Prefix variables with etherpad_

webapps/etherpad/LISEZMOI.md

@@ -31,17 +31,17 @@ Exemple de playbook
     - all
   vars:
     # Supplanter ici les variables du rôle
-    domains: ['votre-vrai-domaine.org']
     service: 'mon-etherpad'
-    db_host: 'localhost'
+    etherpad_domains: ['votre-vrai-domaine.org']
-    db_user: "{{ service }}"
+    etherpad_db_host: 'localhost'
-    db_name: "{{ service }}"
+    etherpad_db_user: "{{ service }}"
-    db_password: 'zKEh-CHANGEZ-MOI-qIKc'
+    etherpad_db_name: "{{ service }}"
+    etherpad_db_password: 'zKEh-CHANGEZ-MOI-qIKc'
 
   pre_tasks:
     - name: "Installer les rôles systèmes"
       roles:
-        - { role: nodejs, nodejs_apt_version: "{{ node_version }}" }
+        - { role: nodejs, nodejs_apt_version: "{{ etherpad_node_version }}" }
 
   roles:
     - { role: webapps/etherpad , tags: "etherpad" }

webapps/etherpad/README.md

@@ -31,17 +31,17 @@ Example Playbook
     - all
   vars:
     # Overwrite the role variable here
-    domains: ['your-real-domain.org']
     service: 'my-etherpad'
-    db_host: 'localhost'
+    etherpad_domains: ['your-real-domain.org']
-    db_user: "{{ service }}"
+    etherpad_db_host: 'localhost'
-    db_name: "{{ service }}"
+    etherpad_db_user: "{{ service }}"
-    db_password: 'zKEh-CHANGE-ME-qIKc'
+    etherpad_db_name: "{{ service }}"
+    etherpad_db_password: 'zKEh-CHANGE-ME-qIKc'
 
   pre_tasks:
     - name: "Install system roles"
       roles:
-        - { role: nodejs, nodejs_apt_version: "{{ node_version }}" }
+        - { role: nodejs, nodejs_apt_version: "{{ etherpad_node_version }}" }
 
   roles:
     - { role: webapps/etherpad , tags: "etherpad" }

webapps/etherpad/defaults/main.yml

@@ -1,28 +1,28 @@
 ---
 # defaults file for etherpad
-system_dep: "['apt-transport-https', 'mariadb-server', 'python3-mysqldb', 'nginx', 'ssl-cert', 'git', 'wget', 'certbot', 'npm']"
-git_url: 'https://github.com/ether/etherpad-lite.git'
-git_version: '1.8.18'
-node_version: 'node_18.x'
-node_port: '9001'
 service: 'example'
-domains: ['example.domain.org']
+etherpad_system_dep: "['apt-transport-https', 'mariadb-server', 'python3-mysqldb', 'nginx', 'ssl-cert', 'git', 'wget', 'certbot', 'npm']"
-certbot_admin_email: 'mgauthier@evolix.ca'
+etherpad_git_url: 'https://github.com/ether/etherpad-lite.git'
+etherpad_git_version: '1.8.18'
+etherpad_node_version: 'node_18.x'
+etherpad_node_port: '9001'
+etherpad_domains: ['example.domain.org']
+etherpad_certbot_admin_email: 'mgauthier@evolix.ca'
 
-db_host: '127.0.0.1'
+etherpad_db_host: '127.0.0.1'
-db_port: '3306'
+etherpad_db_port: '3306'
-db_user: "{{ service }}"
+etherpad_db_user: "{{ service }}"
-db_name: "{{ service }}"
+etherpad_db_name: "{{ service }}"
-db_password: 'CHANGE_ME'
+etherpad_db_password: 'CHANGE_ME'
 
-app_ip: '127.0.0.1'
+etherpad_app_ip: '127.0.0.1'
-app_title: 'My Etherpad'
+etherpad_app_title: 'My Etherpad'
-app_db_type: 'mysql'
+etherpad_app_db_type: 'mysql'
-app_skin_name: 'colibris'
+etherpad_app_skin_name: 'colibris'
-app_skin_variants: 'super-light-toolbar super-light-editor light-background'
+etherpad_app_skin_variants: 'super-light-toolbar super-light-editor light-background'
-app_trust_proxy: 'true'
+etherpad_app_trust_proxy: 'true'
-app_require_authentication: 'false'
+etherpad_app_require_authentication: 'false'
-app_require_authorization: 'true'
+etherpad_app_require_authorization: 'true'
-app_admin_password: 'CHANGE_ME_TOO'
+etherpad_app_admin_password: 'CHANGE_ME_TOO'
-app_default_pad_text: 'Bienvenue sur Etherpad !\n\nLe texte de ce bloc-notes est synchronisé sur le serveur au fur et à mesure que vous tapez, de sorte que toutes les personnes qui consultent cette page voient le même texte. Cela vous permet de collaborer de manière transparente et collaborative sur des documents !\n\nParticipez à Etherpad sur https:\/\/etherpad.org\n'
+etherpad_app_default_pad_text: 'Bienvenue sur Etherpad !\n\nLe texte de ce bloc-notes est synchronisé sur le serveur au fur et à mesure que vous tapez, de sorte que toutes les personnes qui consultent cette page voient le même texte. Cela vous permet de collaborer de manière transparente et collaborative sur des documents !\n\nParticipez à Etherpad sur https:\/\/etherpad.org\n'
-app_file_ends: 'false'
+etherpad_app_file_ends: 'false'

webapps/etherpad/tasks/main.yml

@@ -3,7 +3,7 @@
 
 - name: Install main system dependencies
   apt:
-    name: "{{ system_dep }}"
+    name: "{{ etherpad_system_dep }}"
     update_cache: yes
 
 - name: Add UNIX account
@@ -13,20 +13,20 @@
 
 - name: Add database
   mysql_db:
-    name: "{{ db_name }}"
+    name: "{{ etherpad_db_name }}"
 
 - name: Add database user
   mysql_user:
-    name: "{{ db_user }}"
+    name: "{{ etherpad_db_user }}"
-    password: "{{ db_password }}"
+    password: "{{ etherpad_db_password }}"
-    priv: "{{ db_name }}.*:{{privileges |default('SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,INDEX,ALTER,CREATE TEMPORARY TABLES')}}"
+    priv: "{{ etherpad_db_name }}.*:{{privileges |default('SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,INDEX,ALTER,CREATE TEMPORARY TABLES')}}"
     update_password: on_create
 
 - name: Clone etherpad repo (git)
   git:
-    repo: "{{ git_url }}"
+    repo: "{{ etherpad_git_url }}"
     dest: "~/etherpad-lite/"
-    version: "{{ git_version | default(omit) }}"
+    version: "{{ etherpad_git_version | default(omit) }}"
     update: yes
     force: true
     umask: '0022'
@@ -76,7 +76,7 @@
 
 - name: Check if SSL certificate is present and register result
   stat:
-    path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem"
+    path: "/etc/letsencrypt/live/{{ etherpad_domains |first }}/fullchain.pem"
   register: ssl
 
 - name: Generate certificate only if required (first time)
@@ -100,7 +100,7 @@
       state: directory
       mode: '0755'
   - name: Generate certificate with certbot
-    shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ certbot_admin_email }} -d {{ domains |first }}
+    shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ etherpad_certbot_admin_email }} -d {{ etherpad_domains |first }}
   - name: Create the ssl dir if needed
     file:
       path: /etc/nginx/ssl
@@ -109,12 +109,12 @@
   - name: Template ssl bloc for nginx vhost
     template: 
       src: "ssl.conf.j2"
-      dest: "/etc/nginx/ssl/{{ domains |first }}.conf"
+      dest: "/etc/nginx/ssl/{{ etherpad_domains |first }}.conf"
   when: ssl.stat.exists != true
 
 - name: (Re)check if SSL certificate is present and register result
   stat:
-    path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem"
+    path: "/etc/letsencrypt/live/{{ etherpad_domains |first }}/fullchain.pem"
   register: ssl
 
 - name: (Re)template conf file for nginx vhost with SSL

webapps/etherpad/tasks/upgrade.yml

@@ -14,9 +14,9 @@
 
 - name: Clone etherpad repo (git)
   git:
-    repo: "{{ git_url }}"
+    repo: "{{ etherpad_git_url }}"
     dest: "~/etherpad-lite/"
-    version: "{{ git_version }}"
+    version: "{{ etherpad_git_version }}"
     update: yes
     force: true
   become_user: "{{ service }}"

webapps/etherpad/templates/settings.json.j2

@@ -93,7 +93,7 @@
   /*
    * Name your instance!
    */
-  "title": "{{ app_title }}",
+  "title": "{{ etherpad_app_title }}",
 
   /*
    * Pathname of the favicon you want to use. If null, the skin's favicon is
@@ -114,7 +114,7 @@
    * - "colibris": the new experimental skin (since Etherpad 1.8), candidate to
    *               become the default in Etherpad 2.0
    */
-  "skinName": "{{ app_skin_name }}",
+  "skinName": "{{ etherpad_app_skin_name }}",
 
   /*
    * Skin Variants
@@ -140,7 +140,7 @@
    * "full-width-editor" variant (by default editor is rendered as a page, with
    * a max-width of 900px).
    */
-  "skinVariants": "{{ app_skin_variants }}",
+  "skinVariants": "{{ etherpad_app_skin_variants }}",
 
   /*
    * IP and port which Etherpad should bind at.
@@ -152,8 +152,8 @@
    *    "ip": "",                             // <-- has to be an empty string
    *    "port" : "/somepath/etherpad.socket", // <-- path to a Unix socket
    */
-  "ip": "{{ app_ip }}",
+  "ip": "{{ etherpad_app_ip }}",
-  "port": {{ node_port }},
+  "port": {{ etherpad_node_port }},
 
   /*
    * Option to hide/show the settings.json in admin page.
@@ -210,18 +210,18 @@
    */
   "dbType" : "mysql",
   "dbSettings" : {
-    "user":     "{{ db_user }}",
+    "user":     "{{ etherpad_db_user }}",
-    "host":     "{{ db_host }}",
+    "host":     "{{ etherpad_db_host }}",
-    "port":     "{{ db_port }}",
+    "port":     "{{ etherpad_db_port }}",
-    "password": "{{ db_password }}",
+    "password": "{{ etherpad_db_password }}",
-    "database": "{{ db_name }}",
+    "database": "{{ etherpad_db_name }}",
     "charset":  "utf8mb4"
   },
 
   /*
    * The default text of a pad
    */
-  "defaultPadText" : "{{ app_default_pad_text }}",
+  "defaultPadText" : "{{ etherpad_app_default_pad_text }}",
 
   /*
    * Default Pad behavior.
@@ -326,19 +326,19 @@
    * Allow import of file types other than the supported ones:
    * txt, doc, docx, rtf, odt, html & htm
    */
-  "allowUnknownFileEnds": {{ app_file_ends }},
+  "allowUnknownFileEnds": {{ etherpad_app_file_ends }},
 
   /*
    * This setting is used if you require authentication of all users.
    *
    * Note: "/admin" always requires authentication.
    */
-  "requireAuthentication": {{ app_require_authentication }},
+  "requireAuthentication": {{ etherpad_app_require_authentication }},
 
   /*
    * Require authorization by a module, or a user with is_admin set, see below.
    */
-  "requireAuthorization": {{ app_require_authorization }},
+  "requireAuthorization": {{ etherpad_app_require_authorization }},
 
   /*
    * When you use NGINX or another proxy/load-balancer set this to true.
@@ -349,7 +349,7 @@
    * The other effect will be that the logs will contain the real client's IP,
    * instead of the reverse proxy's IP.
    */
-  "trustProxy": {{ app_trust_proxy }},
+  "trustProxy": {{ etherpad_app_trust_proxy }},
 
   /*
    * Settings controlling the session cookie issued by Etherpad.
@@ -510,7 +510,7 @@
     "admin": {
       // 1) "password" can be replaced with "hash" if you install ep_hash_auth
       // 2) please note that if password is null, the user will not be created
-      "password": "{{ app_admin_password }}",
+      "password": "{{ etherpad_app_admin_password }}",
       "is_admin": true
     }
   },

webapps/etherpad/templates/ssl.conf.j2

@@ -2,8 +2,8 @@
 # Certificates
 # you need a certificate to run in production. see https://letsencrypt.org/
 ##
-ssl_certificate     /etc/letsencrypt/live/{{ domains | first }}/fullchain.pem;
+ssl_certificate     /etc/letsencrypt/live/{{ etherpad_domains | first }}/fullchain.pem;
-ssl_certificate_key /etc/letsencrypt/live/{{ domains | first }}/privkey.pem;
+ssl_certificate_key /etc/letsencrypt/live/{{ etherpad_domains | first }}/privkey.pem;
 
 ##
 # Security hardening (as of Nov 15, 2020)

webapps/etherpad/templates/vhost.conf.j2

@@ -6,7 +6,7 @@ map $http_upgrade $connection_upgrade {
 server {
   listen 80;
   listen [::]:80;
-  server_name {{ domains |first }};
+  server_name {{ etherpad_domains |first }};
   
   # For certbot
   include /etc/nginx/snippets/letsencrypt.conf;
@@ -21,16 +21,16 @@ server {
   listen 443 ssl http2;
   listen [::]:443 ssl http2;
   
-  server_name {{ domains |first }};
+  server_name {{ etherpad_domains |first }};
 
   access_log /var/log/nginx/{{ service }}.access.log;
   error_log  /var/log/nginx/{{ service }}.error.log;
   
   include /etc/nginx/snippets/letsencrypt.conf;
-  include /etc/nginx/ssl/{{ domains | first }}.conf;
+  include /etc/nginx/ssl/{{ etherpad_domains | first }}.conf;
 
   location / {
-    proxy_pass         http://127.0.0.1:{{ node_port }};
+    proxy_pass         http://127.0.0.1:{{ etherpad_node_port }};
     proxy_buffering    off; # be careful, this line doesn't override any proxy_buffering on set in a conf.d/file.conf
     proxy_set_header   Host $host;
     proxy_pass_header  Server;