✨: add firefly3 role

inventory/host_vars/web4.dmz.mateu.be.yml

@@ -3,3 +3,23 @@ php_modules: ['opcache', 'pgsql', 'mbstring', 'gd', 'intl', 'xml', 'bcmath']
 
 web_hostname:
   - host: ff.libertus.eu
+    type: firefly3
+
+firefly3_app_key: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          65623434616434373137303830363336383931633131333563336434353761623238343539316364
+          3930303562396232333839653032633833363162393164390a643565366361616366376165663139
+          36386538363336653530323430353032333832383965363137383330363463373133366231616131
+          6662326237333931390a646262343262623362623264373237383531653932623838366431373733
+          32653064386338333161323762386336396232363830323233646266626431303765396261616262
+          38343764353565376264366330386463303239643836393733323031393434363033356630333465
+          396638363531336334303335363539623561
+firefly3_pg_role: "firefly"
+firefly3_pg_database: "fireflydb"
+firefly3_pg_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          36326366373734376134393732383634366561613164333038346430366566323435666231613535
+          3534336164663564613634666438353964653734316630610a303035333465646466623364383738
+          66373039373131383562626133333966336665386165313866313665366164386465366231666530
+          6337636434383666640a316462616564343662313661393562653339366664636466346638393762
+          6366

playbooks/webapps.yml

@@ -9,6 +9,12 @@
     - freshrss
     - nextcloud
 
+- name: Install libertus webapplications
+  hosts: web4.dmz.mateu.be
+  diff: true
+  roles:
+    - firefly3
+
 - name: Install dojo webapplications
   hosts: web2.dmz.mateu.be
   diff: true

roles/firefly3/tasks/cron.yml

@@ -0,0 +1,9 @@
+---
+
+- name: Install firefly3 cron
+  ansible.builtin.cron:
+    user: www-data
+    name: firefly-iii-cron
+    minute: 0
+    hour: 3
+    job: "/usr/bin/php {{ firefly3_local_path }} firefly-iii:cron"

roles/firefly3/tasks/db.yml

@@ -0,0 +1,15 @@
+---
+
+- name: Create firefly3 db role
+  become_user: postgres
+  become: true
+  community.postgresql.postgresql_user:
+    name: "{{ firefly3_pg_role }}"
+    password: "{{ firefly3_pg_password }}"
+
+- name: Create firefly3 db
+  become_user: postgres
+  become: true
+  community.postgresql.postgresql_db:
+    name: "{{ firefly3_pg_database }}"
+    owner: "{{ firefly3_pg_role }}"

roles/firefly3/tasks/firefly3.yml

@@ -0,0 +1,40 @@
+---
+
+- name: Create application directory
+  ansible.builtin.file:
+    state: directory
+    dest: "{{ firefly3_local_path }}"
+    owner: root
+    group: www-data
+    mode: "0o750"
+
+- name: Install firefly3 application
+  ansible.builtin.unarchive:
+    remote_src: true
+    src: "{{ firefly3_url }}"
+    dest: "{{ firefly3_local_path }}"
+    owner: root
+    group: www-data
+    mode: "a-rwx,u+rwX,g+rX"
+    exclude:
+      - ".env"
+
+- name: Put config file
+  ansible.builtin.template:
+    src: "env.j2"
+    dest: "{{ firefly3_local_path }}/.env"
+    owner: root
+    group: www-data
+    mode: "0o640"
+
+- name: Check writable dirs
+  ansible.builtin.file:
+    state: directory
+    dest: "{{ firefly3_local_path }}/{{ item }}"
+    owner: root
+    group: www-data
+    recurse: true
+    mode: "g+w"
+  loop:
+    - "bootstrap"
+    - "storage"

roles/firefly3/tasks/main.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Init db
+  ansible.builtin.include_tasks: db.yml
+
+- name: Install firefly3
+  ansible.builtin.include_tasks: firefly3.yml
+
+- name: Install firefly3 cron
+  ansible.builtin.include_tasks: cron.yml

roles/firefly3/templates/env.j2

@@ -0,0 +1,99 @@
+APP_ENV=production
+APP_DEBUG=false
+SITE_OWNER=mail@example.com
+APP_KEY={{ firefly3_app_key }}
+DEFAULT_LANGUAGE=fr_FR
+DEFAULT_LOCALE=equal
+TZ=Europe/Amsterdam
+TRUSTED_PROXIES=
+LOG_CHANNEL=stack
+APP_LOG_LEVEL=notice
+AUDIT_LOG_LEVEL=emergency
+AUDIT_LOG_CHANNEL=
+PAPERTRAIL_HOST=
+PAPERTRAIL_PORT=
+DB_CONNECTION=pgsql
+DB_HOST=localhost
+DB_PORT=5432
+DB_DATABASE={{ firefly3_pg_database }}
+DB_USERNAME={{ firefly3_pg_role }}
+DB_PASSWORD={{ firefly3_pg_password }}
+DB_SOCKET=
+MYSQL_USE_SSL=false
+MYSQL_SSL_VERIFY_SERVER_CERT=true
+MYSQL_SSL_CAPATH=/etc/ssl/certs/
+MYSQL_SSL_CA=
+MYSQL_SSL_CERT=
+MYSQL_SSL_KEY=
+MYSQL_SSL_CIPHER=
+PGSQL_SSL_MODE=prefer
+PGSQL_SSL_ROOT_CERT=null
+PGSQL_SSL_CERT=null
+PGSQL_SSL_KEY=null
+PGSQL_SSL_CRL_FILE=null
+PGSQL_SCHEMA=public
+CACHE_DRIVER=file
+SESSION_DRIVER=file
+REDIS_SCHEME=tcp
+REDIS_PATH=
+REDIS_HOST=127.0.0.1
+REDIS_PORT=6379
+REDIS_USERNAME=
+REDIS_PASSWORD=
+REDIS_DB="0"
+REDIS_CACHE_DB="1"
+COOKIE_PATH="/"
+COOKIE_DOMAIN=
+COOKIE_SECURE=false
+COOKIE_SAMESITE=lax
+MAIL_MAILER=log
+MAIL_HOST=null
+MAIL_PORT=2525
+MAIL_FROM=changeme@example.com
+MAIL_USERNAME=null
+MAIL_PASSWORD=null
+MAIL_ENCRYPTION=null
+MAIL_SENDMAIL_COMMAND=
+MAILGUN_DOMAIN=
+MAILGUN_SECRET=
+MAILGUN_ENDPOINT=api.mailgun.net
+MANDRILL_SECRET=
+SPARKPOST_SECRET=
+MAILERSEND_API_KEY=
+SEND_ERROR_MESSAGE=true
+SEND_REPORT_JOURNALS=true
+ENABLE_EXTERNAL_MAP=false
+ENABLE_EXCHANGE_RATES=false
+ENABLE_EXTERNAL_RATES=false
+MAP_DEFAULT_LAT=51.983333
+MAP_DEFAULT_LONG=5.916667
+MAP_DEFAULT_ZOOM=6
+VALID_URL_PROTOCOLS=
+AUTHENTICATION_GUARD=web
+AUTHENTICATION_GUARD_HEADER=REMOTE_USER
+AUTHENTICATION_GUARD_EMAIL=
+PASSPORT_PRIVATE_KEY=
+PASSPORT_PUBLIC_KEY=
+CUSTOM_LOGOUT_URL=
+DISABLE_FRAME_HEADER=false
+DISABLE_CSP_HEADER=false
+TRACKER_SITE_ID=
+TRACKER_URL=
+ALLOW_WEBHOOKS=false
+STATIC_CRON_TOKEN=
+DKR_BUILD_LOCALE=false
+DKR_CHECK_SQLITE=true
+APP_NAME=FireflyIII
+BROADCAST_DRIVER=log
+QUEUE_DRIVER=sync
+CACHE_PREFIX=firefly
+PUSHER_KEY=
+IPINFO_TOKEN=
+PUSHER_SECRET=
+PUSHER_ID=
+DEMO_USERNAME=
+DEMO_PASSWORD=
+USE_RUNNING_BALANCE=false
+FIREFLY_III_LAYOUT=v1
+QUERY_PARSER_IMPLEMENTATION=legacy
+APP_URL=https://{{ firefly3_access_url }}/

roles/firefly3/vars/main.yml

@@ -0,0 +1,7 @@
+---
+
+firefly3_version: "6.2.6"
+firefly3_url: "https://github.com/firefly-iii/firefly-iii/releases/download/v{{ firefly3_version }}/FireflyIII-v{{ firefly3_version }}.tar.gz"
+
+firefly3_access_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'firefly3') | map(attribute='host') | first }}"
+firefly3_local_path: "/srv/http/{{ firefly3_access_url }}"