evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 16 Releases 34 Wiki Activity

privatebin #183

Merged
mgauthier merged 5 commits from privatebin into unstable 2024-06-12 20:35:09 +02:00
Conversation 0 Commits 5 Files changed 13 +19 -19
7 changed files with 19 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit a7ad33f4ee - Show all commits

2
webapps/privatebin/LISEZMOI.md
View file

@ -31,7 +31,7 @@ Exemple de playbook
- all - all
vars: vars:
# Supplanter ici les variables du rôle # Supplanter ici les variables du rôle
domains: ['votre-vrai-domaine.org'] privatebin_domains: ['votre-vrai-domaine.org']
service: 'mon-privatebin' service: 'mon-privatebin'
roles: roles:

2
webapps/privatebin/README.md
View file

@ -31,7 +31,7 @@ Example Playbook
- all - all
vars: vars:
# Overwrite the role variable here # Overwrite the role variable here
domains: ['your-real-domain.org'] privatebin_domains: ['your-real-domain.org']
service: 'my-privatebin' service: 'my-privatebin'
roles: roles:

10
webapps/privatebin/defaults/main.yml
View file

@ -1,7 +1,7 @@
--- ---
# defaults file for vars # defaults file for vars
system_dep: "['apt-transport-https', 'git', 'certbot', 'acl', 'apache2', 'libapache2-mpm-itk', 'libapache2-mod-php', 'php-gd']" privatebin_system_dep: "['apt-transport-https', 'git', 'certbot', 'acl', 'apache2', 'libapache2-mpm-itk', 'libapache2-mod-php', 'php-gd']"
git_url: 'https://github.com/PrivateBin/PrivateBin' privatebin_git_url: 'https://github.com/PrivateBin/PrivateBin'
git_version: '1.5.1' privatebin_git_version: '1.5.1'
domains: ['example.domain.org'] privatebin_domains: ['example.domain.net']
certbot_admin_email: 'mgauthier@evolix.ca' privatebin_certbot_admin_email: 'security@example.net'

12
webapps/privatebin/tasks/main.yml
View file

@ -3,7 +3,7 @@
- name: Install main system dependencies - name: Install main system dependencies
apt: apt:
name: "{{ system_dep }}" name: "{{ privatebin_system_dep }}"
update_cache: yes update_cache: yes
- name: Add UNIX account - name: Add UNIX account
@ -13,9 +13,9 @@
- name: Clone privatebin repo (git) - name: Clone privatebin repo (git)
git: git:
repo: "{{ git_url }}" repo: "{{ privatebin_git_url }}"
dest: "~/PrivateBin/" dest: "~/PrivateBin/"
version: "{{ git_version | default(omit) }}" version: "{{ privatebin_git_version | default(omit) }}"
update: yes update: yes
force: true force: true
umask: '0022' umask: '0022'
@ -37,7 +37,7 @@
- name: Check if SSL certificate is present and register result - name: Check if SSL certificate is present and register result
stat: stat:
path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem" path: "/etc/letsencrypt/live/{{ privatebin_domains |first }}/fullchain.pem"
register: ssl register: ssl
- name: Generate certificate only if required (first time) - name: Generate certificate only if required (first time)
@ -58,7 +58,7 @@
state: directory state: directory
mode: '0755' mode: '0755'
- name: Generate certificate with certbot - name: Generate certificate with certbot
shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ certbot_admin_email }} -d {{ domains |first }} shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ privatebin_certbot_admin_email }} -d {{ privatebin_domains |first }}
- name: Create the ssl dir if needed - name: Create the ssl dir if needed
file: file:
path: /etc/apache2/ssl path: /etc/apache2/ssl
@ -72,7 +72,7 @@
- name: (Re)check if SSL certificate is present and register result - name: (Re)check if SSL certificate is present and register result
stat: stat:
path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem" path: "/etc/letsencrypt/live/{{ privatebin_domains |first }}/fullchain.pem"
register: ssl register: ssl
- name: (Re)template conf file for apache vhost with SSL - name: (Re)template conf file for apache vhost with SSL

4
webapps/privatebin/tasks/upgrade.yml
View file

@ -10,9 +10,9 @@
- name: Update privatebin repo (git) - name: Update privatebin repo (git)
git: git:
repo: "{{ git_url }}" repo: "{{ privatebin_git_url }}"
dest: "~/PrivateBin/" dest: "~/PrivateBin/"
version: "{{ git_version }}" version: "{{ privatebin_git_version }}"
update: yes update: yes
force: true force: true
become_user: "{{ service }}" become_user: "{{ service }}"

4
webapps/privatebin/templates/ssl.conf.j2
View file

@ -1,3 +1,3 @@
SSLEngine On SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/{{ domains |first }}/fullchain.pem SSLCertificateFile /etc/letsencrypt/live/{{ privatebin_domains |first }}/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/{{ domains |first }}/privkey.pem SSLCertificateKeyFile /etc/letsencrypt/live/{{ privatebin_domains |first }}/privkey.pem

4
webapps/privatebin/templates/vhost.conf.j2
View file

@ -1,5 +1,5 @@
<VirtualHost *:80> <VirtualHost *:80>
ServerName {{ domains |first }} ServerName {{ privatebin_domains |first }}
{% if ssl.stat.exists %} {% if ssl.stat.exists %}
RewriteEngine On RewriteEngine On
@ -12,7 +12,7 @@
{% if ssl.stat.exists %} {% if ssl.stat.exists %}
<VirtualHost *:443> <VirtualHost *:443>
ServerName {{ domains |first }} ServerName {{ privatebin_domains |first }}
DocumentRoot /home/{{ service }}/PrivateBin DocumentRoot /home/{{ service }}/PrivateBin