diff --git a/inventory/host_vars/web4.dmz.mateu.be.yml b/inventory/host_vars/web4.dmz.mateu.be.yml index 145e87e..9d35498 100644 --- a/inventory/host_vars/web4.dmz.mateu.be.yml +++ b/inventory/host_vars/web4.dmz.mateu.be.yml @@ -3,3 +3,23 @@ php_modules: ['opcache', 'pgsql', 'mbstring', 'gd', 'intl', 'xml', 'bcmath'] web_hostname: - host: ff.libertus.eu + type: firefly3 + +firefly3_app_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 65623434616434373137303830363336383931633131333563336434353761623238343539316364 + 3930303562396232333839653032633833363162393164390a643565366361616366376165663139 + 36386538363336653530323430353032333832383965363137383330363463373133366231616131 + 6662326237333931390a646262343262623362623264373237383531653932623838366431373733 + 32653064386338333161323762386336396232363830323233646266626431303765396261616262 + 38343764353565376264366330386463303239643836393733323031393434363033356630333465 + 396638363531336334303335363539623561 +firefly3_pg_role: "firefly" +firefly3_pg_database: "fireflydb" +firefly3_pg_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 36326366373734376134393732383634366561613164333038346430366566323435666231613535 + 3534336164663564613634666438353964653734316630610a303035333465646466623364383738 + 66373039373131383562626133333966336665386165313866313665366164386465366231666530 + 6337636434383666640a316462616564343662313661393562653339366664636466346638393762 + 6366 diff --git a/playbooks/webapps.yml b/playbooks/webapps.yml index b3c6078..c5ac89c 100644 --- a/playbooks/webapps.yml +++ b/playbooks/webapps.yml @@ -9,6 +9,12 @@ - freshrss - nextcloud +- name: Install libertus webapplications + hosts: web4.dmz.mateu.be + diff: true + roles: + - firefly3 + - name: Install dojo webapplications hosts: web2.dmz.mateu.be diff: true diff --git a/roles/firefly3/tasks/cron.yml b/roles/firefly3/tasks/cron.yml new file mode 100644 index 0000000..37739f8 --- /dev/null +++ b/roles/firefly3/tasks/cron.yml @@ -0,0 +1,9 @@ +--- + +- name: Install firefly3 cron + ansible.builtin.cron: + user: www-data + name: firefly-iii-cron + minute: 0 + hour: 3 + job: "/usr/bin/php {{ firefly3_local_path }} firefly-iii:cron" diff --git a/roles/firefly3/tasks/db.yml b/roles/firefly3/tasks/db.yml new file mode 100644 index 0000000..ec2a036 --- /dev/null +++ b/roles/firefly3/tasks/db.yml @@ -0,0 +1,15 @@ +--- + +- name: Create firefly3 db role + become_user: postgres + become: true + community.postgresql.postgresql_user: + name: "{{ firefly3_pg_role }}" + password: "{{ firefly3_pg_password }}" + +- name: Create firefly3 db + become_user: postgres + become: true + community.postgresql.postgresql_db: + name: "{{ firefly3_pg_database }}" + owner: "{{ firefly3_pg_role }}" diff --git a/roles/firefly3/tasks/firefly3.yml b/roles/firefly3/tasks/firefly3.yml new file mode 100644 index 0000000..62e8a28 --- /dev/null +++ b/roles/firefly3/tasks/firefly3.yml @@ -0,0 +1,40 @@ +--- + +- name: Create application directory + ansible.builtin.file: + state: directory + dest: "{{ firefly3_local_path }}" + owner: root + group: www-data + mode: "0o750" + +- name: Install firefly3 application + ansible.builtin.unarchive: + remote_src: true + src: "{{ firefly3_url }}" + dest: "{{ firefly3_local_path }}" + owner: root + group: www-data + mode: "a-rwx,u+rwX,g+rX" + exclude: + - ".env" + +- name: Put config file + ansible.builtin.template: + src: "env.j2" + dest: "{{ firefly3_local_path }}/.env" + owner: root + group: www-data + mode: "0o640" + +- name: Check writable dirs + ansible.builtin.file: + state: directory + dest: "{{ firefly3_local_path }}/{{ item }}" + owner: root + group: www-data + recurse: true + mode: "g+w" + loop: + - "bootstrap" + - "storage" diff --git a/roles/firefly3/tasks/main.yml b/roles/firefly3/tasks/main.yml new file mode 100644 index 0000000..1b9a86c --- /dev/null +++ b/roles/firefly3/tasks/main.yml @@ -0,0 +1,10 @@ +--- + +- name: Init db + ansible.builtin.include_tasks: db.yml + +- name: Install firefly3 + ansible.builtin.include_tasks: firefly3.yml + +- name: Install firefly3 cron + ansible.builtin.include_tasks: cron.yml diff --git a/roles/firefly3/templates/env.j2 b/roles/firefly3/templates/env.j2 new file mode 100644 index 0000000..d370bf2 --- /dev/null +++ b/roles/firefly3/templates/env.j2 @@ -0,0 +1,99 @@ +APP_ENV=production +APP_DEBUG=false +SITE_OWNER=mail@example.com +APP_KEY={{ firefly3_app_key }} +DEFAULT_LANGUAGE=fr_FR +DEFAULT_LOCALE=equal +TZ=Europe/Amsterdam +TRUSTED_PROXIES= +LOG_CHANNEL=stack +APP_LOG_LEVEL=notice +AUDIT_LOG_LEVEL=emergency +AUDIT_LOG_CHANNEL= +PAPERTRAIL_HOST= +PAPERTRAIL_PORT= +DB_CONNECTION=pgsql +DB_HOST=localhost +DB_PORT=5432 +DB_DATABASE={{ firefly3_pg_database }} +DB_USERNAME={{ firefly3_pg_role }} +DB_PASSWORD={{ firefly3_pg_password }} +DB_SOCKET= +MYSQL_USE_SSL=false +MYSQL_SSL_VERIFY_SERVER_CERT=true +MYSQL_SSL_CAPATH=/etc/ssl/certs/ +MYSQL_SSL_CA= +MYSQL_SSL_CERT= +MYSQL_SSL_KEY= +MYSQL_SSL_CIPHER= +PGSQL_SSL_MODE=prefer +PGSQL_SSL_ROOT_CERT=null +PGSQL_SSL_CERT=null +PGSQL_SSL_KEY=null +PGSQL_SSL_CRL_FILE=null +PGSQL_SCHEMA=public +CACHE_DRIVER=file +SESSION_DRIVER=file +REDIS_SCHEME=tcp +REDIS_PATH= +REDIS_HOST=127.0.0.1 +REDIS_PORT=6379 +REDIS_USERNAME= +REDIS_PASSWORD= +REDIS_DB="0" +REDIS_CACHE_DB="1" +COOKIE_PATH="/" +COOKIE_DOMAIN= +COOKIE_SECURE=false +COOKIE_SAMESITE=lax +MAIL_MAILER=log +MAIL_HOST=null +MAIL_PORT=2525 +MAIL_FROM=changeme@example.com +MAIL_USERNAME=null +MAIL_PASSWORD=null +MAIL_ENCRYPTION=null +MAIL_SENDMAIL_COMMAND= +MAILGUN_DOMAIN= +MAILGUN_SECRET= +MAILGUN_ENDPOINT=api.mailgun.net +MANDRILL_SECRET= +SPARKPOST_SECRET= +MAILERSEND_API_KEY= +SEND_ERROR_MESSAGE=true +SEND_REPORT_JOURNALS=true +ENABLE_EXTERNAL_MAP=false +ENABLE_EXCHANGE_RATES=false +ENABLE_EXTERNAL_RATES=false +MAP_DEFAULT_LAT=51.983333 +MAP_DEFAULT_LONG=5.916667 +MAP_DEFAULT_ZOOM=6 +VALID_URL_PROTOCOLS= +AUTHENTICATION_GUARD=web +AUTHENTICATION_GUARD_HEADER=REMOTE_USER +AUTHENTICATION_GUARD_EMAIL= +PASSPORT_PRIVATE_KEY= +PASSPORT_PUBLIC_KEY= +CUSTOM_LOGOUT_URL= +DISABLE_FRAME_HEADER=false +DISABLE_CSP_HEADER=false +TRACKER_SITE_ID= +TRACKER_URL= +ALLOW_WEBHOOKS=false +STATIC_CRON_TOKEN= +DKR_BUILD_LOCALE=false +DKR_CHECK_SQLITE=true +APP_NAME=FireflyIII +BROADCAST_DRIVER=log +QUEUE_DRIVER=sync +CACHE_PREFIX=firefly +PUSHER_KEY= +IPINFO_TOKEN= +PUSHER_SECRET= +PUSHER_ID= +DEMO_USERNAME= +DEMO_PASSWORD= +USE_RUNNING_BALANCE=false +FIREFLY_III_LAYOUT=v1 +QUERY_PARSER_IMPLEMENTATION=legacy +APP_URL=https://{{ firefly3_access_url }}/ diff --git a/roles/firefly3/vars/main.yml b/roles/firefly3/vars/main.yml new file mode 100644 index 0000000..c78b317 --- /dev/null +++ b/roles/firefly3/vars/main.yml @@ -0,0 +1,7 @@ +--- + +firefly3_version: "6.2.6" +firefly3_url: "https://github.com/firefly-iii/firefly-iii/releases/download/v{{ firefly3_version }}/FireflyIII-v{{ firefly3_version }}.tar.gz" + +firefly3_access_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'firefly3') | map(attribute='host') | first }}" +firefly3_local_path: "/srv/http/{{ firefly3_access_url }}"