diff --git a/roles/postgres/vars/main.yml b/inventory/group_vars/pgsqlservers.yml similarity index 100% rename from roles/postgres/vars/main.yml rename to inventory/group_vars/pgsqlservers.yml diff --git a/inventory/host_vars/web1.dmz.mateu.be.yml b/inventory/host_vars/web1.dmz.mateu.be.yml index 92598ce..1ef4aa3 100644 --- a/inventory/host_vars/web1.dmz.mateu.be.yml +++ b/inventory/host_vars/web1.dmz.mateu.be.yml @@ -18,6 +18,8 @@ web_hostname: - host: r.mateu.be - host: ff.libertus.eu type: firefly3 + - host: koi.libertus.eu + type: koillection firefly3_app_key: !vault | $ANSIBLE_VAULT;1.1;AES256 @@ -110,3 +112,27 @@ nextcloud_pg_password: !vault | 39333636373365373638393930303063333066376362363262343239353632393663306564643061 3761366163373132360a643234333137313131396334303762616634333661396337393731323334 3361 + +koillection_pg_role: "koillection" +koillection_pg_database: "koillectiondb" +koillection_pg_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 31313736366532653862656463323561373630373564633061373964336531636332363630616231 + 3631336633626539343035663065373537313166373363360a393166393966303931363165303531 + 36613534313235646437373561643661323365316537636436623230646436343463343736396664 + 6534373438376339610a343533323765623337323066343636343263633434393639633037346236 + 66663432376635323735633466313463326563373662666533303737343163613838 +koillection_app_secret: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 32386264366435326136303431663564386366633664313030613133643237396566313162303162 + 3466653566313865636661343830363938333338393564380a323363323365653163646265636537 + 33373761343136666666333364333735353133343362383932623531636262663961336163303637 + 3232613062386366610a393465343637643338323633613234373262643039653336396639613766 + 32323638626166343365386438646136366130633765313734623733333432383866 +koillection_jwt_passphrase: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 36353937633530626333396264353963613938306463653238633464626535346631393065386636 + 6463306331373035616436323533383332666163623033320a623033656231333239623238306462 + 61316662646161376466333862653732383030343762303637346163366266393935396335333962 + 6363346638633337370a333261316335613433356566323432356661353564373833666535626663 + 30363635333331643831626236623965663633643666666564356434303436303832 diff --git a/playbooks/webapps.yml b/playbooks/webapps.yml index 95ef9de..a80317f 100644 --- a/playbooks/webapps.yml +++ b/playbooks/webapps.yml @@ -4,6 +4,7 @@ hosts: web1.dmz.mateu.be diff: true roles: + - koillection - bac - roundcube - shaarli diff --git a/roles/koillection/tasks/db.yml b/roles/koillection/tasks/db.yml new file mode 100644 index 0000000..f5c8ce5 --- /dev/null +++ b/roles/koillection/tasks/db.yml @@ -0,0 +1,15 @@ +--- + +- name: Create koillection db role + become_user: postgres + become: true + community.postgresql.postgresql_user: + name: "{{ koillection_pg_role }}" + password: "{{ koillection_pg_password }}" + +- name: Create koillection db + become_user: postgres + become: true + community.postgresql.postgresql_db: + name: "{{ koillection_pg_database }}" + owner: "{{ koillection_pg_role }}" diff --git a/roles/koillection/tasks/main.yml b/roles/koillection/tasks/main.yml new file mode 100644 index 0000000..41f17ac --- /dev/null +++ b/roles/koillection/tasks/main.yml @@ -0,0 +1,55 @@ +--- + +- name: Init db + ansible.builtin.include_tasks: db.yml + +- name: Create application directory + ansible.builtin.file: + state: directory + dest: "{{ koillection_home }}" + owner: root + group: www-data + mode: "0o750" + +- name: Install koillection application + ansible.builtin.unarchive: + remote_src: true + src: "{{ koillection_url }}" + dest: "{{ koillection_home }}" + owner: root + group: www-data + mode: "a-rwx,u+rwX,g+rX" + extra_opts: ['--strip-components=1'] + exclude: + - .env + - config/jwt + +- name: Put config file + ansible.builtin.template: + src: "env.j2" + dest: "{{ koillection_home }}/.env" + owner: root + group: www-data + mode: "0o640" + +- name: Check writable dirs + ansible.builtin.file: + state: directory + dest: "{{ koillection_home }}/{{ item }}" + owner: root + group: www-data + mode: "g+w" + recurse: true + loop: + - "var" + - "config/jwt" + - "public/uploads" + - "public/tmp" + +- name: Run lexik jwt + become: true + become_user: www-data + ansible.builtin.command: + cmd: "php bin/console lexik:jwt:generate-keypair" + chdir: "{{ koillection_home }}" + creates: "{{ koillection_home }}/config/jwt/private.pem" diff --git a/roles/koillection/templates/env.j2 b/roles/koillection/templates/env.j2 new file mode 100644 index 0000000..79a6540 --- /dev/null +++ b/roles/koillection/templates/env.j2 @@ -0,0 +1,44 @@ +######################################################################################################## +# WEB +# +# APP_DEBUG=1 displays detailed error message +# +# APP_SECRET is a random string used for security, you can use for example openssl rand -base64 21 +# APP_SECRET is automatically generated when using Docker +# +# PHP_TZ, see possible values here https://www.w3schools.com/php/php_ref_timezones.asp +######################################################################################################## + +APP_DEBUG=0 +APP_ENV=prod +APP_SECRET={{ koillection_app_secret }} + +HTTPS_ENABLED=1 +UPLOAD_MAX_FILESIZE=20M +PHP_MEMORY_LIMIT=512M +PHP_TZ=Europe/Paris + +######################################################################################################## +# API +# +# +# JWT_PASSPHRASE is a random string used for security, you can use for example openssl rand -base64 21 +# JWT_PASSPHRASE is automatically generated when using Docker +######################################################################################################## + +CORS_ALLOW_ORIGIN='^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$' +JWT_SECRET_KEY=%kernel.project_dir%/config/jwt/private.pem +JWT_PUBLIC_KEY=%kernel.project_dir%/config/jwt/public.pem +JWT_PASSPHRASE={{ koillection_jwt_passphrase }} + +######################################################################################################## +# DATABASE +######################################################################################################## + +DB_DRIVER=pdo_pgsql +DB_NAME={{ koillection_pg_database }} +DB_HOST=localhost +DB_PORT=5432 +DB_USER={{ koillection_pg_role }} +DB_PASSWORD={{ koillection_pg_password }} +DB_VERSION={{ postgres_pg_version }} diff --git a/roles/koillection/vars/main.yml b/roles/koillection/vars/main.yml new file mode 100644 index 0000000..4827f94 --- /dev/null +++ b/roles/koillection/vars/main.yml @@ -0,0 +1,8 @@ +--- + +koillection_version: "1.6.10" +koillection_url: "https://giteu.be/koillection/koillection/releases/download/{{ koillection_version }}/koillection-{{ koillection_version }}.tar.gz" + +koillection_access_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'koillection') | map(attribute='host') | first }}" + +koillection_home: "/srv/http/{{ koillection_access_url }}" diff --git a/roles/nginx/templates/vhosts/koi.libertus.eu.conf.j2 b/roles/nginx/templates/vhosts/koi.libertus.eu.conf.j2 new file mode 100644 index 0000000..4ca85a8 --- /dev/null +++ b/roles/nginx/templates/vhosts/koi.libertus.eu.conf.j2 @@ -0,0 +1,26 @@ +server { +{% include './templates/header.conf.j2' %} + + root /srv/http/koi.libertus.eu/public; + + index index.html index.htm index.php; + + # Media: images, icons, video, audio, fonts + location ~* \.(?:jpg|jpeg|gif|png|webp|ico|svg|webm|eot|ttf|otf|woff|woff2|js|css)$ { + expires 2w; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$query_string; + } + + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + + try_files $uri $document_root$fastcgi_script_name =404; + + include fastcgi_params; + fastcgi_pass unix:/run/php/php{{ php_version }}-fpm.sock; + } +}