✨: add freshrss webapps

inventory/host_vars/web1.dmz.mateu.be.yml

@@ -6,6 +6,7 @@ web_hostname:
   - host: fav.libertus.eu
     type: shaarli
   - host: rss.libertus.eu
+    type: freshrss
   - host: o.libertus.eu
     type: nextcloud
   - host: blog.libertus.eu
@@ -39,3 +40,21 @@ roundcube_pg_password: !vault |
           61333435376364623464613330633532363935663231343162373061393032616466396431633938
           3038663837653734640a353230346436643538343435313034306332343438396239653433356334
           3862
+
+freshrss_salt: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          35613230636139393732643936613132636565646231343930383536383438343165663439616331
+          3965346635353537663564303266663831623635303862320a643861656265666536323031333539
+          36386136313037373338636161613231663634653137373462393863626434386437363938663637
+          6538633234323636310a323239303138396633626538373934636432653466393737663166623131
+          39313438623036373632623662646333666162393638383463353463666633353564323637626466
+          6334333839313462313166363638653939376330343233383939
+freshrss_pg_role: "adm_lbrss"
+freshrss_pg_database: "libertus_rss"
+freshrss_pg_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          32633432373331623766313162613464323463386331613635363630336138396164333732343037
+          3737383033306633373665313436383130663537313334330a636638373231393138366336326463
+          63363033306636316630373762623563613233633337626430643262323338326630333933626434
+          3234313965356665650a613830653463636630663735393839303934643266646132373065653032
+          3339

playbooks/webapps.yml

@@ -6,3 +6,4 @@
   roles:
     - roundcube
     - shaarli
+    - freshrss

roles/freshrss/tasks/db.yml

@@ -0,0 +1,15 @@
+---
+
+- name: Create freshrss db role
+  become_user: postgres
+  become: true
+  community.postgresql.postgresql_user:
+    name: "{{ freshrss_pg_role }}"
+    password: "{{ freshrss_pg_password }}"
+
+- name: Create roundcube db
+  become_user: postgres
+  become: true
+  community.postgresql.postgresql_db:
+    name: "{{ freshrss_pg_database }}"
+    owner: "{{ freshrss_pg_role }}"

roles/freshrss/tasks/freshrss.yml

@@ -0,0 +1,40 @@
+---
+
+- name: Create application directory
+  ansible.builtin.file:
+    state: directory
+    dest: "{{ freshrss_local_path }}"
+    owner: root
+    group: www-data
+    mode: "a-rwx,u+rwX,g+rX"
+
+- name: Install freshrss application
+  ansible.builtin.unarchive:
+    remote_src: true
+    src: "{{ freshrss_url }}"
+    dest: "{{ freshrss_local_path }}"
+    owner: root
+    group: www-data
+    mode: "a-rwx,u+rwX,g+rX"
+    extra_opts: ['--strip-components=1']
+    exclude:
+      - "{{ freshrss_config_path }}"
+
+- name: Put freshrss configuration file
+  ansible.builtin.template:
+    src: config.php.j2
+    dest: "{{ freshrss_config_path }}"
+    owner: root
+    group: www-data
+    mode: "0o660"
+
+- name: Check writable dirs
+  ansible.builtin.file:
+    state: directory
+    dest: "{{ freshrss_local_path }}/{{ item }}"
+    owner: root
+    group: www-data
+    mode: "g+w"
+    recurse: true
+  loop:
+    - "data"

roles/freshrss/tasks/main.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Init db
+  ansible.builtin.include_tasks: db.yml
+
+- name: Install freshrss
+  ansible.builtin.include_tasks: freshrss.yml
+
+- name: Install freshrss cron
+  ansible.builtin.include_tasks: cron.yml

roles/freshrss/templates/config.php.j2

@@ -0,0 +1,77 @@
+<?php
+
+return array (
+	'environment' => 'production',
+	'salt' => '{{ freshrss_salt }}',
+	'base_url' => 'https://{{ freshrss_access_url }}',
+	'auto_update_url' => 'https://update.freshrss.org',
+	'language' => 'en',
+	'title' => 'FreshRSS',
+	'meta_description' => '',
+	'logo_html' => '',
+	'default_user' => 'mortal',
+	'force_email_validation' => false,
+	'allow_anonymous' => false,
+	'allow_anonymous_refresh' => false,
+	'auth_type' => 'form',
+	'http_auth_auto_register' => true,
+	'http_auth_auto_register_email_field' => '',
+	'api_enabled' => true,
+	'unsafe_autologin_enabled' => false,
+	'simplepie_syslog_enabled' => true,
+	'pubsubhubbub_enabled' => true,
+	'allow_robots' => false,
+	'allow_referrer' => false,
+	'nb_parallel_refresh' => 10,
+	'limits' =>
+		array (
+			'cookie_duration' => 7776000,
+			'cache_duration' => 800,
+			'timeout' => 20,
+			'max_inactivity' => 9223372036854775807,
+			'max_feeds' => 131072,
+			'max_categories' => 16384,
+			'max_registrations' => 1,
+		),
+	'curl_options' =>
+		array (
+		),
+	'db' =>
+		array (
+		'type' => 'pgsql',
+		'host' => 'localhost',
+		'user' => '{{ freshrss_pg_role }}',
+		'password' => '{{ freshrss_pg_password }}',
+		'base' => '{{ freshrss_pg_database }}',
+		'prefix' => 'freshrss_',
+		'connection_uri_params' => '',
+		'pdo_options' =>
+			array (
+			),
+		),
+	'mailer' => 'mail',
+	'smtp' =>
+		array (
+		'hostname' => '',
+		'host' => 'localhost',
+		'port' => 25,
+		'auth' => false,
+		'auth_type' => '',
+		'username' => '',
+		'password' => '',
+		'secure' => '',
+		'from' => 'root@localhost',
+		),
+	'extensions_enabled' =>
+		array (
+		),
+	'extensions' =>
+		array (
+		),
+	'disable_update' => false,
+	'trusted_sources' =>
+		array (
+			0 => '127.0.0.0/8',
+			1 => '::1/128',
+		),
+);

roles/freshrss/templates/freshrss.service.j2

@@ -5,4 +5,4 @@ Wants=freshrss.timer
 [Service]
 User=www-data
 Type=simple
-ExecStart=/usr/bin/php /srv/http/rss.libertus.eu/app/actualize_script.php
+ExecStart=/usr/bin/php {{ freshrss_local_path }}/app/actualize_script.php

roles/freshrss/vars/main.yml

@@ -0,0 +1,8 @@
+---
+
+freshrss_version: "1.25.0"
+freshrss_url: "https://github.com/FreshRSS/FreshRSS/archive/refs/tags/{{ freshrss_version }}.tar.gz"
+
+freshrss_access_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'freshrss') | map(attribute='host') | first }}"
+freshrss_local_path: "/srv/http/{{ freshrss_access_url }}"
+freshrss_config_path: "{{ freshrss_local_path }}/data/config.php"

roles/webapps/tasks/main.yml

@@ -1,11 +1,5 @@
 ---
 
-- name: Include freshrss for web1
-  ansible.builtin.include_tasks: freshrss.yml
-  when: inventory_hostname == 'web1.dmz.mateu.be'
-- name: Include matomo for web2
-  ansible.builtin.include_tasks: matomo.yml
-  when: inventory_hostname == 'web2.dmz.mateu.be'
 - name: WP for NintendojoFR
   ansible.builtin.include_tasks: wp_dojo.yml
   when: inventory_hostname == 'web2.dmz.mateu.be'

roles/webapps/tasks/matomo.yml

@@ -1,8 +0,0 @@
----
-
-- name: Cron for matomo
-  ansible.builtin.cron:
-    name: Matomo reports
-    user: www-data
-    minute: "5"
-    job: "/usr/bin/php /srv/http/analyse.nintendojo.fr/console core:archive > /dev/null"