hedgedoc_ prefix for role vars

2024-06-13 15:35:11 -04:00 · 2024-06-13 15:35:11 -04:00 · 0ce1e1d701
parent bdb6ccb02d
commit 0ce1e1d701
7 changed files with 70 additions and 70 deletions
--- a/webapps/hedgedoc/defaults/main.yml
+++ b/webapps/hedgedoc/defaults/main.yml
@ -1,15 +1,15 @@
 ---
 # defaults file for mastodon
-system_dep: "['apt-transport-https', 'postgresql', 'python3-psycopg2', 'nginx', 'git', 'wget', 'certbot', 'npm']"
+hedgedoc_system_dep: "['apt-transport-https', 'postgresql', 'python3-psycopg2', 'nginx', 'git', 'wget', 'certbot']"
-git_url: 'https://github.com/hedgedoc/hedgedoc.git'
+hedgedoc_git_url: 'https://github.com/hedgedoc/hedgedoc.git'
-git_version: '1.9.7'
+hedgedoc_git_version: '1.9.9'
-node_version: 'node_18.x' # Node 18 is NOT supported as of May 2023; See https://docs.hedgedoc.org/setup/manual-setup/
+hedgedoc_node_version: 'node_18.x'
-node_port: '3000'
+hedgedoc_node_port: '3000'
-service: 'example'
+hedgedoc_service: 'example'
-domains: ['example.domain.org']
+hedgedoc_domains: ['example.domain.org']
-certbot_admin_email: 'mgauthier@evolix.ca'
+hedgedoc_certbot_admin_email: 'security@example.org'
-db_host: 'localhost'
+hedgedoc_db_host: 'localhost'
-db_user: "{{ service }}"
+hedgedoc_db_user: "{{ hedgedoc_service }}"
-db_name: "{{ service }}"
+hedgedoc_db_name: "{{ hedgedoc_service }}"
-db_password: 'CHANGE_ME'
+hedgedoc_db_password: 'CHANGE_ME'
--- a/webapps/hedgedoc/tasks/main.yml
+++ b/webapps/hedgedoc/tasks/main.yml
@ -3,45 +3,45 @@
 - name: Install main system dependencies
  apt:
-    name: "{{ system_dep }}"
+    name: "{{ hedgedoc_system_dep }}"
    update_cache: yes
- name: Install node-gyp from npm
+#- name: Install node-gyp from npm
-  shell: npm install --global node-gyp corepack
+#  shell: npm install --global node-gyp corepack
- name: Enable yarn (via corepack)
+#- name: Enable yarn (via corepack)
-  shell: "corepack enable"
+#  shell: "corepack enable"
- name: Fix permissions 
+#- name: Fix permissions 
-  file:
+#  file:
-    path: /usr/local/lib/node_modules
+#    path: /usr/local/lib/node_modules
-    mode: g+rx,o+rx
+#    mode: g+rx,o+rx
-    recurse: yes
+#    recurse: yes
 - name: Add UNIX account
  user:
-    name: "{{ service }}"
+    name: "{{ hedgedoc_service }}"
    shell: /bin/bash
 - name: Add PostgreSQL user
  postgresql_user:
-    name: "{{ db_user }}"
+    name: "{{ hedgedoc_db_user }}"
-    password: "{{ db_password }}"
+    password: "{{ hedgedoc_db_password }}"
    no_password_changes: true
  become_user: postgres
 - name: Add PostgreSQL database
  postgresql_db:
-    name: "{{ db_name }}"
+    name: "{{ hedgedoc_db_name }}"
-    owner: "{{ db_user }}"
+    owner: "{{ hedgedoc_db_user }}"
  become_user: postgres
 - block:
  - name: Clone hedgedoc repo (git)
    git:
-      repo: "{{ git_url }}"
+      repo: "{{ hedgedoc_git_url }}"
      dest: "~/hedgedoc/"
-      version: "{{ git_version | default(omit) }}"
+      version: "{{ hedgedoc_git_version | default(omit) }}"
      update: yes
      umask: '0022'
 #  - name: Set cache dir for yarn
@ -60,30 +60,30 @@
    shell: "yarn build"
    args:
      chdir: "~/hedgedoc"
-  become_user: "{{ service }}"
+  become_user: "{{ hedgedoc_service }}"
 - name: Template json config file
  template:
    src: "config.json.j2"
-    dest: "~{{ service }}/hedgedoc/config.json"
+    dest: "~{{ hedgedoc_service }}/hedgedoc/config.json"
-    owner: "{{ service }}"
+    owner: "{{ hedgedoc_service }}"
-    group: "{{ service }}"
+    group: "{{ hedgedoc_service }}"
    mode: "0640"
 - name: Add systemd unit
  template:
    src: "hedgedoc.service.j2"
-    dest: "/etc/systemd/system/{{ service }}.service"
+    dest: "/etc/systemd/system/{{ hedgedoc_service }}.service"
 - name: Enable systemd units
  systemd:
-    name: "{{ service }}.service"
+    name: "{{ hedgedoc_service }}.service"
    enabled: yes
    daemon_reload: yes
 - name: Start service
  service:
-    name: "{{ service }}.service"
+    name: "{{ hedgedoc_service }}.service"
    state: restarted
 - name: Template nginx snippet for Let's Encrypt/Certbot
@ -93,7 +93,7 @@
 - name: Check if SSL certificate is present and register result
  stat:
-    path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem"
+    path: "/etc/letsencrypt/live/{{ hedgedoc_domains |first }}/fullchain.pem"
  register: ssl
 - name: Generate certificate only if required (first time)
@ -101,11 +101,11 @@
  - name: Template vhost without SSL for successfull LE challengce
    template: 
      src: "vhost.conf.j2"
-      dest: "/etc/nginx/sites-available/{{ service }}"
+      dest: "/etc/nginx/sites-available/{{ hedgedoc_service }}"
  - name: Enable temporary nginx vhost for LE
    file:
-      src: "/etc/nginx/sites-available/{{ service }}"
+      src: "/etc/nginx/sites-available/{{ hedgedoc_service }}"
-      dest: "/etc/nginx/sites-enabled/{{ service }}"
+      dest: "/etc/nginx/sites-enabled/{{ hedgedoc_service }}"
      state: link
  - name: Reload nginx conf
    service:
@ -117,7 +117,7 @@
      state: directory
      mode: '0755'
  - name: Generate certificate with certbot
-    shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ certbot_admin_email }} -d {{ domains |first }}
+    shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ hedgedoc_certbot_admin_email }} -d {{ hedgedoc_domains |first }}
  - name: Create the ssl dir if needed
    file:
      path: /etc/nginx/ssl
@ -126,23 +126,23 @@
  - name: Template ssl bloc for nginx vhost
    template: 
      src: "ssl.conf.j2"
-      dest: "/etc/nginx/ssl/{{ domains |first }}.conf"
+      dest: "/etc/nginx/ssl/{{ hedgedoc_domains |first }}.conf"
  when: ssl.stat.exists != true
 - name: (Re)check if SSL certificate is present and register result
  stat:
-    path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem"
+    path: "/etc/letsencrypt/live/{{ hedgedoc_domains |first }}/fullchain.pem"
  register: ssl
 - name: (Re)template conf file for nginx vhost with SSL
  template:
    src: "vhost.conf.j2"
-    dest: "/etc/nginx/sites-available/{{ service }}"
+    dest: "/etc/nginx/sites-available/{{ hedgedoc_service }}"
 - name: Enable nginx vhost for hedgedoc
  file:
-    src: "/etc/nginx/sites-available/{{ service }}"
+    src: "/etc/nginx/sites-available/{{ hedgedoc_service }}"
-    dest: "/etc/nginx/sites-enabled/{{ service }}"
+    dest: "/etc/nginx/sites-enabled/{{ hedgedoc_service }}"
    state: link
 - name: Reload nginx conf
--- a/webapps/hedgedoc/tasks/upgrade.yml
+++ b/webapps/hedgedoc/tasks/upgrade.yml
@ -3,22 +3,22 @@
 - name: Dump database to a file with compression
  postgresql_db:
-    name: "{{ service }}"
+    name: "{{ hedgedoc_service }}"
    state: dump
-    target: "~/{{ service }}.sql.gz"
+    target: "~/{{ hedgedoc_service }}.sql.gz"
  become_user: postgres
 - name: Stop service
  service:
-    name: "{{ service }}.service"
+    name: "{{ hedgedoc_service }}.service"
    state: stopped
 - block:
  - name: Clone hedgedoc repo (git)
    git:
-      repo: "{{ git_url }}"
+      repo: "{{ hedgedoc_git_url }}"
      dest: "~/hedgedoc/"
-      version: "{{ git_version }}"
+      version: "{{ hedgedoc_git_version }}"
      update: yes
  - name: Run setup
    shell: "bin/setup"
@ -32,11 +32,11 @@
    shell: "yarn build"
    args:
      chdir: "~/hedgedoc"
-  become_user: "{{ service }}"
+  become_user: "{{ hedgedoc_service }}"
 - name: Restart services
  service:
-    name: "{{ service }}.service"
+    name: "{{ hedgedoc_service }}.service"
    state: restarted
 - name: Define variable to skip next task by default
@ -45,7 +45,7 @@
 - name: Remove database dump
  file:
-    path: "~/{{ service }}.sql.gz"
+    path: "~/{{ hedgedoc_service }}.sql.gz"
    state: absent
  become_user: postgres
  when: keep_db_dump is undefined
--- a/webapps/hedgedoc/templates/config.json.j2
+++ b/webapps/hedgedoc/templates/config.json.j2
@ -16,7 +16,7 @@
        "urlAddPort": true
    },
    "production": {
-        "domain": "{{ domains }}",
+        "domain": "{{ hedgedoc_domains }}",
        "loglevel": "info",
        "protocolUseSSL": "true",
        "urlAddPort": false,
@ -35,10 +35,10 @@
        },
        "cookiePolicy": "lax",
        "db": {
-            "username": "{{ db_user }}",
+            "username": "{{ hedgedoc_db_user }}",
-            "password": "{{ db_password }}",
+            "password": "{{ hedgedoc_db_password }}",
-            "database": "{{ db_name }}",
+            "database": "{{ hedgedoc_db_name }}",
-            "host": "{{ db_host }}",
+            "host": "{{ hedgedoc_db_host }}",
            "port": "5432",
            "dialect": "postgres"
        }
--- a/webapps/hedgedoc/templates/hedgedoc.service.j2
+++ b/webapps/hedgedoc/templates/hedgedoc.service.j2
@ -35,9 +35,9 @@ SystemCallArchitectures=native
 SystemCallFilter=@system-service
 # You may have to adjust these settings
-User={{service}}
+User={{ hedgedoc_service }}
-Group={{service}}
+Group={{ hedgedoc_service }}
-WorkingDirectory=/home/{{service}}/hedgedoc
+WorkingDirectory=/home/{{ hedgedoc_service }}/hedgedoc
 # Example: local storage for uploads and SQLite
 # ReadWritePaths=/opt/hedgedoc/public/uploads /opt/hedgedoc/db
--- a/webapps/hedgedoc/templates/ssl.conf.j2
+++ b/webapps/hedgedoc/templates/ssl.conf.j2
@ -2,8 +2,8 @@
 # Certificates
 # you need a certificate to run in production. see https://letsencrypt.org/
 ##
-ssl_certificate     /etc/letsencrypt/live/{{ domains | first }}/fullchain.pem;
+ssl_certificate     /etc/letsencrypt/live/{{ hedgedoc_domains | first }}/fullchain.pem;
-ssl_certificate_key /etc/letsencrypt/live/{{ domains | first }}/privkey.pem;
+ssl_certificate_key /etc/letsencrypt/live/{{ hedgedoc_domains | first }}/privkey.pem;
 ##
 # Security hardening (as of Nov 15, 2020)
--- a/webapps/hedgedoc/templates/vhost.conf.j2
+++ b/webapps/hedgedoc/templates/vhost.conf.j2
@ -6,7 +6,7 @@ map $http_upgrade $connection_upgrade {
 server {
  listen 80;
  listen [::]:80;
-  server_name {{ domains |first }};
+  server_name {{ hedgedoc_domains |first }};
  # For certbot
  include /etc/nginx/snippets/letsencrypt.conf;
@ -21,16 +21,16 @@ server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
-  server_name {{ domains |first }};
+  server_name {{ hedgedoc_domains |first }};
-  access_log /var/log/nginx/{{ service }}.access.log;
+  access_log /var/log/nginx/{{ hedgedoc_service }}.access.log;
-  error_log  /var/log/nginx/{{ service }}.error.log;
+  error_log  /var/log/nginx/{{ hedgedoc_service }}.error.log;
  include /etc/nginx/snippets/letsencrypt.conf;
  include /etc/nginx/ssl/{{ domains | first }}.conf;
  location / {
-      proxy_pass http://127.0.0.1:{{ node_port }};
+      proxy_pass http://127.0.0.1:{{ hedgedoc_node_port }};
      proxy_set_header Host $host; 
      proxy_set_header X-Real-IP $remote_addr; 
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
@ -38,7 +38,7 @@ server {
  }
  location /socket.io/ {
-      proxy_pass http://127.0.0.1:{{ node_port }};
+      proxy_pass http://127.0.0.1:{{ hedgedoc_node_port }};
      proxy_set_header Host $host; 
      proxy_set_header X-Real-IP $remote_addr; 
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;