Browse Source

redmine: refactoring of redmine role with use of rbenv

alert5-minifirewall-restart
Victor LABORIE 3 years ago
parent
commit
0794e6f620
  1. 1
      CHANGELOG.md
  2. 1
      redmine/defaults/main.yml
  3. 2
      redmine/files/Gemfile.local
  4. 8
      redmine/files/logrotate
  5. 3
      redmine/files/profile
  6. 2
      redmine/files/puma.service
  7. 4
      redmine/files/syslog.conf
  8. 10
      redmine/handlers/main.yml
  9. 3
      redmine/meta/main.yml
  10. 59
      redmine/tasks/config.yml
  11. 330
      redmine/tasks/main.yml
  12. 62
      redmine/tasks/mysql.yml
  13. 26
      redmine/tasks/nginx.yml
  14. 21
      redmine/tasks/packages.yml
  15. 28
      redmine/tasks/plugins.yml
  16. 123
      redmine/tasks/release.yml
  17. 98
      redmine/tasks/source.yml
  18. 27
      redmine/tasks/syslog.yml
  19. 26
      redmine/tasks/themes.yml
  20. 44
      redmine/tasks/user.yml
  21. 5
      redmine/templates/Gemfile.local.j2
  22. 15
      redmine/templates/additional_environment.rb.j2
  23. 44
      redmine/templates/nginx.conf.j2

1
CHANGELOG.md

@ -14,6 +14,7 @@ The **patch** part changes incrementally at each release.
* redis: add variable for configure unixsocketperm
### Changed
* redmine: refactoring of redmine role with use of rbenv
### Fixed
* ntpd: Update the restrictions to follow wiki.evolix.org/HowtoNTP client config

1
redmine/defaults/main.yml

@ -3,6 +3,7 @@ puma_env: 'production'
puma_worker: 2
puma_min_thread: 0
puma_max_thread: 4
redmine_version: "4.0.1"
redmine_db_name: "{{ redmine_user }}"
redmine_db_host: "localhost"
redmine_db_username: "{{ redmine_user }}"

2
redmine/files/Gemfile.local

@ -1,2 +0,0 @@
gem "puma"
gem "xpath", "< 3.0.0"

8
redmine/files/logrotate

@ -0,0 +1,8 @@
/var/log/redmine/*.log {
daily
rotate 7
missingok
notifempty
compress
create 640 root adm
}

3
redmine/files/profile

@ -12,7 +12,7 @@ fi
# set PATH so it includes gems bin
if [ -d "$HOME/bin" ] ; then
export PATH="$HOME/.gems/ruby/2.1.0/bin:$PATH"
export PATH="$HOME/www/.gem/ruby/2.3.0/bin:$PATH"
fi
# For systemctl --user
@ -20,4 +20,3 @@ export XDG_RUNTIME_DIR=/run/user/$UID
# Ruby vars
export RAILS_ENV=production
export BUNDLE_GEMFILE="$HOME/www/Gemfile"

2
redmine/files/puma.service

@ -7,7 +7,7 @@ WorkingDirectory=%h/www
UMask=0027
PIDFile=%h/ruby.pid
ExecStartPre=/bin/mkdir -m 0750 -p %h/run
ExecStart=/usr/bin/bundle exec puma --bind unix://%h/run/puma.sock?umask=0007 --pidfile %h/run/puma.pid --dir %h/www --config /etc/puma/%u.rb
ExecStart=%h/.rbenv/bin/rbenv exec bundle exec puma --bind unix://%h/run/puma.sock?umask=0007 --pidfile %h/run/puma.pid --dir %h/www --config %h/config/puma.rb
ExecReload=/bin/kill -USR2 $MAINPID
KillMode=process
#Restart=on-failure

4
redmine/files/syslog.conf

@ -0,0 +1,4 @@
# Send Redmine messages to a dedicated logdir
$template Redmine, "/var/log/redmine/%PROGRAMNAME:%.log"
if $programname startswith 'redmine_' then ?Redmine
&~

10
redmine/handlers/main.yml

@ -0,0 +1,10 @@
---
- name: restart rsyslog
service:
name: rsyslog
state: restarted
- name: reload nginc
service:
name: nginx
state: reloaded

3
redmine/meta/main.yml

@ -0,0 +1,3 @@
---
dependencies:
- nginx

59
redmine/tasks/config.yml

@ -0,0 +1,59 @@
---
- name: Create systemd config dir
file:
state: directory
dest: "/home/{{ redmine_user }}/{{ item }}"
mode: "0750"
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
with_items:
- ".config"
- ".config/systemd"
- ".config/systemd/user"
tags:
- redmine
- name: Deploy systemd unit
copy:
src: puma.service
dest: "/home/{{ redmine_user }}/.config/systemd/user/puma.service"
mode: "0644"
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
tags:
- redmine
- name: Set user .profile
copy:
src: profile
dest: "/home/{{ redmine_user }}/.profile"
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
mode: "0640"
tags:
- redmine
- name: Create config directory
file:
path: "/home/{{ redmine_user }}/config"
state: directory
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
mode: "0750"
tags:
- redmine
- name: Copy configurations file
template:
src: "{{ item }}.j2"
dest: "/home/{{ redmine_user }}/config/{{ item }}"
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
mode: "0640"
with_items:
- 'configuration.yml'
- 'database.yml'
- 'additional_environment.rb'
- 'puma.rb'
tags:
- redmine

330
redmine/tasks/main.yml

@ -1,319 +1,13 @@
---
- name: Install dependancy
apt:
name: "{{ item }}"
state: present
with_items:
- libpam-systemd
- ruby
- ruby-dev
- bundler
- imagemagick
- git-core
- git-svn
- gcc
- build-essential
- libxml2-dev
- libxslt1-dev
- libssl-dev
- libmagickwand-dev
- libmagickcore-dev
- libmysqlclient-dev
- python-mysqldb
tags:
- redmine
#- name:
# lineinfile:
# with_items:
# - 'https://github.com/.*'
# - 'http://rubygems.org/.*'
# - 'http://.*.rubygems.org/.*'
# tags:
# - redmine
- name: Deploy systemd unit
copy:
src: puma.service
dest: /etc/systemd/user/puma.service
mode: "0644"
tags:
- redmine
- name: Create puma config dir
file:
path: /etc/puma
state: directory
mode: "0755"
owner: root
tags:
- redmine
- name: Create redmine group
group:
name: "{{ redmine_user }}"
state: present
tags:
- redmine
- name: Add www-data to redmine group
user:
name: www-data
groups: "{{ redmine_user }}"
append: yes
tags:
- redmine
- name: Create redmine user
user:
name: "{{ redmine_user }}"
state: present
group: "{{ redmine_user }}"
createhome: yes
home: "/home/{{ redmine_user }}"
shell: /bin/bash
tags:
- redmine
- name: Create required directory
file:
path: "{{ item }}"
state: directory
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
mode: "0750"
with_items:
- "/home/{{ redmine_user }}"
- "/home/{{ redmine_user }}/files"
- "/home/{{ redmine_user }}/log"
tags:
- redmine
- name: Touch Nginx logs file
file:
path: "/home/{{ redmine_user }}/log/{{ item }}"
state: touch
owner: "root"
group: "{{ redmine_user }}"
mode: "0640"
changed_when: false
with_items:
- nginx_access.log
- nginx_error.log
tags:
- redmine
- name: Enable systemd user mode
command: "loginctl enable-linger {{ redmine_user }}"
changed_when: false
- name: Set user .profile
copy:
src: profile
dest: "/home/{{ redmine_user }}/.profile"
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
mode: "0640"
tags:
- redmine
- name: Update or clone Redmine git
git:
repo: 'https://github.com/redmine/redmine.git'
dest: "/home/{{ redmine_user }}/www"
version: '3.4-stable'
umask: "027"
update: yes
become_user: "{{ redmine_user }}"
become: yes
register: redmine_git_task
tags:
- redmine
- name: Deploy custom Gemfile
copy:
src: Gemfile.local
dest: "/home/{{ redmine_user }}/www"
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
mode: "0640"
register: redmine_local_gemfile_task
tags:
- redmine
- name: Get actual Mysql password
shell: "grep password /home/{{ redmine_user }}/.my.cnf | awk '{ print $3 }'"
register: redmine_get_mysql_password
check_mode: no
changed_when: False
failed_when: false
tags:
- redmine
- name: Generate Mysql password
shell: perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'
register: redmine_generate_mysql_password
check_mode: no
changed_when: False
when: redmine_get_mysql_password.stdout == ""
tags:
- redmine
- name: Set Mysql password
set_fact:
redmine_db_pass: "{{ redmine_generate_mysql_password.stdout | default(redmine_get_mysql_password.stdout) }}"
tags:
- redmine
- name: Create Mysql database
mysql_db:
name: "{{ redmine_db_name }}"
config_file: "/root/.my.cnf"
state: present
tags:
- redmine
- name: Create Mysql user
mysql_user:
name: "{{ redmine_db_username }}"
password: '{{ redmine_db_pass }}'
priv: "{{ redmine_user }}.*:ALL"
config_file: "/root/.my.cnf"
update_password: always
state: present
tags:
- redmine
- name: Store credentials in my.cnf
ini_file:
dest: "/home/{{ redmine_user }}/.my.cnf"
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
mode: "0600"
section: client
option: '{{ item.option }}'
value: '{{ item.value }}'
with_items:
- { option: 'host', value: "{{ redmine_db_host }}" }
- { option: 'user', value: "{{ redmine_db_username }}" }
- { option: 'database', value: "{{ redmine_db_name }}" }
- { option: 'password', value: '{{ redmine_db_pass }}' }
tags:
- redmine
- name: Copy configurations file
template:
src: "{{ item }}.j2"
dest: "/home/{{ redmine_user }}/www/config/{{ item }}"
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
mode: "0640"
with_items:
- 'configuration.yml'
- 'database.yml'
- 'additional_environment.rb'
tags:
- redmine
- name: Install Redmine plugins
include: plugins.yml
with_items: "{{ redmine_plugins }}"
tags:
- redmine
- name: Install Redmine themes
include: themes.yml
with_items: "{{ redmine_themes }}"
tags:
- redmine
- name: Update local gems with bundle
bundler:
state: present
gemfile: "/home/{{ redmine_user }}/www/Gemfile"
gem_path: "/home/{{ redmine_user }}/.gems"
user_install: yes
become_user: "{{ redmine_user }}"
become: yes
when: redmine_git_task.changed or redmine_local_gemfile_task.changed or redmine_plugin_install.changed
tags:
- redmine
- name: Migrate database with rake
shell: bundle exec rake -qf ~/www/Rakefile db:migrate
become_user: "{{ redmine_user }}"
become_method: sudo
become_flags: '-iu {{ redmine_user }}'
become: yes
when: redmine_git_task.changed
tags:
- redmine
- name: Populate Mysql database
shell: bundle exec rake -qf ~/www/Rakefile redmine:load_default_data REDMINE_LANG=fr && touch ~/.populated
args:
creates: "/home/{{ redmine_user }}/.populated"
become_user: "{{ redmine_user }}"
become_method: sudo
become_flags: '-iu {{ redmine_user }}'
become: yes
tags:
- redmine
- name: Migrate plugins
shell: bundle exec rake -qf ~/www/Rakefile redmine:plugins:migrate
become_user: "{{ redmine_user }}"
become_method: sudo
become_flags: '-iu {{ redmine_user }}'
become: yes
when: redmine_plugin_install.changed
tags:
- redmine
- name: Generate secret token
shell: bundle exec rake -qf ~/www/Rakefile generate_secret_token
args:
creates: "/home/{{ redmine_user }}/www/config/initializers/secret_token.rb"
become_user: "{{ redmine_user }}"
become_method: sudo
become_flags: '-iu {{ redmine_user }}'
become: yes
tags:
- redmine
- name: Copy puma config
template:
src: puma.rb.j2
dest: "/etc/puma/{{ redmine_user }}.rb"
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
mode: "0640"
register: redmine_puma_config_task
tags:
- redmine
- name: Start puma service
systemd:
name: puma
daemon_reload: yes
enabled: yes
state: started
user: yes
become_user: "{{ redmine_user }}"
become_method: sudo
become_flags: '-iu {{ redmine_user }}'
become: yes
tags:
- redmine
- name: Reload puma service
systemd:
name: puma
daemon_reload: yes
state: reloaded
user: yes
become_user: "{{ redmine_user }}"
become_method: sudo
become_flags: '-iu {{ redmine_user }}'
become: yes
when: redmine_puma_config_task.changed
- include: packages.yml
- include: syslog.yml
- include: user.yml
- include_role:
name: rbenv
vars:
- username: "{{ redmine_user }}"
- include: config.yml
- include: mysql.yml
- include: source.yml
- include: release.yml
- include: nginx.yml

62
redmine/tasks/mysql.yml

@ -0,0 +1,62 @@
---
- name: Get actual Mysql password
shell: "grep password /home/{{ redmine_user }}/.my.cnf | awk '{ print $3 }'"
register: redmine_get_mysql_password
check_mode: no
changed_when: False
failed_when: false
tags:
- redmine
- name: Generate Mysql password
shell: perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'
register: redmine_generate_mysql_password
check_mode: no
changed_when: False
when: redmine_get_mysql_password.stdout == ""
tags:
- redmine
- name: Set Mysql password
set_fact:
redmine_db_pass: "{{ redmine_generate_mysql_password.stdout | default(redmine_get_mysql_password.stdout) }}"
tags:
- redmine
- name: Create Mysql database
mysql_db:
name: "{{ redmine_db_name }}"
config_file: "/root/.my.cnf"
state: present
collation: "utf8_general_ci"
register: redmine_mysql_create
tags:
- redmine
- name: Store credentials in my.cnf
ini_file:
dest: "/home/{{ redmine_user }}/.my.cnf"
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
mode: "0600"
section: client
option: '{{ item.option }}'
value: '{{ item.value }}'
with_items:
- { option: 'host', value: "{{ redmine_db_host }}" }
- { option: 'user', value: "{{ redmine_db_username }}" }
- { option: 'database', value: "{{ redmine_db_name }}" }
- { option: 'password', value: '{{ redmine_db_pass }}' }
tags:
- redmine
- name: Create Mysql user
mysql_user:
name: "{{ redmine_db_username }}"
password: '{{ redmine_db_pass }}'
priv: "{{ redmine_user }}.*:ALL"
config_file: "/root/.my.cnf"
update_password: always
state: present
tags:
- redmine

26
redmine/tasks/nginx.yml

@ -0,0 +1,26 @@
---
- name: Add www-data to Redmine group
user:
name: www-data
groups: "{{ redmine_user }}"
append: True
tags:
- redmine
- name: Copy nginx vhost
template:
src: nginx.conf.j2
dest: "/etc/nginx/sites-available/{{ redmine_user }}.conf"
mode: "0644"
notify: reload nginx
tags:
- redmine
- name: Enable nginx vhost
file:
src: "/etc/nginx/sites-available/{{ redmine_user }}.conf"
dest: "/etc/nginx/sites-enabled/{{ redmine_user }}.conf"
state: link
notify: reload nginx
tags:
- redmine

21
redmine/tasks/packages.yml

@ -0,0 +1,21 @@
---
- name: Install dependancy
apt:
name: "{{ item }}"
state: present
with_items:
- libpam-systemd
- imagemagick
- git-core
- git-svn
- gcc
- build-essential
- libxml2-dev
- libxslt1-dev
- libssl-dev
- libmagickwand-dev
- libmagickcore-dev
- libmariadbclient-dev
- python-mysqldb
tags:
- redmine

28
redmine/tasks/plugins.yml

@ -1,28 +0,0 @@
---
- name: Copy/Update plugin from archive
unarchive:
src: "{{ item.zip }}"
dest: "/home/{{ redmine_user }}/www/plugins/"
remote_src: yes
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
mode: "0750"
register: redmine_plugin_install
when: item.zip is defined
- name: Copy/Update plugin from git repository
git:
repo: "{{ item.git }}"
dest: "/home/{{ redmine_user }}/www/plugins/{{ item.git | basename | splitext | first }}"
version: "{{ item.tree | default('master') }}"
register: redmine_plugin_install
when: item.git is defined
- name: Fix rights on plugin dir
file:
path: "/home/{{ redmine_user }}/www/plugins/{{ item.git | basename | splitext | first }}"
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
mode: "u=rwX,g=rX,o="
recurse: True
when: item.git is defined

123
redmine/tasks/release.yml

@ -0,0 +1,123 @@
---
- name: Get id of user
command: "id -u {{ redmine_user }}"
register: redmine_command_user_id
changed_when: False
check_mode: False
tags:
- redmine
- name: Define user environment
set_fact:
user_env:
XDG_RUNTIME_DIR: "/run/user/{{ redmine_command_user_id.stdout }}"
RAILS_ENV: production
tags:
- redmine
- name: Stop puma service
systemd:
name: puma
daemon_reload: yes
state: stopped
user: yes
become_user: "{{ redmine_user }}"
environment: "{{ user_env }}"
tags:
- redmine
- name: Create mysqldump directory
file:
path: "/home/{{ redmine_user }}/mysqldump"
state: directory
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
mode: "0750"
tags:
- redmine
- name: Dump mysql database
mysql_db:
state: dump
config_file: "/home/{{ redmine_user }}/.my.cnf"
name: "{{ redmine_db_name }}"
target: "/home/{{ redmine_user }}/mysqldump/{{ ansible_date_time.iso8601_basic_short }}.sql.gz"
tags:
- redmine
- name: Change www link
file:
state: link
src: "/home/{{ redmine_user }}/releases/{{ redmine_version }}"
dest: "/home/{{ redmine_user }}/www"
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
tags:
- redmine
- name: Update Gemfile.lock
command: "~/.rbenv/bin/rbenv exec bundle lock"
args:
chdir: "/home/{{ redmine_user }}/www"
become_user: "{{ redmine_user }}"
become: yes
tags:
- redmine
- name: Update local gems with bundle
command: "~/.rbenv/bin/rbenv exec bundle install --deployment"
args:
chdir: "/home/{{ redmine_user }}/www"
become_user: "{{ redmine_user }}"
become: yes
tags:
- redmine
- name: Generate secret token
command: "~/.rbenv/bin/rbenv exec bundle exec rake -q generate_secret_token"
args:
chdir: "/home/{{ redmine_user }}/www"
creates: "/home/{{ redmine_user }}/www/config/initializers/secret_token.rb"
become_user: "{{ redmine_user }}"
environment: "{{ user_env }}"
tags:
- redmine
- name: Migrate database with rake
command: "~/.rbenv/bin/rbenv exec bundle exec rake -q db:migrate"
args:
chdir: "/home/{{ redmine_user }}/www/"
become_user: "{{ redmine_user }}"
environment: "{{ user_env }}"
tags:
- redmine
- name: Populate Mysql database
command: "~/.rbenv/bin/rbenv exec bundle exec rake -q redmine:load_default_data REDMINE_LANG=fr"
args:
chdir: "/home/{{ redmine_user }}/www/"
become_user: "{{ redmine_user }}"
environment: "{{ user_env }}"
when: redmine_mysql_create.changed
tags:
- redmine
- name: Migrate plugins
command: "~/.rbenv/bin/rbenv exec bundle exec rake -q redmine:plugins:migrate"
args:
chdir: "/home/{{ redmine_user }}/www/"
become_user: "{{ redmine_user }}"
environment: "{{ user_env }}"
tags:
- redmine
- name: Start puma service
systemd:
name: puma
daemon_reload: yes
state: started
user: yes
become_user: "{{ redmine_user }}"
environment: "{{ user_env }}"
tags:
- redmine

98
redmine/tasks/source.yml

@ -0,0 +1,98 @@
---
- name: Create releases directory
file:
path: "/home/{{ redmine_user }}/{{ item }}"
state: directory
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
mode: "0750"
with_items:
- "releases"
- "releases/{{ redmine_version }}"
tags:
- redmine
- name: Download Redmine archive
unarchive:
src: "https://redmine.org/releases/redmine-{{ redmine_version }}.tar.gz"
dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}"
remote_src: True
extra_opts: --strip-components=1
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
tags:
- redmine
- name: Link config files
file:
state: link
src: "/home/{{ redmine_user }}/config/{{ item }}"
dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}/config/{{ item }}"
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
with_items:
- 'configuration.yml'
- 'database.yml'
- 'additional_environment.rb'
tags:
- redmine
- name: Copy/Update plugin from archive
unarchive:
src: "{{ item.zip }}"
dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}/plugins/"
remote_src: yes
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
mode: "0750"
when: item.zip is defined
with_items: "{{ redmine_plugins }}"
tags:
- redmine
- name: Copy/Update plugin from git repository
git:
repo: "{{ item.git }}"
dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}/plugins/{{ item.git | basename | splitext | first }}"
version: "{{ item.tree | default('master') }}"
umask: "027"
become_user: "{{ redmine_user }}"
when: item.git is defined
with_items: "{{ redmine_plugins }}"
tags:
- redmine
- name: Copy/Update theme from archive
unarchive:
src: "{{ item.zip }}"
dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}/public/themes"
remote_src: yes
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
mode: "0750"
when: item.zip is defined
with_items: "{{ redmine_themes }}"
tags:
- redmine
- name: Copy/Update theme from git repository
git:
repo: "{{ item.git }}"
dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}/public/themes/{{ item.git | basename | splitext | first }}"
version: "{{ item.tree | default('master') }}"
umask: "027"
become_user: "{{ redmine_user }}"
when: item.git is defined
with_items: "{{ redmine_themes }}"
tags:
- redmine
- name: Deploy custom Gemfile
template:
src: Gemfile.local.j2
dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}/Gemfile.local"
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
mode: "0640"
tags:
- redmine

27
redmine/tasks/syslog.yml

@ -0,0 +1,27 @@
---
- name: Create log directory
file:
state: directory
dest: /var/log/redmine
owner: root
group: adm
mode: "0750"
tags:
- redmine
- name: Copy syslog configuration
copy:
src: syslog.conf
dest: /etc/rsyslog.d/redmine.conf
mode: "0644"
notify: restart rsyslog
tags:
- redmine
- name: Copy logrotate configuration
copy:
src: logrotate
dest: /etc/logrotate.d/redmine
mode: "0644"
tags:
- redmine

26
redmine/tasks/themes.yml

@ -1,26 +0,0 @@
---
- name: Copy/Update theme from archive
unarchive:
src: "{{ item.zip }}"
dest: "/home/{{ redmine_user }}/www/public/themes/"
remote_src: yes
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
mode: "0750"
when: item.zip is defined
- name: Copy/Update theme from git repository
git:
repo: "{{ item.git }}"
dest: "/home/{{ redmine_user }}/www/public/themes/{{ item.git | basename | splitext | first }}"
version: "{{ item.tree | default('master') }}"
when: item.git is defined
- name: Fix rights on theme dir
file:
path: "/home/{{ redmine_user }}/www/public/themes/{{ item.git | basename | splitext | first }}"
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
mode: "0750"
recurse: True
when: item.git is defined

44
redmine/tasks/user.yml

@ -0,0 +1,44 @@
---
- name: Create redmine group
group:
name: "{{ redmine_user }}"
state: present
tags:
- redmine
- name: Create redmine user
user:
name: "{{ redmine_user }}"
state: present
group: "{{ redmine_user }}"
createhome: yes
home: "/home/{{ redmine_user }}"
shell: /bin/bash
tags:
- redmine
- name: Add redmine user to Redis group
user:
name: "{{ redmine_user }}"
groups: "redis-{{ redmine_user }}"
append: True
when: redmine_redis_path is defined
tags:
- redmine
- name: Create required directory
file:
path: "{{ item }}"
state: directory
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
mode: "0750"
with_items:
- "/home/{{ redmine_user }}"
- "/home/{{ redmine_user }}/files"
tags:
- redmine
- name: Enable systemd user mode
command: "loginctl enable-linger {{ redmine_user }}"
changed_when: false

5
redmine/templates/Gemfile.local.j2

@ -0,0 +1,5 @@
gem "syslogger"
{% if redmine_redis_path is defined %}
gem "redis-rails"
gem "redis-rack-cache"
{% endif %}

15
redmine/templates/additional_environment.rb.j2

@ -1,2 +1,13 @@
config.paths['log'] = "/home/{{ redmine_user }}/log/redmine.log"
config.log_level = :warn
config.log_level = :info
config.logger = Syslogger.new("redmine_{{ redmine_user }}")
{% if redmine_redis_path is defined %}
config.session_store :redis_store,
servers: { path: '{{ redmine_redis_path }}', db: 0, namespace: "session" }
config.cache_store = :redis_store,
"redis://{{ redmine_redis_path }}/cache_rails",
{ expires_in: 90.minutes }
config.action_dispatch.rack_cache = {
metastore: "redis://{{ redmine_redis_path }}/cache_metastore",
entitystore: "redis://{{ redmine_redis_path }}/cache_entitystore"
}
{% endif %}

44
redmine/templates/nginx.conf.j2

@ -0,0 +1,44 @@
upstream puma_{{ redmine_user }} {
server unix:/home/{{ redmine_user }}/run/puma.sock fail_timeout=0;
}
server {
server_name {{ redmine_domain }};
listen 0.0.0.0:80;
listen [::]:80;
listen 0.0.0.0:443 ssl http2;
listen [::]:443 ssl http2;
if ( $scheme = http ) {
return 301 https://$server_name$request_uri;
}
include /etc/nginx/ssl/{{ redmine_user }}[.]conf;
root /home/{{ redmine_user }}/www/public;
access_log /var/log/nginx/{{ redmine_user }}_access.log;
error_log /var/log/nginx/{{ redmine_user }}_error.log;
error_page 503 @maintenance;
client_max_body_size 50M;
include /etc/nginx/snippets/letsencrypt[.]conf;
location / {
if (!-f /home/{{ redmine_user }}/run/puma.pid) {
return 503;
}
try_files $uri @puma;
}
location @maintenance {
rewrite ^(.*)$ /500.html break;
}
location @puma {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_read_timeout 30;
proxy_pass http://puma_{{ redmine_user }};
}
}
Loading…
Cancel
Save