pad

2024-07-18 21:30:05 +02:00 · 2024-07-18 21:30:05 +02:00 · d0c1e45196
commit d0c1e45196
parent 980ec6c4f6
2 changed files with 125 additions and 120 deletions
--- a/bitlair.yaml
+++ b/bitlair.yaml
@ -47,6 +47,7 @@
 - hosts: pad
  roles:
    - { role: "acme", tags: [ "acme" ] }
    - { role: "nginx", tags: [ "nginx" ] }
    - { role: "etherpad", tags: [ "etherpad" ] }
 - hosts: services
--- a/roles/etherpad/tasks/main.yaml
+++ b/roles/etherpad/tasks/main.yaml
@ -1,137 +1,141 @@
 ---
 - tags: etherpad
  block:
    - name: Install dependencies
      ansible.builtin.apt:
        name: [ gpg, postgresql, python3-psycopg2, apt-transport-https ]
-    - name: Import nodesource signing key
+- name: Install dependencies
-      ansible.builtin.shell:
+  ansible.builtin.apt:
-        cmd: curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor
+    state: present
-          -o /usr/share/keyrings/nodesource.gpg
+    pkg: 
-      args:
+      - gpg
-        creates: /usr/share/keyrings/nodesource.gpg
+      - postgresql
-      notify: apt update
+      - python3-psycopg2
      - apt-transport-https
-    - name: Install nodesource source list
+- name: Import nodesource signing key
-      ansible.builtin.template:
+  ansible.builtin.shell:
-        src: nodesource.list
+    cmd: curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor
-        dest: /etc/apt/sources.list.d/nodesource.list
+      -o /usr/share/keyrings/nodesource.gpg
-        owner: root
+  args:
-        group: root
+    creates: /usr/share/keyrings/nodesource.gpg
-        mode: 0644
+  notify: apt update
      notify: apt update
-    - name: Install nodejs apt preference
+- name: Install nodesource source list
-      ansible.builtin.template:
+  ansible.builtin.template:
-        src: nodejs-apt-pref
+    src: nodesource.list
-        dest: /etc/apt/preferences.d/nodejs
+    dest: /etc/apt/sources.list.d/nodesource.list
-        owner: root
+    owner: root
-        group: root
+    group: root
-        mode: 0644
+    mode: 0644
-      notify: apt update
+  notify: apt update
-    - ansible.builtin.meta: flush_handlers
+- name: Install nodejs apt preference
  ansible.builtin.template:
    src: nodejs-apt-pref
    dest: /etc/apt/preferences.d/nodejs
    owner: root
    group: root
    mode: 0644
  notify: apt update
-    - name: Install nodejs
+- ansible.builtin.meta: flush_handlers
      ansible.builtin.apt:
        name: nodejs
-    - name: Add database user
+- name: Install nodejs
-      become: true
+  ansible.builtin.apt:
-      become_method: su
+    name: nodejs
      become_user: postgres
      no_log: yes
      community.postgresql.postgresql_user:
        name: etherpad
        password: "{{ etherpad_db_password }}"
-    - name: Add database
+- name: Add database user
-      become: true
+  become: true
-      become_method: su
+  become_method: su
-      become_user: postgres
+  become_user: postgres
-      community.postgresql.postgresql_db:
+  no_log: yes
-        name: "{{ etherpad_db_name }}"
+  community.postgresql.postgresql_user:
-        owner: "{{ etherpad_db_user }}"
+    name: etherpad
    password: "{{ etherpad_db_password }}"
-    - name: Add etherpad user
+- name: Add database
-      ansible.builtin.user:
+  become: true
-        name: etherpad
+  become_method: su
-        home: /var/lib/etherpad
+  become_user: postgres
  community.postgresql.postgresql_db:
    name: "{{ etherpad_db_name }}"
    owner: "{{ etherpad_db_user }}"
-    - name: Create log file
+- name: Add etherpad user
-      ansible.builtin.file:
+  ansible.builtin.user:
-        path: /var/log/etherpad.log
+    name: etherpad
-        state: touch
+    home: /var/lib/etherpad
        owner: etherpad
        group: etherpad
        mode: 0644
-    - name: Create source directory
+- name: Create log file
-      ansible.builtin.file:
+  ansible.builtin.file:
-        path: /opt/etherpad
+    path: /var/log/etherpad.log
-        state: directory
+    state: touch
-        owner: etherpad
+    owner: etherpad
-        group: etherpad
+    group: etherpad
-        mode: 0755
+    mode: 0644
-    - name: Clone etherpad source
+- name: Create source directory
-      become: yes
+  ansible.builtin.file:
-      become_method: su
+    path: /opt/etherpad
-      become_user: etherpad
+    state: directory
-      ansible.builtin.git:
+    owner: etherpad
-        repo: https://github.com/ether/etherpad-lite.git
+    group: etherpad
-        version: master
+    mode: 0755
        dest: /opt/etherpad
        accept_hostkey: yes
      notify: restart etherpad
-    - name: Install etherpad config
+- name: Clone etherpad source
-      ansible.builtin.template:
+  become: yes
-        src: settings.json
+  become_method: su
-        dest: /opt/etherpad/settings.json
+  become_user: etherpad
-        owner: root
+  ansible.builtin.git:
-        group: root
+    repo: https://github.com/ether/etherpad-lite.git
-        mode: 0644
+    version: master
-      notify: restart etherpad
+    dest: /opt/etherpad
    accept_hostkey: yes
  notify: restart etherpad
-    - name: Install etherpad service
+- name: Install etherpad config
-      ansible.builtin.template:
+  ansible.builtin.template:
-        src: etherpad.service
+    src: settings.json
-        dest: /etc/systemd/system/etherpad.service
+    dest: /opt/etherpad/settings.json
-        owner: root
+    owner: root
-        group: root
+    group: root
-        mode: 0644
+    mode: 0644
-      notify: restart etherpad
+  notify: restart etherpad
-    - name: Start etherpad
+- name: Install etherpad service
-      ansible.builtin.systemd:
+  ansible.builtin.template:
-        daemon_reload: true
+    src: etherpad.service
-        name: etherpad
+    dest: /etc/systemd/system/etherpad.service
-        state: started
+    owner: root
-        enabled: yes
+    group: root
    mode: 0644
  notify: restart etherpad
-    - name: Install nginx config
+- name: Start etherpad
-      ansible.builtin.template:
+  ansible.builtin.systemd:
-        src: nginx-site.conf
+    daemon_reload: true
-        dest: /etc/nginx/sites-enabled/etherpad
+    name: etherpad
-        owner: root
+    state: started
-        group: root
+    enabled: yes
        mode: 0644
      notify: reload nginx
-    - name: Allow HTTP and HTTPS
+- name: Install nginx config
-      ansible.builtin.iptables:
+  ansible.builtin.template:
-        chain: INPUT
+    src: nginx-site.conf
-        protocol: tcp
+    dest: /etc/nginx/sites-enabled/etherpad
-        destination_port: "{{ item.port }}"
+    owner: root
-        ctstate: NEW
+    group: root
-        jump: ACCEPT
+    mode: 0644
-        ip_version: "{{ item.ip }}"
+  notify: reload nginx
-        action: insert
+
-      with_items:
+- name: Allow HTTP and HTTPS
-        - { ip: ipv4, port: 80 }
+  ansible.builtin.iptables:
-        - { ip: ipv4, port: 443 }
+    chain: INPUT
-        - { ip: ipv6, port: 80 }
+    protocol: tcp
-        - { ip: ipv6, port: 443 }
+    destination_port: "{{ item.port }}"
-      notify: persist iptables
+    ctstate: NEW
    jump: ACCEPT
    ip_version: "{{ item.ip }}"
    action: insert
  with_items:
    - { ip: ipv4, port: 80 }
    - { ip: ipv4, port: 443 }
    - { ip: ipv6, port: 80 }
    - { ip: ipv6, port: 443 }
  notify: persist iptables