Browse Source

Add uberspacce roles and playbook

Used to be a separate repo
pull/1/head
Sebastian Wiesner 2 months ago
parent
commit
3e108f8e94
36 changed files with 773 additions and 2 deletions
  1. +2
    -0
      .ansible-lint
  2. +1
    -1
      .gitignore
  3. +1
    -1
      ansible.cfg
  4. +43
    -0
      group_vars/uberspace_hosts.yml
  5. +11
    -0
      inventory/uberspace.yaml
  6. +1
    -0
      kasterl.yml
  7. +17
    -0
      roles/uber-gitea/files/home.tmpl
  8. +4
    -0
      roles/uber-gitea/handlers/main.yml
  9. +5
    -0
      roles/uber-gitea/meta/main.yml
  10. +122
    -0
      roles/uber-gitea/tasks/main.yml
  11. +32
    -0
      roles/uber-gitea/templates/app.ini.j2
  12. +4
    -0
      roles/uber-gitea/templates/gitea.ini.j2
  13. +5
    -0
      roles/uber-gitea/vars/main.yml
  14. +4
    -0
      roles/uber-miniflux/handlers/main.yml
  15. +6
    -0
      roles/uber-miniflux/meta/main.yml
  16. +101
    -0
      roles/uber-miniflux/tasks/main.yml
  17. +5
    -0
      roles/uber-miniflux/templates/miniflux.conf.j2
  18. +4
    -0
      roles/uber-miniflux/templates/miniflux.ini.j2
  19. +4
    -0
      roles/uber-miniflux/vars/main.yml
  20. +91
    -0
      roles/uber-postgresql/files/pg_hba.conf
  21. +4
    -0
      roles/uber-postgresql/handlers/main.yml
  22. +2
    -0
      roles/uber-postgresql/meta/main.yml
  23. +49
    -0
      roles/uber-postgresql/tasks/install.yml
  24. +77
    -0
      roles/uber-postgresql/tasks/main.yml
  25. +3
    -0
      roles/uber-postgresql/templates/10-postgresql.zshenv.zsh.j2
  26. +4
    -0
      roles/uber-postgresql/templates/10-postgresql.zshrc.zsh.j2
  27. +4
    -0
      roles/uber-postgresql/templates/postgresql.ini.j2
  28. +6
    -0
      roles/uber-postgresql/vars/main.yml
  29. +8
    -0
      roles/uber-supervisord/tasks/main.yml
  30. +9
    -0
      roles/uber-web-domain/tasks/main.yml
  31. +13
    -0
      roles/uber-website/meta/main.yml
  32. +17
    -0
      roles/uber-website/tasks/main.yml
  33. +17
    -0
      roles/uber-zsh/files/zshenv
  34. +42
    -0
      roles/uber-zsh/files/zshrc
  35. +16
    -0
      roles/uber-zsh/tasks/main.yml
  36. +39
    -0
      uberspaces.yml

+ 2
- 0
.ansible-lint View File

@@ -2,3 +2,5 @@ use_default_rules: true
skip_list:
# Do not check for role metadata; we do not publish roles
- "701"
# Do not check for potential handlers; this is too over-reaching
- "503"

+ 1
- 1
.gitignore View File

@@ -1 +1 @@
/vault-password
/.vault-password/

+ 1
- 1
ansible.cfg View File

@@ -33,7 +33,7 @@ inventory = inventory/
# smart - gather by default, but don't regather if already gathered
# implicit - gather by default, turn off with gather_facts: False
# explicit - do not gather by default, must say gather_facts: True
#gathering = implicit
gathering = explicit

# This only affects the gathering done by a play's gather_facts directive,
# by default gathering retrieves all facts subsets


+ 43
- 0
group_vars/uberspace_hosts.yml View File

@@ -0,0 +1,43 @@
$ANSIBLE_VAULT;1.2;AES256;uberspace
38353032623735653764623639356262633865336437386532373930653339393534343662653635
6166353766333063333737666437646664663638353736640a373237383337316561383464643637
30336665643235656363386162366335356464356635653565613766333262643562373061303135
3330323866353930350a346234343736386137353364623264316633346338383435356263643036
66366136333637356235633533383137663334663164336561323262366335323132303636373037
62326434346537353532376337646265616166306463653537373562663364303238353462393833
64303361643264366362626339343232643266396262346338356637643337313335383031383361
32396230343134316637373862353330373032333065343066643636346365306436383736373830
38626536386362613966336134643964623931366137363463656439313731613132343462613364
36353538376133613838313234643039343064333635363866386334356365373932626137396166
31653761633865373538356432306630366430646137666665623463386636623637346530393136
32626536393538383861646635396335303865356362376135653063636334363930636631323033
37373365313636656330666438373236633165623535616163623439663965653065626437336537
36623264663530393030316334376164383634343764623163633736333239386334633832663034
66313563616332303832373164663161643463626263316666353735633631623065666566366462
37366163383965613730353161303732623634653231663261613564633961396538626466343962
30306138373163316664633036313739333763653362336636633730306530646638646431383266
38326165643561656135646134346463343561656463616438313062393865356562333864646332
31666532393333316531323635363330323865376638303231633465653865303466383264383532
34643236336434636632636434373565643738363862306261313165383864376639353537383033
65663932613661363830306335343435373437333264633763653939333131626663313730626132
64323832363038356433376362393264303663323062396531343363663136383037626262663439
39396239373761373639663438326334373034366463323661353838386533353633646536643062
36656265643361636439626263343565366165633166393264343864343337613263313138343436
34633039656463643063383666633338363938623766376337346432363666313235653465386264
63663134313838396133653430666537326239343466343263613061636330333732636461353063
61346137636563653466383962626462383364613564356439626438363162343338636538396432
63346231346436636332376533316333626635616234356263383064393531346365613861646564
63643036323431633330353631303663326662393062343536653664363931316230356538666632
63613062383039633666323565396432666339663630613939316462643163623836653732666333
34343466663433356139633661316238386465343436326364633063366138613139613066366463
35363837303365643261623237356334343161623131363264333066353130363766663439396133
61323266383662356638663038323464616432643964313031366165613134633763363637336437
65636136656136653831356537303236363636363863343361623231313033346461643333336639
62323533663866313161616662323365356430653963353366376562353763613336333665333061
62383134346164643636396464623135343730306361623761303432356639306232306632343230
39663461336336656532343931363130623831333734373037623366643935373965326639623135
38366562366265626265393163633834653632373063613835633437356532613235616333396237
34633862653666616533323965383733326564666536656366396332656366376666623531373933
32633633616634343532643334623136366661666162333261666461316436303134316337353265
63346366633736626132363032386464336166633134376137376336386637363838653836313239
3533633165626532386366363832343530653963643262386663

+ 11
- 0
inventory/uberspace.yaml View File

@@ -0,0 +1,11 @@
uberspace_hosts:
hosts:
lovas.uberspace.de:
uberspace_ipv4: "185.26.156.165"
uberspace_ipv6: "2a00:d0c0:200:0:b9:1a:9c:72"
gibbs.uberspace.de:
uberspace_ipv4: "185.26.156.132"
uberspace_ipv6: "2a00:d0c0:200:0:c0bf:e0ff:fec1:af72"
wild.uberspace.de:
uberspace_ipv4: "185.26.156.86"
uberspace_ipv6: "2a00:d0c0:200:0:b9:1a:9c:55"

+ 1
- 0
kasterl.yml View File

@@ -1,5 +1,6 @@
- hosts: kasterl
become: true
gather_facts: true
roles:
- role: arch-base
tags: [install]


+ 17
- 0
roles/uber-gitea/files/home.tmpl View File

@@ -0,0 +1,17 @@
{{template "base/head" .}}
<div class="home">
<div class="ui stackable middle very relaxed page grid">
<div class="sixteen wide center aligned centered column">
<div>
<img class="logo" src="{{StaticUrlPrefix}}/img/gitea-lg.png" />
</div>
<div class="hero">
<h1 class="ui icon header title">
{{AppName}}
</h1>
<h2>Personal git repostories</h2>
</div>
</div>
</div>
</div>
{{template "base/footer" .}}

+ 4
- 0
roles/uber-gitea/handlers/main.yml View File

@@ -0,0 +1,4 @@
- name: Restart gitea
supervisorctl:
name: gitea
state: restarted

+ 5
- 0
roles/uber-gitea/meta/main.yml View File

@@ -0,0 +1,5 @@
dependencies:
- role: uber-web-domain
vars:
web_domain: "{{ gitea_domain }}"
- role: uber-supervisord

+ 122
- 0
roles/uber-gitea/tasks/main.yml View File

@@ -0,0 +1,122 @@
- name: Create working directory
file:
path: "{{ gitea_working_directory }}"
state: directory
mode: "0700"

- name: Query gitea version
command: "{{ gitea_working_directory }}/gitea --version"
register: __gitea_version
changed_when: False
failed_when: False
- name: Export gitea version as fact
set_fact:
gitea_installed_version: "{{ __gitea_version.stdout_lines[0].split(' ')[2] if __gitea_version.rc == 0 else '' }}"

- name: Download gitea binary
get_url:
url: "https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-1.11.3-linux-amd64"
dest: "{{ gitea_working_directory }}/gitea"
checksum: "{{ gitea_checksums[gitea_version] }}"
notify:
- "Restart gitea"
when: gitea_version != gitea_installed_version
- name: Make gitea executable
file:
path: "{{ gitea_working_directory }}/gitea"
mode: "0700"
notify:
- "Restart gitea"

- name: Create database
mysql_db:
name: "{{ ansible_user }}_gitea"
login_user: "{{ ansible_user }}"
login_password: "{{ uberspace_user_credentials[ansible_user].mysql_password }}"
encoding: utf8mb4
collation: utf8mb4_unicode_ci

- name: Create configuration directory
file:
path: "{{ gitea_working_directory }}/custom/conf"
state: directory
mode: "0700"
- name: Configure app
template:
src: app.ini.j2
dest: "{{ gitea_working_directory }}/custom/conf/app.ini"
mode: "0400"
notify:
- "Restart gitea"

- name: Stop gitea before upgrading database
supervisorctl:
name: gitea
state: stopped
when: gitea_version != gitea_installed_version
- name: Initialize and migrate database
command: "{{ gitea_working_directory }}/gitea migrate"
when: gitea_version != gitea_installed_version

- name: Configure service
template:
src: gitea.ini.j2
dest: "{{ supervisord_services_directory }}/gitea.ini"
mode: "0644"
notify:
- "Restart gitea"
- name: Add service
supervisorctl:
name: gitea
state: present
- name: Start service
supervisorctl:
name: gitea
state: started

- name: Add backend
command:
argv:
- uberspace
- web
- backend
- set
- "{{ gitea_domain }}"
- --http
- --port
- "{{ gitea_port }}"

- name: Create admin user
command:
argv:
- "{{ gitea_working_directory }}/gitea"
- "admin"
- create-user
- --admin
- --username
- root
- --email
- "{{ gitea_admin_email }}"
- --password
- "{{ gitea_admin_initial_password }}"
- --must-change-password
register: __gitea_create_admin_user
failed_when:
- __gitea_create_admin_user.rc == 1
- "'user already exists' not in __gitea_create_admin_user.stdout"
changed_when: __gitea_create_admin_user.rc == 0

- name: Create template directory
file:
path: "{{ gitea_working_directory }}/custom/templates"
state: directory
mode: "0755"
- name: Install custom templates
copy:
src: "{{ item }}"
dest: "{{ gitea_working_directory }}/custom/templates/{{ item }}"
mode: "0644"
with_items:
- home.tmpl
notify:
- "Restart gitea"

+ 32
- 0
roles/uber-gitea/templates/app.ini.j2 View File

@@ -0,0 +1,32 @@
APP_NAME = {{gitea_app_name}}

[repository]
DEFAULT_PRIVATE = private
ENABLE_PUSH_CREATE_USER = true

[server]
HTTP_PORT = {{gitea_port}}
DOMAIN = {{gitea_domain}}
ROOT_URL = https://%(DOMAIN)s
LFS_JWT_SECRET = {{gitea_lfs_jwt_secret}}

[service]
DISABLE_REGISTRATION = true

[database]
DB_TYPE = mysql
HOST = 127.0.0.1:3306
NAME = {{ansible_user}}_gitea
USER = {{ansible_user}}
PASSWD = {{ uberspace_user_credentials[ansible_user].mysql_password }}

[security]
INSTALL_LOCK = true
SECRET_KEY = {{gitea_secret_key}}
INTERNAL_TOKEN = {{gitea_internal_token}}

[picture]
DISABLE_GRAVATAR = true

[oauth2]
JWT_SECRET = {{gitea_jwt_secret}}

+ 4
- 0
roles/uber-gitea/templates/gitea.ini.j2 View File

@@ -0,0 +1,4 @@
[program:gitea]
command={{gitea_working_directory}}/gitea web
autostart=yes
autorestart=yes

+ 5
- 0
roles/uber-gitea/vars/main.yml View File

@@ -0,0 +1,5 @@
gitea_checksums:
"1.11.3": "sha256:bd4d3d4f2d3998ebd1fecc1e8fc09971bc822aa8437a72b7131bee6b944f5d51"

gitea_port: 7777
gitea_working_directory: "{{ ansible_facts.user_dir }}/gitea"

+ 4
- 0
roles/uber-miniflux/handlers/main.yml View File

@@ -0,0 +1,4 @@
- name: Restart miniflux
supervisorctl:
name: miniflux
state: restarted

+ 6
- 0
roles/uber-miniflux/meta/main.yml View File

@@ -0,0 +1,6 @@
dependencies:
- role: uber-web-domain
vars:
web_domain: "{{ miniflux_domain }}"
- role: uber-supervisord
- role: uber-postgresql

+ 101
- 0
roles/uber-miniflux/tasks/main.yml View File

@@ -0,0 +1,101 @@
- name: Query miniflux version
command: "{{ ansible_facts.user_dir }}/bin/miniflux -version"
register: __miniflux_version
changed_when: False
failed_when: False
- name: Export miniflux version as fact
set_fact:
miniflux_installed_version: "{{ __miniflux_version.stdout.strip() if __miniflux_version.rc == 0 else '' }}"

- name: Download binary
get_url:
url: "https://github.com/miniflux/miniflux/releases/download/{{ miniflux_version }}/miniflux-linux-amd64"
dest: "{{ ansible_facts.user_dir }}/bin/miniflux"
checksum: "{{ miniflux_checksums[miniflux_version] }}"
notify:
- "Restart miniflux"
when: miniflux_version != miniflux_installed_version
- name: Make binary executable
file:
path: "{{ ansible_facts.user_dir }}/bin/miniflux"
mode: "0700"
notify:
- "Restart miniflux"

- name: Configure miniflux
template:
src: miniflux.conf.j2
dest: "{{ ansible_facts.user_dir }}/etc/miniflux.conf"
mode: "0400"
notify:
- "Restart miniflux"

- name: Create database
postgresql_db:
login_unix_socket: "{{ postgresql_socket_directory }}"
encoding: UTF8
name: miniflux
register: __miniflux_database
- name: Create hstore extension
postgresql_query:
query: 'create extension if not exists hstore'
db: miniflux
login_unix_socket: "{{ postgresql_socket_directory }}"
when: __miniflux_database.changed
- name: Initialize database
command: "{{ ansible_facts.user_dir }}/bin/miniflux -c {{ ansible_facts.user_dir }}/etc/miniflux.conf -migrate"
when: __miniflux_database.changed

- name: Configure service
template:
src: "miniflux.ini.j2"
dest: "{{ supervisord_services_directory }}/miniflux.ini"
mode: "0644"
notify:
- "Restart miniflux"
- name: Add service
supervisorctl:
name: miniflux
state: present

- name: Flush all sessions before stopping miniflux
command: "{{ ansible_facts.user_dir }}/bin/miniflux -c {{ ansible_facts.user_dir }}/etc/miniflux.conf -flush-sessions"
when: miniflux_version != miniflux_installed_version
- name: Stop miniflux before upgrading database
supervisorctl:
name: miniflux
state: stopped
when: miniflux_version != miniflux_installed_version
- name: Initialize and migrate database
command: "{{ ansible_facts.user_dir }}/bin/miniflux -c {{ ansible_facts.user_dir }}/etc/miniflux.conf -migrate"
when: miniflux_version != miniflux_installed_version

- name: Start service
supervisorctl:
name: miniflux
state: started

- name: Add backend
command:
argv:
- uberspace
- web
- backend
- set
- "{{ miniflux_domain }}"
- --http
- --port
- "{{ miniflux_port }}"

- name: Create admin user
command:
argv:
- "{{ ansible_facts.user_dir }}/bin/miniflux"
- -c
- "{{ ansible_facts.user_dir }}/etc/miniflux.conf"
- -create-admin
register: __miniflux_create_admin
changed_when: "'already exists, skipping creation' not in __miniflux_create_admin.stderr"
environment:
ADMIN_USERNAME: root
ADMIN_PASSWORD: "{{ miniflux_admin_password }}"

+ 5
- 0
roles/uber-miniflux/templates/miniflux.conf.j2 View File

@@ -0,0 +1,5 @@
PORT={{miniflux_port}}
BASE_URL=https://{{miniflux_domain}}
HTTPS=true
DISABLE_HSTS=true
DATABASE_URL=host={{postgresql_socket_directory}} user=postgres password=postgres dbname=miniflux sslmode=disable

+ 4
- 0
roles/uber-miniflux/templates/miniflux.ini.j2 View File

@@ -0,0 +1,4 @@
[program:miniflux]
command={{ansible_facts.user_dir}}/bin/miniflux -c {{ansible_facts.user_dir}}/etc/miniflux.conf
autostart=yes
autorestart=yes

+ 4
- 0
roles/uber-miniflux/vars/main.yml View File

@@ -0,0 +1,4 @@
miniflux_checksums:
"2.0.20": "sha256:12031ad13c126f0e82d94a7085f039e67ef68cf4171aa1b7ad3262d5833cf14e"

miniflux_port: "9000"

+ 91
- 0
roles/uber-postgresql/files/pg_hba.conf View File

@@ -0,0 +1,91 @@
# PostgreSQL Client Authentication Configuration File
# ===================================================
#
# Refer to the "Client Authentication" section in the PostgreSQL
# documentation for a complete description of this file. A short
# synopsis follows.
#
# This file controls: which hosts are allowed to connect, how clients
# are authenticated, which PostgreSQL user names they can use, which
# databases they can access. Records take one of these forms:
#
# local DATABASE USER METHOD [OPTIONS]
# host DATABASE USER ADDRESS METHOD [OPTIONS]
# hostssl DATABASE USER ADDRESS METHOD [OPTIONS]
# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS]
#
# (The uppercase items must be replaced by actual values.)
#
# The first field is the connection type: "local" is a Unix-domain
# socket, "host" is either a plain or SSL-encrypted TCP/IP socket,
# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a
# plain TCP/IP socket.
#
# DATABASE can be "all", "sameuser", "samerole", "replication", a
# database name, or a comma-separated list thereof. The "all"
# keyword does not match "replication". Access to replication
# must be enabled in a separate record (see example below).
#
# USER can be "all", a user name, a group name prefixed with "+", or a
# comma-separated list thereof. In both the DATABASE and USER fields
# you can also write a file name prefixed with "@" to include names
# from a separate file.
#
# ADDRESS specifies the set of hosts the record matches. It can be a
# host name, or it is made up of an IP address and a CIDR mask that is
# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that
# specifies the number of significant bits in the mask. A host name
# that starts with a dot (.) matches a suffix of the actual host name.
# Alternatively, you can write an IP address and netmask in separate
# columns to specify the set of hosts. Instead of a CIDR-address, you
# can write "samehost" to match any of the server's own IP addresses,
# or "samenet" to match any address in any subnet that the server is
# directly connected to.
#
# METHOD can be "trust", "reject", "md5", "password", "scram-sha-256",
# "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert".
# Note that "password" sends passwords in clear text; "md5" or
# "scram-sha-256" are preferred since they send encrypted passwords.
#
# OPTIONS are a set of options for the authentication in the format
# NAME=VALUE. The available options depend on the different
# authentication methods -- refer to the "Client Authentication"
# section in the documentation for a list of which options are
# available for which authentication methods.
#
# Database and user names containing spaces, commas, quotes and other
# special characters must be quoted. Quoting one of the keywords
# "all", "sameuser", "samerole" or "replication" makes the name lose
# its special character, and just match a database or username with
# that name.
#
# This file is read on server startup and when the server receives a
# SIGHUP signal. If you edit the file on a running system, you have to
# SIGHUP the server for the changes to take effect, run "pg_ctl reload",
# or execute "SELECT pg_reload_conf()".
#
# Put your actual configuration here
# ----------------------------------
#
# If you want to allow non-local connections, you need to add more
# "host" records. In that case you will also need to make PostgreSQL
# listen on a non-local interface via the listen_addresses
# configuration parameter, or via the -i or -h command line switches.
# CAUTION: Configuring the system for local "trust" authentication
# allows any local user to connect as any PostgreSQL user, including
# the database superuser. If you do not trust all your local users,
# use another authentication method.
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
# IPv4 local connections:
# IPv6 local connections:
# Allow replication connections from localhost, by a user with the
# replication privilege.

# Allow only local super user access.
#
# Looks insecure but every process runs as our uberspace user anyway and
# can write any database file directly, so there's zero protection.
# The database only supports a single application locally anyway, so there's
# little harm done if the processes messes with the DB.
local all postgres peer map=local_superuser

+ 4
- 0
roles/uber-postgresql/handlers/main.yml View File

@@ -0,0 +1,4 @@
- name: Restart PostgreSQL
supervisorctl:
name: postgresql
state: restarted

+ 2
- 0
roles/uber-postgresql/meta/main.yml View File

@@ -0,0 +1,2 @@
dependencies:
- role: uber-supervisord

+ 49
- 0
roles/uber-postgresql/tasks/install.yml View File

@@ -0,0 +1,49 @@
- name: "Create ~/src"
file:
path: "{{ ansible_facts.user_dir }}/src"
mode: "0700"
state: directory
- name: "Download PostgreSQL {{ postgresql_version }}"
get_url:
url: "https://ftp.postgresql.org/pub/source/v{{ postgresql_version }}/postgresql-{{ postgresql_version }}.tar.bz2"
dest: "{{ ansible_facts.user_dir }}/src/postgresql-{{ postgresql_version }}.tar.bz2"
checksum: "{{ postgresql_checksums[postgresql_version] }}"
- name: "Extract PostgreSQL"
unarchive:
src: "{{ ansible_facts.user_dir }}/src/postgresql-{{ postgresql_version }}.tar.bz2"
remote_src: true
dest: "{{ ansible_facts.user_dir }}/src"
creates: "{{ ansible_facts.user_dir }}/src/postgresql-{{ postgresql_version }}"
- name: "Configure PostgreSQL"
# noqa 301
command:
argv:
- ./configure
- --with-libxml
- --with-selinux
- --with-python
- "--prefix={{ postgresql_directory }}"
- PYTHON=/usr/bin/python3
chdir: "{{ ansible_facts.user_dir }}/src/postgresql-{{ postgresql_version }}"
- name: "Compile PostgreSQL"
# noqa 301
command:
cmd: "make world"
chdir: "{{ ansible_facts.user_dir }}/src/postgresql-{{ postgresql_version }}"
- name: "Delete previous installation"
file:
path: "{{ postgresql_directory }}"
state: absent
- name: "Install PostgreSQL"
command:
cmd: "make install-world"
creates: "{{ postgresql_directory }}/bin/psql"
chdir: "{{ ansible_facts.user_dir }}/src/postgresql-{{ postgresql_version }}"
notify: "Restart PostgreSQL"
- name: "Cleanup sources"
file:
path: "{{ item }}"
state: absent
with_items:
- "{{ ansible_facts.user_dir }}/src/postgresql-{{ postgresql_version }}"
- "{{ ansible_facts.user_dir }}/src/postgresql-{{ postgresql_version }}.tar.bz2"

+ 77
- 0
roles/uber-postgresql/tasks/main.yml View File

@@ -0,0 +1,77 @@
- name: Query postgres version
command: "{{ postgresql_directory }}/bin/psql --version"
register: __psql_version
changed_when: False
failed_when: False
- name: Export PostgreSQL version as fact
set_fact:
postgresql_installed_version: "{{ __psql_version.stdout_lines[0].split(' ')[-1] if __psql_version.rc == 0 else '' }}"

- name: Install PostgreSQL if required
include_tasks: install.yml
when: postgresql_version != postgresql_installed_version

- name: Initialize database cluster
command:
argv:
- "{{ postgresql_directory }}/bin/initdb"
- --username=postgres
- --encoding=UTF8
- "{{ postgresql_data_directory }}"
creates: "{{ postgresql_data_directory }}/PG_VERSION"
- name: Configure client authentication
copy:
src: "pg_hba.conf"
dest: "{{ postgresql_data_directory }}/pg_hba.conf"
mode: "0600"
notify: "Restart PostgreSQL"
- name: Create directory for sockets
file:
path: "{{ postgresql_socket_directory }}"
mode: "0700"
state: directory
- name: "Configure server"
lineinfile:
path: "{{ postgresql_data_directory }}/postgresql.conf"
regexp: "^{{ item.key }} ="
insertafter: '^#{{ item.key }} ='
line: "{{ item.key }} = {{ item.value }}"
with_items:
- key: unix_socket_directories
value: "'{{ postgresql_socket_directory }}'"
- key: unix_socket_permissions
value: '0700'
- key: password_encryption
value: scram-sha-256
notify: "Restart PostgreSQL"

- name: Setup environment for ZSH
template:
src: "10-postgresql.{{ item }}.zsh.j2"
dest: "{{ ansible_facts.user_dir }}/.{{ item }}.d/10-postgresql.zsh"
mode: "0644"
with_items: [zshenv, zshrc]

- name: Configure service
template:
src: postgresql.ini.j2
dest: "{{ supervisord_services_directory }}/postgresql.ini"
mode: "0644"
notify: "Restart PostgreSQL"
- name: Add service
supervisorctl:
name: postgresql
state: present

- name: Start service
supervisorctl:
name: postgresql
state: started

- name: Install Python support
pip:
name: psycopg2
state: latest
extra_args: --user
environment:
PATH: "{{ postgresql_directory }}/bin:{{ ansible_env.PATH }}"

+ 3
- 0
roles/uber-postgresql/templates/10-postgresql.zshenv.zsh.j2 View File

@@ -0,0 +1,3 @@
# Export environment variables for this postgresql installation
export PATH="{{postgresql_directory}}/bin:$PATH"
export LD_LIBRARY_PATH="{{postgresql_directory}}/lib:$LD_LIBRARY_PATH"

+ 4
- 0
roles/uber-postgresql/templates/10-postgresql.zshrc.zsh.j2 View File

@@ -0,0 +1,4 @@
# Make socket available for interactive shell session
export PGHOST="{{postgresql_socket_directory}}"
# Connect as superuser when using psql interactively
export PGUSER=postgres

+ 4
- 0
roles/uber-postgresql/templates/postgresql.ini.j2 View File

@@ -0,0 +1,4 @@
[program:postgresql]
command={{postgresql_directory}}/bin/postgres -D {{postgresql_data_directory}}
autostart=yes
autorestart=yes

+ 6
- 0
roles/uber-postgresql/vars/main.yml View File

@@ -0,0 +1,6 @@
postgresql_checksums:
"12.2": "sha256:ad1dcc4c4fc500786b745635a9e1eba950195ce20b8913f50345bb7d5369b5de"

postgresql_directory: "{{ansible_facts.user_dir}}/opt/postgresql"
postgresql_data_directory: "{{ansible_facts.user_dir}}/var/postgresql"
postgresql_socket_directory: "{{ansible_facts.user_dir}}/var/run/postgresql"

+ 8
- 0
roles/uber-supervisord/tasks/main.yml View File

@@ -0,0 +1,8 @@
- name: Expose directory for services
set_fact:
supervisord_services_directory: "{{ ansible_facts.user_dir }}/etc/services.d"
- name: Create directory for services
file:
path: "{{ supervisord_services_directory }}"
state: directory
mode: "0755"

+ 9
- 0
roles/uber-web-domain/tasks/main.yml View File

@@ -0,0 +1,9 @@
- name: "Add domain {{ web_domain }}"
command: "uberspace web domain add {{ web_domain }}"
register: __web_domain_add
changed_when: __web_domain_add.rc == 0
failed_when:
- __web_domain_add.rc != 0
- "'It is already configured for your Uberspace account.' not in __web_domain_add.stderr"



+ 13
- 0
roles/uber-website/meta/main.yml View File

@@ -0,0 +1,13 @@
dependencies:
- role: uber-web-domain
vars:
web_domain: lunaryorn.com
- role: uber-web-domain
vars:
web_domain: www.lunaryorn.com
- role: uber-web-domain
vars:
web_domain: swsnr.de
- role: uber-web-domain
vars:
web_domain: www.swsnr.de

+ 17
- 0
roles/uber-website/tasks/main.yml View File

@@ -0,0 +1,17 @@
- name: Create website content roots
file:
path: "/var/www/virtual/{{ ansible_user }}/{{ item }}"
state: directory
mode: '0755'
with_items: [swsnr.de, lunaryorn.com]
- name: Link content roots for redirected domains
file:
src: "{{ item }}"
dest: "/var/www/virtual/{{ ansible_user }}/www.{{ item }}"
state: link
with_items: [swsnr.de, lunaryorn.com]
- name: Link content root for user page
file:
src: "swsnr.de"
dest: "/var/www/virtual/{{ ansible_user }}/html"
state: link

+ 17
- 0
roles/uber-zsh/files/zshenv View File

@@ -0,0 +1,17 @@
# Load environment snippets

function source_snippets() {
setopt localoptions
unsetopt nomatch

# Load zshrc snippets
for file in ~/.zshenv.d/*.zsh; do
if [[ -r "$file" ]]; then
. "$file"
fi
done
}

source_snippets

unset source_snippets

+ 42
- 0
roles/uber-zsh/files/zshrc View File

@@ -0,0 +1,42 @@
# History settings
HISTFILE=~/.zsh_history
HISTSIZE=1000
SAVEHIST=1000
setopt appendhistory

# Completion system
autoload -Uz compinit
compinit

zstyle ':completion:*' menu select

# Prompt
autoload -Uz promptinit
promptinit

PS1='> '
prompt bart magenta blue green yellow

# Helpful aliases
alias ls='ls --color=auto'
alias ll='ls --color=auto -l'
alias la='ls --color=auto -la'

# Misc options
setopt autocd extendedglob

function source_snippets() {
setopt localoptions
unsetopt nomatch

# Load zshrc snippets
for file in ~/.zshrc.d/*.zsh; do
if [[ -r "$file" ]]; then
. "$file"
fi
done
}

source_snippets

unset source_snippets

+ 16
- 0
roles/uber-zsh/tasks/main.yml View File

@@ -0,0 +1,16 @@
- name: Configure zsh
copy:
src: "{{ item }}"
dest: "{{ ansible_facts.user_dir }}/.{{ item }}"
mode: "0644"
with_items: [zshrc, zshenv]
- name: "Create snippet directories"
file:
path: "{{ ansible_facts.user_dir }}/.{{ item }}.d"
state: directory
mode: "0755"
with_items: [zshrc, zshenv]
- name: "Use zsh as default shell"
user:
name: "{{ ansible_user }}"
shell: /bin/zsh

+ 39
- 0
uberspaces.yml View File

@@ -0,0 +1,39 @@
- hosts: lovas.uberspace.de
remote_user: swiesner
gather_facts: true
gather_subset: "!hardware,!facter,!ohai,!network,!virtual"
roles:
- role: uber-zsh
tags: [shell]
- role: uber-website
tags: [web]

- hosts: gibbs.uberspace.de
remote_user: swgit
gather_facts: true
gather_subset: "!hardware,!facter,!ohai,!network,!virtual"
roles:
- role: uber-zsh
tags: [shell]
- role: uber-gitea
tags: [gitea]
vars:
# Gitea settings
gitea_version: "1.11.3"
gitea_domain: "git.swsnr.de"
gitea_app_name: "git.swsnr.de"
gitea_admin_email: "swgit@uber.space"

- hosts: wild.uberspace.de
remote_user: swrss
gather_facts: true
gather_subset: "!hardware,!facter,!ohai,!network,!virtual"
roles:
- role: uber-zsh
tags: [shell]
- role: uber-miniflux
tags: [miniflux]
vars:
postgresql_version: "12.2"
miniflux_version: "2.0.20"
miniflux_domain: rss.swsnr.de

Loading…
Cancel
Save