Prefix variables with mattermost_

webapps/mattermost/defaults/main.yml

@@ -1,13 +1,13 @@
 ---
 # defaults file for vars
-system_dep: "['git', 'nginx', 'postgresql', 'python3-psycopg2', 'certbot', 'acl']"
-version: '7.8.1'
-download_url: "https://releases.mattermost.com/{{ version }}/mattermost-team-{{ version }}-linux-amd64.tar.gz"
-domains: ['example.domain.org']
-certbot_admin_email: 'mgauthier@evolix.ca'
-home_base: '/home'
-mm_port: '8065'
-db_host: '127.0.0.1'
-db_name: "{{ service }}"
-db_user: "{{ service }}"
-db_password: 'UQ6_CHANGE_ME_Gzb'
+mattermost_system_dep: "['git', 'nginx', 'postgresql', 'python3-psycopg2', 'certbot', 'acl']"
+mattermost_version: '7.8.1'
+mattermost_download_url: "https://releases.mattermost.com/{{ mattermost_version }}/mattermost-team-{{ mattermost_version }}-linux-amd64.tar.gz"
+mattermost_domains: ['example.domain.org']
+mattermost_certbot_admin_email: 'mgauthier@evolix.ca'
+mattermost_home_base: '/home'
+mattermost_app_port: '8065'
+mattermost_db_host: '127.0.0.1'
+mattermost_db_name: "{{ mattermost_service }}"
+mattermost_db_user: "{{ mattermost_service }}"
+mattermost_db_password: 'UQ6_CHANGE_ME_Gzb'

webapps/mattermost/tasks/main.yml

@@ -3,47 +3,47 @@
 
 - name: Install main system dependencies
   apt:
-    name: "{{ system_dep }}"
+    name: "{{ mattermost_system_dep }}"
     update_cache: yes
 
 - name: Add UNIX account
   user:
-    name: "{{ service }}"
+    name: "{{ mattermost_service }}"
     shell: /bin/bash
-    home: "{{ home_base }}/{{ service }}"
+    home: "{{ mattermost_home_base }}/{{ mattermost_service }}"
 
 - name: Add PostgreSQL user
   postgresql_user:
-    name: "{{ db_user }}"
-    password: "{{ db_password }}"
+    name: "{{ mattermost_db_user }}"
+    password: "{{ mattermost_db_password }}"
     no_password_changes: true
   become_user: postgres
 
 - name: Add PostgreSQL database
   postgresql_db:
-    name: "{{ db_name }}"
-    owner: "{{ db_user }}"
+    name: "{{ mattermost_db_name }}"
+    owner: "{{ mattermost_db_user }}"
   become_user: postgres
 
 - name: Unarchive mattermost archive
   unarchive:
-    src: "{{ download_url }}"
+    src: "{{ mattermost_download_url }}"
     dest: ~/
     remote_src: yes
-  become_user: "{{ service }}"
+  become_user: "{{ mattermost_service }}"
 
 - name: Create the mattermost data dir if needed
   file:
     path: ~/mattermost/data
     state: directory
     mode: '0750'
-  become_user: "{{ service }}"
+  become_user: "{{ mattermost_service }}"
 
 - name: Template mattermost conf file
   template: 
     src: "config.json.j2"
     dest: "~/mattermost/config/config.json"
-  become_user: "{{ service }}"
+  become_user: "{{ mattermost_service }}"
 
 - name: Template mattermost systemd unit
   template: 
@@ -52,7 +52,7 @@
 
 - name: Start mattermost systemd unit
   service:
-    name: "mattermost@{{ service }}"
+    name: "mattermost@{{ mattermost_service }}"
     state: restarted
 
 - name: Template nginx snippet for Let's Encrypt/Certbot
@@ -62,7 +62,7 @@
 
 - name: Check if SSL certificate is present and register result
   stat:
-    path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem"
+    path: "/etc/letsencrypt/live/{{ mattermost_domains |first }}/fullchain.pem"
   register: ssl
 
 - name: Generate certificate only if required (first time)
@@ -70,11 +70,11 @@
   - name: Template vhost without SSL for successfull LE challengce
     template: 
       src: "vhost.conf.j2"
-      dest: "/etc/nginx/sites-available/{{ service }}.conf"
+      dest: "/etc/nginx/sites-available/{{ mattermost_service }}.conf"
   - name: Enable temporary nginx vhost for mattermost
     file:
-      src: "/etc/nginx/sites-available/{{ service }}.conf"
-      dest: "/etc/nginx/sites-enabled/{{ service }}.conf"
+      src: "/etc/nginx/sites-available/{{ mattermost_service }}.conf"
+      dest: "/etc/nginx/sites-enabled/{{ mattermost_service }}.conf"
       state: link
   - name: Reload nginx conf
     service:
@@ -86,7 +86,7 @@
       state: directory
       mode: '0755'
   - name: Generate certificate with certbot
-    shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ certbot_admin_email }} -d {{ domains |first }}
+    shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ mattermost_certbot_admin_email }} -d {{ mattermost_domains |first }}
   - name: Create the ssl dir if needed
     file:
       path: /etc/nginx/ssl
@@ -95,23 +95,23 @@
   - name: Template ssl bloc for nginx vhost
     template: 
       src: "ssl.conf.j2"
-      dest: "/etc/nginx/ssl/{{ domains |first }}.conf"
+      dest: "/etc/nginx/ssl/{{ mattermost_domains |first }}.conf"
   when: ssl.stat.exists != true
 
 - name: (Re)check if SSL certificate is present and register result
   stat:
-    path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem"
+    path: "/etc/letsencrypt/live/{{ mattermost_domains |first }}/fullchain.pem"
   register: ssl
 
 - name: (Re)template conf file for nginx vhost with SSL
   template:
     src: "vhost.conf.j2"
-    dest: "/etc/nginx/sites-available/{{ service }}.conf"
+    dest: "/etc/nginx/sites-available/{{ mattermost_service }}.conf"
 
 - name: Enable nginx vhost for mattermost
   file:
-    src: "/etc/nginx/sites-available/{{ service }}.conf"
-    dest: "/etc/nginx/sites-enabled/{{ service }}.conf"
+    src: "/etc/nginx/sites-available/{{ mattermost_service }}.conf"
+    dest: "/etc/nginx/sites-enabled/{{ mattermost_service }}.conf"
     state: link
 
 - name: Reload nginx conf

webapps/mattermost/tasks/upgrade.yml

@@ -3,29 +3,29 @@
 
 - name: Start mattermost systemd unit
   service:
-    name: "mattermost@{{ service }}"
+    name: "mattermost@{{ mattermost_service }}"
     state: stopped
 
 - name: set current date and time as a fact
   set_fact: backup_date="{{ ansible_date_time.iso8601_basic_short }}"
 
 - name: backup current mattermost files
-  command: "mv  ~/mattermost/ ~/mattermost_{{ backup_date }}"
-  become_user: "{{ service }}"
+  command: "mv  ~/mattermost/ ~/mattermost_{{ mattermost_backup_date }}"
+  become_user: "{{ mattermost_service }}"
 
 - name: Dump database to a file with compression
   postgresql_db:
-    name: "{{ db_name }}"
+    name: "{{ mattermost_db_name }}"
     state: dump
-    target: "~/{{ db_name }}.sql.gz"
+    target: "~/{{ mattermost_db_name }}.sql.gz"
   become_user: postgres
 
 - name: Unarchive new mattermost archive
   unarchive:
-    src: "{{ download_url }}"
+    src: "{{ mattermost_download_url }}"
     dest: ~/
     remote_src: yes
-  become_user: "{{ service }}"
+  become_user: "{{ mattermost_service }}"
 
 - name: restore dirs from backup
   copy: 
@@ -33,16 +33,16 @@
     dest: ~/mattermost
     remote_src: true
   loop:
-    - "~/mattermost_{{ backup_date }}/config"
-    - "~/mattermost_{{ backup_date }}/data"
-    - "~/mattermost_{{ backup_date }}/logs"
-    - "~/mattermost_{{ backup_date }}/plugins"
-    - "~/mattermost_{{ backup_date }}/client/plugins"
-  become_user: "{{ service }}"
+    - "~/mattermost_{{ mattermost_backup_date }}/config"
+    - "~/mattermost_{{ mattermost_backup_date }}/data"
+    - "~/mattermost_{{ mattermost_backup_date }}/logs"
+    - "~/mattermost_{{ mattermost_backup_date }}/plugins"
+    - "~/mattermost_{{ mattermost_backup_date }}/client/plugins"
+  become_user: "{{ mattermost_service }}"
 
 - name: Start mattermost systemd unit
   service:
-    name: "mattermost@{{ service }}"
+    name: "mattermost@{{ mattermost_service }}"
     state: restarted
 
 - name: Reload nginx conf
@@ -56,7 +56,7 @@
 
 - name: Remove database dump
   file:
-    path: "~/{{ db_name }}.sql.gz"
+    path: "~/{{ mattermost_db_name }}.sql.gz"
     state: absent
   become_user: postgres
   when: keep_db_dump is undefined

webapps/mattermost/templates/config.json.j2

@@ -1,9 +1,9 @@
 {
     "ServiceSettings": {
-        "SiteURL": "http://{{ domains | first }}",
+        "SiteURL": "http://{{ mattermost_domains | first }}",
         "WebsocketURL": "",
         "LicenseFileLocation": "",
-        "ListenAddress": "127.0.0.1:{{ mm_port }}",
+        "ListenAddress": "127.0.0.1:{{ mattermost_app_port }}",
         "ConnectionSecurity": "",
         "TLSCertFile": "",
         "TLSKeyFile": "",
@@ -136,7 +136,7 @@
     },
     "SqlSettings": {
         "DriverName": "postgres",
-        "DataSource": "postgres://{{ db_user }}:{{ db_password }}@{{ db_host }}:5432/{{ db_name }}?sslmode=disable&connect_timeout=10",
+        "DataSource": "postgres://{{ mattermost_db_user }}:{{ mattermost_db_password }}@{{ mattermost_db_host }}:5432/{{ mattermost_db_name }}?sslmode=disable&connect_timeout=10",
         "DataSourceReplicas": [],
         "DataSourceSearchReplicas": [],
         "MaxIdleConns": 20,

webapps/mattermost/templates/mattermost.service.j2

@@ -7,8 +7,8 @@ Requires=postgresql.service
 [Service]
 Type=notify
 Restart=always
-WorkingDirectory={{ home_base }}/%i/mattermost
-ExecStart=/{{ home_base }}/%i/mattermost/bin/mattermost
+WorkingDirectory={{ mattermost_home_base }}/%i/mattermost
+ExecStart=/{{ mattermost_home_base }}/%i/mattermost/bin/mattermost
 TimeoutStartSec=3600
 LimitNOFILE=49152
 RestartSec=10

webapps/mattermost/templates/ssl.conf.j2

@@ -2,8 +2,8 @@
 # Certificates
 # you need a certificate to run in production. see https://letsencrypt.org/
 ##
-ssl_certificate     /etc/letsencrypt/live/{{ domains | first }}/fullchain.pem;
-ssl_certificate_key /etc/letsencrypt/live/{{ domains | first }}/privkey.pem;
+ssl_certificate     /etc/letsencrypt/live/{{ mattermost_domains | first }}/fullchain.pem;
+ssl_certificate_key /etc/letsencrypt/live/{{ mattermost_domains | first }}/privkey.pem;
 
 ##
 # Security hardening (as of Nov 15, 2020)

webapps/mattermost/templates/vhost.conf.j2

@@ -1,12 +1,12 @@
-upstream backend_{{ service }} {
-   server 127.0.0.1:{{ mm_port }};
+upstream backend_{{ mattermost_service }} {
+   server 127.0.0.1:{{ mattermost_app_port }};
    keepalive 32;
 }
 
 server {
   listen 80;
   listen [::]:80;
-  server_name {{ domains | first }};
+  server_name {{ mattermost_domains | first }};
   
   # For certbot
   include /etc/nginx/snippets/letsencrypt.conf;
@@ -21,13 +21,13 @@ server {
    listen 443 ssl;
    listen [::]:443 ssl;
 
-   server_name {{ domains | first }};
+   server_name {{ mattermost_domains | first }};
    
-    access_log /var/log/nginx/{{ service }}.access.log;
-    error_log  /var/log/nginx/{{ service }}.error.log;
+    access_log /var/log/nginx/{{ mattermost_service }}.access.log;
+    error_log  /var/log/nginx/{{ mattermost_service }}.error.log;
 
     include /etc/nginx/snippets/letsencrypt.conf;
-    include /etc/nginx/ssl/{{ domains | first }}.conf;
+    include /etc/nginx/ssl/{{ mattermost_domains | first }}.conf;
 
    location ~ /api/v[0-9]+/(users/)?websocket$ {
        proxy_set_header Upgrade $http_upgrade;
@@ -46,7 +46,7 @@ server {
        proxy_connect_timeout 90;
        proxy_send_timeout 300;
        proxy_read_timeout 90s;
-       proxy_pass http://backend_{{ service }};
+       proxy_pass http://backend_{{ mattermost_service }};
    }
 
    location / {
@@ -67,7 +67,7 @@ server {
        #proxy_cache_use_stale timeout;
        #proxy_cache_lock on;
        proxy_http_version 1.1;
-       proxy_pass http://backend_{{ service }};
+       proxy_pass http://backend_{{ mattermost_service }};
    }
 }
 {% endif %}