/etherpad.log
|
||||||
state: directory
|
state: touch
|
||||||
owner: etherpad
|
owner: etherpad
|
||||||
group: etherpad
|
group: etherpad
|
||||||
mode: 0755
|
mode: 0644
|
||||||
|
|
||||||
- name: Clone etherpad source
|
- name: Create source directory
|
||||||
become: yes
|
ansible.builtin.file:
|
||||||
become_method: su
|
path: /opt/etherpad
|
||||||
become_user: etherpad
|
state: directory
|
||||||
ansible.builtin.git:
|
owner: etherpad
|
||||||
repo: https://github.com/ether/etherpad-lite.git
|
group: etherpad
|
||||||
version: master
|
mode: 0755
|
||||||
dest: /opt/etherpad
|
|
||||||
accept_hostkey: yes
|
|
||||||
notify: restart etherpad
|
|
||||||
|
|
||||||
- name: Install etherpad config
|
- name: Clone etherpad source
|
||||||
ansible.builtin.template:
|
become: yes
|
||||||
src: settings.json
|
become_method: su
|
||||||
dest: /opt/etherpad/settings.json
|
become_user: etherpad
|
||||||
owner: root
|
ansible.builtin.git:
|
||||||
group: root
|
repo: https://github.com/ether/etherpad-lite.git
|
||||||
mode: 0644
|
version: master
|
||||||
notify: restart etherpad
|
dest: /opt/etherpad
|
||||||
|
accept_hostkey: yes
|
||||||
|
notify: restart etherpad
|
||||||
|
|
||||||
- name: Install etherpad service
|
- name: Install etherpad config
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: etherpad.service
|
src: settings.json
|
||||||
dest: /etc/systemd/system/etherpad.service
|
dest: /opt/etherpad/settings.json
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: 0644
|
||||||
notify: restart etherpad
|
notify: restart etherpad
|
||||||
|
|
||||||
- name: Start etherpad
|
- name: Install etherpad service
|
||||||
ansible.builtin.systemd:
|
ansible.builtin.template:
|
||||||
daemon_reload: true
|
src: etherpad.service
|
||||||
name: etherpad
|
dest: /etc/systemd/system/etherpad.service
|
||||||
state: started
|
owner: root
|
||||||
enabled: yes
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
notify: restart etherpad
|
||||||
|
|
||||||
- name: Install nginx config
|
- name: Start etherpad
|
||||||
ansible.builtin.template:
|
ansible.builtin.systemd:
|
||||||
src: nginx-site.conf
|
daemon_reload: true
|
||||||
dest: /etc/nginx/sites-enabled/etherpad
|
name: etherpad
|
||||||
owner: root
|
state: started
|
||||||
group: root
|
enabled: yes
|
||||||
mode: 0644
|
|
||||||
notify: reload nginx
|
|
||||||
|
|
||||||
- name: Allow HTTP and HTTPS
|
- name: Install nginx config
|
||||||
ansible.builtin.iptables:
|
ansible.builtin.template:
|
||||||
chain: INPUT
|
src: nginx-site.conf
|
||||||
protocol: tcp
|
dest: /etc/nginx/sites-enabled/etherpad
|
||||||
destination_port: "{{ item.port }}"
|
owner: root
|
||||||
ctstate: NEW
|
group: root
|
||||||
jump: ACCEPT
|
mode: 0644
|
||||||
ip_version: "{{ item.ip }}"
|
notify: reload nginx
|
||||||
action: insert
|
|
||||||
with_items:
|
- name: Allow HTTP and HTTPS
|
||||||
- { ip: ipv4, port: 80 }
|
ansible.builtin.iptables:
|
||||||
- { ip: ipv4, port: 443 }
|
chain: INPUT
|
||||||
- { ip: ipv6, port: 80 }
|
protocol: tcp
|
||||||
- { ip: ipv6, port: 443 }
|
destination_port: "{{ item.port }}"
|
||||||
notify: persist iptables
|
ctstate: NEW
|
||||||
|
jump: ACCEPT
|
||||||
|
ip_version: "{{ item.ip }}"
|
||||||
|
action: insert
|
||||||
|
with_items:
|
||||||
|
- { ip: ipv4, port: 80 }
|
||||||
|
- { ip: ipv4, port: 443 }
|
||||||
|
- { ip: ipv6, port: 80 }
|
||||||
|
- { ip: ipv6, port: 443 }
|
||||||
|
notify: persist iptables
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue