♻: separate app from user data for shaarli

roles/nginx/templates/vhosts/fav.libertus.eu.conf.j2

@@ -1,10 +1,10 @@
 ## Shaarli
 server {
 {% include './templates/header.conf.j2' %}
-	root /srv/http/fav.libertus.eu/;
+	root /var/www/fav.libertus.eu/;
 	index index.html index.htm index.php;
 	
-	location ^/(cache|data)/ {
+	location ~* ^/(cache|data)/.* {
 		deny all;
 	}
 	

roles/shaarli/tasks/main.yml

@@ -1,34 +1,70 @@
 ---
 
-- name: Create application directory
+## Remove the previous app & install the new version
+- name: Remove Shaarli previous version
+  ansible.builtin.file:
+    state: absent
+    dest: "{{ shaarli_app_home }}"
+
+- name: Create app home
   ansible.builtin.file:
     state: directory
-    path: "{{ shaarli_home }}"
+    path: "{{ shaarli_app_home }}"
     owner: root
     group: www-data
     mode: "a-rwx,u+rwX,g+rX"
 
-- name: Install Shaarli
+- name: Install Shaarli app
   ansible.builtin.unarchive:
     remote_src: true
     src: "{{ shaarli_url }}"
-    dest: "{{ shaarli_home }}"
+    dest: "{{ shaarli_app_home }}"
     owner: root
     group: www-data
     mode: "a-rwx,u+rwX,g+rX"
     extra_opts: ['--strip-components=1']
-    exclude:
-      - "data"
+    exclude: "{{ shaarli_userdata_app_dirs }}"
 
 - name: Check writable dirs
   ansible.builtin.file:
     state: directory
-    dest: "{{ shaarli_home }}/{{ item }}"
+    dest: "{{ shaarli_app_home }}/{{ item }}"
     owner: root
     group: www-data
     recurse: true
     mode: "g+w"
-  loop:
-    - "data"
-    - "tmp"
-    - "pagecache"
+  loop: "{{ shaarli_writable_app_dirs }}"
+
+## Ensure the data dirs exists, populate them if not
+- name: Create data home
+  ansible.builtin.file:
+    state: directory
+    path: "{{ shaarli_data_home }}"
+    owner: www-data
+    group: www-data
+    mode: "a-rwx,u+rwX,g+rX"
+
+# If the first data dir exists, others should exist too
+- name: Get data dir
+  ansible.builtin.stat:
+    path: "{{ shaarli_data_home }}/{{ shaarli_userdata_app_dirs[0] }}"
+  register: _shaarli_userdata_dir_stat
+
+- name: Install Shaarli data dir
+  ansible.builtin.unarchive:
+    remote_src: true
+    src: "{{ shaarli_url }}"
+    dest: "{{ shaarli_data_home }}"
+    owner: www-data
+    group: www-data
+    mode: "a-rwx,u+rwX,g+rX"
+    extra_opts: ['--strip-components=1']
+    include: "{{ shaarli_userdata_app_dirs | map('regex_replace', '^', 'Shaarli/') }}"
+  when: not _shaarli_userdata_dir_stat.stat.exists
+
+- name: Link Shaarli userdata dirs
+  ansible.builtin.file:
+    state: link
+    src: "{{ shaarli_data_home }}/{{ item }}"
+    dest: "{{ shaarli_app_home }}/{{ item }}"
+  loop: "{{ shaarli_userdata_app_dirs }}"

roles/shaarli/vars/main.yml

@@ -3,5 +3,16 @@
 shaarli_version: "0.14.0"
 shaarli_url: "https://github.com/shaarli/Shaarli/releases/download/v{{ shaarli_version }}/shaarli-v{{ shaarli_version }}-full.tar.gz"
 
+# Access URL
 shaarli_access_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'shaarli') | map(attribute='host') | first }}"
-shaarli_home: "/srv/http/{{ shaarli_access_url }}"
+
+# Access path
+shaarli_app_home: "/var/www/{{ shaarli_access_url }}"
+shaarli_data_home: "/srv/www-data/{{ shaarli_access_url }}"
+
+# App dirs
+shaarli_writable_app_dirs:
+  - pagecache
+  - tmp
+shaarli_userdata_app_dirs:
+  - data