From b131cede7014749d9f4b571971c507adf18ad6d4 Mon Sep 17 00:00:00 2001 From: VC Date: Fri, 14 Feb 2025 13:59:48 +0100 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8:=20add=20freshrss=20webapps?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- inventory/host_vars/web1.dmz.mateu.be.yml | 19 +++++ playbooks/webapps.yml | 1 + .../freshrss.yml => freshrss/tasks/cron.yml} | 0 roles/freshrss/tasks/db.yml | 15 ++++ roles/freshrss/tasks/freshrss.yml | 40 ++++++++++ roles/freshrss/tasks/main.yml | 10 +++ roles/freshrss/templates/config.php.j2 | 77 +++++++++++++++++++ .../templates/freshrss.service.j2 | 2 +- .../templates/freshrss.timer.j2 | 0 roles/freshrss/vars/main.yml | 8 ++ roles/webapps/tasks/main.yml | 6 -- roles/webapps/tasks/matomo.yml | 8 -- 12 files changed, 171 insertions(+), 15 deletions(-) rename roles/{webapps/tasks/freshrss.yml => freshrss/tasks/cron.yml} (100%) create mode 100644 roles/freshrss/tasks/db.yml create mode 100644 roles/freshrss/tasks/freshrss.yml create mode 100644 roles/freshrss/tasks/main.yml create mode 100644 roles/freshrss/templates/config.php.j2 rename roles/{webapps => freshrss}/templates/freshrss.service.j2 (63%) rename roles/{webapps => freshrss}/templates/freshrss.timer.j2 (100%) create mode 100644 roles/freshrss/vars/main.yml delete mode 100644 roles/webapps/tasks/matomo.yml diff --git a/inventory/host_vars/web1.dmz.mateu.be.yml b/inventory/host_vars/web1.dmz.mateu.be.yml index e522da8..8fb34e9 100644 --- a/inventory/host_vars/web1.dmz.mateu.be.yml +++ b/inventory/host_vars/web1.dmz.mateu.be.yml @@ -6,6 +6,7 @@ web_hostname: - host: fav.libertus.eu type: shaarli - host: rss.libertus.eu + type: freshrss - host: o.libertus.eu type: nextcloud - host: blog.libertus.eu @@ -39,3 +40,21 @@ roundcube_pg_password: !vault | 61333435376364623464613330633532363935663231343162373061393032616466396431633938 3038663837653734640a353230346436643538343435313034306332343438396239653433356334 3862 + +freshrss_salt: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 35613230636139393732643936613132636565646231343930383536383438343165663439616331 + 3965346635353537663564303266663831623635303862320a643861656265666536323031333539 + 36386136313037373338636161613231663634653137373462393863626434386437363938663637 + 6538633234323636310a323239303138396633626538373934636432653466393737663166623131 + 39313438623036373632623662646333666162393638383463353463666633353564323637626466 + 6334333839313462313166363638653939376330343233383939 +freshrss_pg_role: "adm_lbrss" +freshrss_pg_database: "libertus_rss" +freshrss_pg_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 32633432373331623766313162613464323463386331613635363630336138396164333732343037 + 3737383033306633373665313436383130663537313334330a636638373231393138366336326463 + 63363033306636316630373762623563613233633337626430643262323338326630333933626434 + 3234313965356665650a613830653463636630663735393839303934643266646132373065653032 + 3339 diff --git a/playbooks/webapps.yml b/playbooks/webapps.yml index 194bba0..6b1b7cb 100644 --- a/playbooks/webapps.yml +++ b/playbooks/webapps.yml @@ -6,3 +6,4 @@ roles: - roundcube - shaarli + - freshrss diff --git a/roles/webapps/tasks/freshrss.yml b/roles/freshrss/tasks/cron.yml similarity index 100% rename from roles/webapps/tasks/freshrss.yml rename to roles/freshrss/tasks/cron.yml diff --git a/roles/freshrss/tasks/db.yml b/roles/freshrss/tasks/db.yml new file mode 100644 index 0000000..8725661 --- /dev/null +++ b/roles/freshrss/tasks/db.yml @@ -0,0 +1,15 @@ +--- + +- name: Create freshrss db role + become_user: postgres + become: true + community.postgresql.postgresql_user: + name: "{{ freshrss_pg_role }}" + password: "{{ freshrss_pg_password }}" + +- name: Create roundcube db + become_user: postgres + become: true + community.postgresql.postgresql_db: + name: "{{ freshrss_pg_database }}" + owner: "{{ freshrss_pg_role }}" diff --git a/roles/freshrss/tasks/freshrss.yml b/roles/freshrss/tasks/freshrss.yml new file mode 100644 index 0000000..28e6bb3 --- /dev/null +++ b/roles/freshrss/tasks/freshrss.yml @@ -0,0 +1,40 @@ +--- + +- name: Create application directory + ansible.builtin.file: + state: directory + dest: "{{ freshrss_local_path }}" + owner: root + group: www-data + mode: "a-rwx,u+rwX,g+rX" + +- name: Install freshrss application + ansible.builtin.unarchive: + remote_src: true + src: "{{ freshrss_url }}" + dest: "{{ freshrss_local_path }}" + owner: root + group: www-data + mode: "a-rwx,u+rwX,g+rX" + extra_opts: ['--strip-components=1'] + exclude: + - "{{ freshrss_config_path }}" + +- name: Put freshrss configuration file + ansible.builtin.template: + src: config.php.j2 + dest: "{{ freshrss_config_path }}" + owner: root + group: www-data + mode: "0o660" + +- name: Check writable dirs + ansible.builtin.file: + state: directory + dest: "{{ freshrss_local_path }}/{{ item }}" + owner: root + group: www-data + mode: "g+w" + recurse: true + loop: + - "data" diff --git a/roles/freshrss/tasks/main.yml b/roles/freshrss/tasks/main.yml new file mode 100644 index 0000000..b7f8b99 --- /dev/null +++ b/roles/freshrss/tasks/main.yml @@ -0,0 +1,10 @@ +--- + +- name: Init db + ansible.builtin.include_tasks: db.yml + +- name: Install freshrss + ansible.builtin.include_tasks: freshrss.yml + +- name: Install freshrss cron + ansible.builtin.include_tasks: cron.yml diff --git a/roles/freshrss/templates/config.php.j2 b/roles/freshrss/templates/config.php.j2 new file mode 100644 index 0000000..3a6741e --- /dev/null +++ b/roles/freshrss/templates/config.php.j2 @@ -0,0 +1,77 @@ + 'production', + 'salt' => '{{ freshrss_salt }}', + 'base_url' => 'https://{{ freshrss_access_url }}', + 'auto_update_url' => 'https://update.freshrss.org', + 'language' => 'en', + 'title' => 'FreshRSS', + 'meta_description' => '', + 'logo_html' => '', + 'default_user' => 'mortal', + 'force_email_validation' => false, + 'allow_anonymous' => false, + 'allow_anonymous_refresh' => false, + 'auth_type' => 'form', + 'http_auth_auto_register' => true, + 'http_auth_auto_register_email_field' => '', + 'api_enabled' => true, + 'unsafe_autologin_enabled' => false, + 'simplepie_syslog_enabled' => true, + 'pubsubhubbub_enabled' => true, + 'allow_robots' => false, + 'allow_referrer' => false, + 'nb_parallel_refresh' => 10, + 'limits' => + array ( + 'cookie_duration' => 7776000, + 'cache_duration' => 800, + 'timeout' => 20, + 'max_inactivity' => 9223372036854775807, + 'max_feeds' => 131072, + 'max_categories' => 16384, + 'max_registrations' => 1, + ), + 'curl_options' => + array ( + ), + 'db' => + array ( + 'type' => 'pgsql', + 'host' => 'localhost', + 'user' => '{{ freshrss_pg_role }}', + 'password' => '{{ freshrss_pg_password }}', + 'base' => '{{ freshrss_pg_database }}', + 'prefix' => 'freshrss_', + 'connection_uri_params' => '', + 'pdo_options' => + array ( + ), + ), + 'mailer' => 'mail', + 'smtp' => + array ( + 'hostname' => '', + 'host' => 'localhost', + 'port' => 25, + 'auth' => false, + 'auth_type' => '', + 'username' => '', + 'password' => '', + 'secure' => '', + 'from' => 'root@localhost', + ), + 'extensions_enabled' => + array ( + ), + 'extensions' => + array ( + ), + 'disable_update' => false, + 'trusted_sources' => + array ( + 0 => '127.0.0.0/8', + 1 => '::1/128', + ), +); diff --git a/roles/webapps/templates/freshrss.service.j2 b/roles/freshrss/templates/freshrss.service.j2 similarity index 63% rename from roles/webapps/templates/freshrss.service.j2 rename to roles/freshrss/templates/freshrss.service.j2 index 6815aa4..0c50f4d 100644 --- a/roles/webapps/templates/freshrss.service.j2 +++ b/roles/freshrss/templates/freshrss.service.j2 @@ -5,4 +5,4 @@ Wants=freshrss.timer [Service] User=www-data Type=simple -ExecStart=/usr/bin/php /srv/http/rss.libertus.eu/app/actualize_script.php +ExecStart=/usr/bin/php {{ freshrss_local_path }}/app/actualize_script.php diff --git a/roles/webapps/templates/freshrss.timer.j2 b/roles/freshrss/templates/freshrss.timer.j2 similarity index 100% rename from roles/webapps/templates/freshrss.timer.j2 rename to roles/freshrss/templates/freshrss.timer.j2 diff --git a/roles/freshrss/vars/main.yml b/roles/freshrss/vars/main.yml new file mode 100644 index 0000000..78111bb --- /dev/null +++ b/roles/freshrss/vars/main.yml @@ -0,0 +1,8 @@ +--- + +freshrss_version: "1.25.0" +freshrss_url: "https://github.com/FreshRSS/FreshRSS/archive/refs/tags/{{ freshrss_version }}.tar.gz" + +freshrss_access_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'freshrss') | map(attribute='host') | first }}" +freshrss_local_path: "/srv/http/{{ freshrss_access_url }}" +freshrss_config_path: "{{ freshrss_local_path }}/data/config.php" diff --git a/roles/webapps/tasks/main.yml b/roles/webapps/tasks/main.yml index 17ab8fc..2626025 100644 --- a/roles/webapps/tasks/main.yml +++ b/roles/webapps/tasks/main.yml @@ -1,11 +1,5 @@ --- -- name: Include freshrss for web1 - ansible.builtin.include_tasks: freshrss.yml - when: inventory_hostname == 'web1.dmz.mateu.be' -- name: Include matomo for web2 - ansible.builtin.include_tasks: matomo.yml - when: inventory_hostname == 'web2.dmz.mateu.be' - name: WP for NintendojoFR ansible.builtin.include_tasks: wp_dojo.yml when: inventory_hostname == 'web2.dmz.mateu.be' diff --git a/roles/webapps/tasks/matomo.yml b/roles/webapps/tasks/matomo.yml deleted file mode 100644 index e9c4538..0000000 --- a/roles/webapps/tasks/matomo.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- - -- name: Cron for matomo - ansible.builtin.cron: - name: Matomo reports - user: www-data - minute: "5" - job: "/usr/bin/php /srv/http/analyse.nintendojo.fr/console core:archive > /dev/null"