From ae726365ecff5aa53a2ad52000965824c12f1249 Mon Sep 17 00:00:00 2001 From: Mathieu Gauthier-Pilote Date: Wed, 8 May 2024 14:09:02 -0400 Subject: [PATCH] Prefix variables with etherpad_ --- webapps/etherpad/LISEZMOI.md | 12 +++--- webapps/etherpad/README.md | 12 +++--- webapps/etherpad/defaults/main.yml | 46 ++++++++++----------- webapps/etherpad/tasks/main.yml | 22 +++++----- webapps/etherpad/tasks/upgrade.yml | 4 +- webapps/etherpad/templates/settings.json.j2 | 32 +++++++------- webapps/etherpad/templates/ssl.conf.j2 | 4 +- webapps/etherpad/templates/vhost.conf.j2 | 8 ++-- 8 files changed, 70 insertions(+), 70 deletions(-) diff --git a/webapps/etherpad/LISEZMOI.md b/webapps/etherpad/LISEZMOI.md index a42a7025..19de3b6b 100644 --- a/webapps/etherpad/LISEZMOI.md +++ b/webapps/etherpad/LISEZMOI.md @@ -31,17 +31,17 @@ Exemple de playbook - all vars: # Supplanter ici les variables du rôle - domains: ['votre-vrai-domaine.org'] service: 'mon-etherpad' - db_host: 'localhost' - db_user: "{{ service }}" - db_name: "{{ service }}" - db_password: 'zKEh-CHANGEZ-MOI-qIKc' + etherpad_domains: ['votre-vrai-domaine.org'] + etherpad_db_host: 'localhost' + etherpad_db_user: "{{ service }}" + etherpad_db_name: "{{ service }}" + etherpad_db_password: 'zKEh-CHANGEZ-MOI-qIKc' pre_tasks: - name: "Installer les rôles systèmes" roles: - - { role: nodejs, nodejs_apt_version: "{{ node_version }}" } + - { role: nodejs, nodejs_apt_version: "{{ etherpad_node_version }}" } roles: - { role: webapps/etherpad , tags: "etherpad" } diff --git a/webapps/etherpad/README.md b/webapps/etherpad/README.md index 3f090de4..4189b2ec 100644 --- a/webapps/etherpad/README.md +++ b/webapps/etherpad/README.md @@ -31,17 +31,17 @@ Example Playbook - all vars: # Overwrite the role variable here - domains: ['your-real-domain.org'] service: 'my-etherpad' - db_host: 'localhost' - db_user: "{{ service }}" - db_name: "{{ service }}" - db_password: 'zKEh-CHANGE-ME-qIKc' + etherpad_domains: ['your-real-domain.org'] + etherpad_db_host: 'localhost' + etherpad_db_user: "{{ service }}" + etherpad_db_name: "{{ service }}" + etherpad_db_password: 'zKEh-CHANGE-ME-qIKc' pre_tasks: - name: "Install system roles" roles: - - { role: nodejs, nodejs_apt_version: "{{ node_version }}" } + - { role: nodejs, nodejs_apt_version: "{{ etherpad_node_version }}" } roles: - { role: webapps/etherpad , tags: "etherpad" } diff --git a/webapps/etherpad/defaults/main.yml b/webapps/etherpad/defaults/main.yml index 171db5c8..b9c18312 100644 --- a/webapps/etherpad/defaults/main.yml +++ b/webapps/etherpad/defaults/main.yml @@ -1,28 +1,28 @@ --- # defaults file for etherpad -system_dep: "['apt-transport-https', 'mariadb-server', 'python3-mysqldb', 'nginx', 'ssl-cert', 'git', 'wget', 'certbot', 'npm']" -git_url: 'https://github.com/ether/etherpad-lite.git' -git_version: '1.8.18' -node_version: 'node_18.x' -node_port: '9001' service: 'example' -domains: ['example.domain.org'] -certbot_admin_email: 'mgauthier@evolix.ca' +etherpad_system_dep: "['apt-transport-https', 'mariadb-server', 'python3-mysqldb', 'nginx', 'ssl-cert', 'git', 'wget', 'certbot', 'npm']" +etherpad_git_url: 'https://github.com/ether/etherpad-lite.git' +etherpad_git_version: '1.8.18' +etherpad_node_version: 'node_18.x' +etherpad_node_port: '9001' +etherpad_domains: ['example.domain.org'] +etherpad_certbot_admin_email: 'mgauthier@evolix.ca' -db_host: '127.0.0.1' -db_port: '3306' -db_user: "{{ service }}" -db_name: "{{ service }}" -db_password: 'CHANGE_ME' +etherpad_db_host: '127.0.0.1' +etherpad_db_port: '3306' +etherpad_db_user: "{{ service }}" +etherpad_db_name: "{{ service }}" +etherpad_db_password: 'CHANGE_ME' -app_ip: '127.0.0.1' -app_title: 'My Etherpad' -app_db_type: 'mysql' -app_skin_name: 'colibris' -app_skin_variants: 'super-light-toolbar super-light-editor light-background' -app_trust_proxy: 'true' -app_require_authentication: 'false' -app_require_authorization: 'true' -app_admin_password: 'CHANGE_ME_TOO' -app_default_pad_text: 'Bienvenue sur Etherpad !\n\nLe texte de ce bloc-notes est synchronisé sur le serveur au fur et à mesure que vous tapez, de sorte que toutes les personnes qui consultent cette page voient le même texte. Cela vous permet de collaborer de manière transparente et collaborative sur des documents !\n\nParticipez à Etherpad sur https:\/\/etherpad.org\n' -app_file_ends: 'false' +etherpad_app_ip: '127.0.0.1' +etherpad_app_title: 'My Etherpad' +etherpad_app_db_type: 'mysql' +etherpad_app_skin_name: 'colibris' +etherpad_app_skin_variants: 'super-light-toolbar super-light-editor light-background' +etherpad_app_trust_proxy: 'true' +etherpad_app_require_authentication: 'false' +etherpad_app_require_authorization: 'true' +etherpad_app_admin_password: 'CHANGE_ME_TOO' +etherpad_app_default_pad_text: 'Bienvenue sur Etherpad !\n\nLe texte de ce bloc-notes est synchronisé sur le serveur au fur et à mesure que vous tapez, de sorte que toutes les personnes qui consultent cette page voient le même texte. Cela vous permet de collaborer de manière transparente et collaborative sur des documents !\n\nParticipez à Etherpad sur https:\/\/etherpad.org\n' +etherpad_app_file_ends: 'false' diff --git a/webapps/etherpad/tasks/main.yml b/webapps/etherpad/tasks/main.yml index 769d8d6f..387b6704 100644 --- a/webapps/etherpad/tasks/main.yml +++ b/webapps/etherpad/tasks/main.yml @@ -3,7 +3,7 @@ - name: Install main system dependencies apt: - name: "{{ system_dep }}" + name: "{{ etherpad_system_dep }}" update_cache: yes - name: Add UNIX account @@ -13,20 +13,20 @@ - name: Add database mysql_db: - name: "{{ db_name }}" + name: "{{ etherpad_db_name }}" - name: Add database user mysql_user: - name: "{{ db_user }}" - password: "{{ db_password }}" - priv: "{{ db_name }}.*:{{privileges |default('SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,INDEX,ALTER,CREATE TEMPORARY TABLES')}}" + name: "{{ etherpad_db_user }}" + password: "{{ etherpad_db_password }}" + priv: "{{ etherpad_db_name }}.*:{{privileges |default('SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,INDEX,ALTER,CREATE TEMPORARY TABLES')}}" update_password: on_create - name: Clone etherpad repo (git) git: - repo: "{{ git_url }}" + repo: "{{ etherpad_git_url }}" dest: "~/etherpad-lite/" - version: "{{ git_version | default(omit) }}" + version: "{{ etherpad_git_version | default(omit) }}" update: yes force: true umask: '0022' @@ -76,7 +76,7 @@ - name: Check if SSL certificate is present and register result stat: - path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem" + path: "/etc/letsencrypt/live/{{ etherpad_domains |first }}/fullchain.pem" register: ssl - name: Generate certificate only if required (first time) @@ -100,7 +100,7 @@ state: directory mode: '0755' - name: Generate certificate with certbot - shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ certbot_admin_email }} -d {{ domains |first }} + shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ etherpad_certbot_admin_email }} -d {{ etherpad_domains |first }} - name: Create the ssl dir if needed file: path: /etc/nginx/ssl @@ -109,12 +109,12 @@ - name: Template ssl bloc for nginx vhost template: src: "ssl.conf.j2" - dest: "/etc/nginx/ssl/{{ domains |first }}.conf" + dest: "/etc/nginx/ssl/{{ etherpad_domains |first }}.conf" when: ssl.stat.exists != true - name: (Re)check if SSL certificate is present and register result stat: - path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem" + path: "/etc/letsencrypt/live/{{ etherpad_domains |first }}/fullchain.pem" register: ssl - name: (Re)template conf file for nginx vhost with SSL diff --git a/webapps/etherpad/tasks/upgrade.yml b/webapps/etherpad/tasks/upgrade.yml index 78e73fb8..a1c9650d 100644 --- a/webapps/etherpad/tasks/upgrade.yml +++ b/webapps/etherpad/tasks/upgrade.yml @@ -14,9 +14,9 @@ - name: Clone etherpad repo (git) git: - repo: "{{ git_url }}" + repo: "{{ etherpad_git_url }}" dest: "~/etherpad-lite/" - version: "{{ git_version }}" + version: "{{ etherpad_git_version }}" update: yes force: true become_user: "{{ service }}" diff --git a/webapps/etherpad/templates/settings.json.j2 b/webapps/etherpad/templates/settings.json.j2 index bfff1c78..ba3226c4 100644 --- a/webapps/etherpad/templates/settings.json.j2 +++ b/webapps/etherpad/templates/settings.json.j2 @@ -93,7 +93,7 @@ /* * Name your instance! */ - "title": "{{ app_title }}", + "title": "{{ etherpad_app_title }}", /* * Pathname of the favicon you want to use. If null, the skin's favicon is @@ -114,7 +114,7 @@ * - "colibris": the new experimental skin (since Etherpad 1.8), candidate to * become the default in Etherpad 2.0 */ - "skinName": "{{ app_skin_name }}", + "skinName": "{{ etherpad_app_skin_name }}", /* * Skin Variants @@ -140,7 +140,7 @@ * "full-width-editor" variant (by default editor is rendered as a page, with * a max-width of 900px). */ - "skinVariants": "{{ app_skin_variants }}", + "skinVariants": "{{ etherpad_app_skin_variants }}", /* * IP and port which Etherpad should bind at. @@ -152,8 +152,8 @@ * "ip": "", // <-- has to be an empty string * "port" : "/somepath/etherpad.socket", // <-- path to a Unix socket */ - "ip": "{{ app_ip }}", - "port": {{ node_port }}, + "ip": "{{ etherpad_app_ip }}", + "port": {{ etherpad_node_port }}, /* * Option to hide/show the settings.json in admin page. @@ -210,18 +210,18 @@ */ "dbType" : "mysql", "dbSettings" : { - "user": "{{ db_user }}", - "host": "{{ db_host }}", - "port": "{{ db_port }}", - "password": "{{ db_password }}", - "database": "{{ db_name }}", + "user": "{{ etherpad_db_user }}", + "host": "{{ etherpad_db_host }}", + "port": "{{ etherpad_db_port }}", + "password": "{{ etherpad_db_password }}", + "database": "{{ etherpad_db_name }}", "charset": "utf8mb4" }, /* * The default text of a pad */ - "defaultPadText" : "{{ app_default_pad_text }}", + "defaultPadText" : "{{ etherpad_app_default_pad_text }}", /* * Default Pad behavior. @@ -326,19 +326,19 @@ * Allow import of file types other than the supported ones: * txt, doc, docx, rtf, odt, html & htm */ - "allowUnknownFileEnds": {{ app_file_ends }}, + "allowUnknownFileEnds": {{ etherpad_app_file_ends }}, /* * This setting is used if you require authentication of all users. * * Note: "/admin" always requires authentication. */ - "requireAuthentication": {{ app_require_authentication }}, + "requireAuthentication": {{ etherpad_app_require_authentication }}, /* * Require authorization by a module, or a user with is_admin set, see below. */ - "requireAuthorization": {{ app_require_authorization }}, + "requireAuthorization": {{ etherpad_app_require_authorization }}, /* * When you use NGINX or another proxy/load-balancer set this to true. @@ -349,7 +349,7 @@ * The other effect will be that the logs will contain the real client's IP, * instead of the reverse proxy's IP. */ - "trustProxy": {{ app_trust_proxy }}, + "trustProxy": {{ etherpad_app_trust_proxy }}, /* * Settings controlling the session cookie issued by Etherpad. @@ -510,7 +510,7 @@ "admin": { // 1) "password" can be replaced with "hash" if you install ep_hash_auth // 2) please note that if password is null, the user will not be created - "password": "{{ app_admin_password }}", + "password": "{{ etherpad_app_admin_password }}", "is_admin": true } }, diff --git a/webapps/etherpad/templates/ssl.conf.j2 b/webapps/etherpad/templates/ssl.conf.j2 index 86194389..c10595b5 100644 --- a/webapps/etherpad/templates/ssl.conf.j2 +++ b/webapps/etherpad/templates/ssl.conf.j2 @@ -2,8 +2,8 @@ # Certificates # you need a certificate to run in production. see https://letsencrypt.org/ ## -ssl_certificate /etc/letsencrypt/live/{{ domains | first }}/fullchain.pem; -ssl_certificate_key /etc/letsencrypt/live/{{ domains | first }}/privkey.pem; +ssl_certificate /etc/letsencrypt/live/{{ etherpad_domains | first }}/fullchain.pem; +ssl_certificate_key /etc/letsencrypt/live/{{ etherpad_domains | first }}/privkey.pem; ## # Security hardening (as of Nov 15, 2020) diff --git a/webapps/etherpad/templates/vhost.conf.j2 b/webapps/etherpad/templates/vhost.conf.j2 index 46cf21f7..29c849c2 100644 --- a/webapps/etherpad/templates/vhost.conf.j2 +++ b/webapps/etherpad/templates/vhost.conf.j2 @@ -6,7 +6,7 @@ map $http_upgrade $connection_upgrade { server { listen 80; listen [::]:80; - server_name {{ domains |first }}; + server_name {{ etherpad_domains |first }}; # For certbot include /etc/nginx/snippets/letsencrypt.conf; @@ -21,16 +21,16 @@ server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name {{ domains |first }}; + server_name {{ etherpad_domains |first }}; access_log /var/log/nginx/{{ service }}.access.log; error_log /var/log/nginx/{{ service }}.error.log; include /etc/nginx/snippets/letsencrypt.conf; - include /etc/nginx/ssl/{{ domains | first }}.conf; + include /etc/nginx/ssl/{{ etherpad_domains | first }}.conf; location / { - proxy_pass http://127.0.0.1:{{ node_port }}; + proxy_pass http://127.0.0.1:{{ etherpad_node_port }}; proxy_buffering off; # be careful, this line doesn't override any proxy_buffering on set in a conf.d/file.conf proxy_set_header Host $host; proxy_pass_header Server;