jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-07-30 03:05:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2022-03-07 16:00

Browse Source
This commit is contained in:
Daniel Berteaud
2022-03-07 16:00:05 +01:00
parent be6bc20783
commit 1065df387c
99 changed files with 761 additions and 303 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
roles/unmaintained/itop/README.md Normal file
View File

@@ -0,0 +1,38 @@
# iTop CMDB
[iTop](https://www.combodo.com/itop) is a Configuration Management Database written in PHP, developped by combodo
## Installation
The installation is not fully automatic. This ansible role will take care of creating the DB, install the app, configure PHP, httpd etc.
But you'll have to finish the setup manually by going to the /setup path.
Note : if you run iTop beind a reverse proxy, you'll have to temporarily edit web/application/utils.inc.php. In this file, the GetDefaultUrlAppRoot will return port 80 instead of 443 (because the httpd instance is running on port 80, but the client uses port 443 to contact the reverse proxy). Just change the line :
```
$iPort = isset($_SERVER['SERVER_PORT']) ? $_SERVER['SERVER_PORT'] : 80;
```
to
```
//$iPort = isset($_SERVER['SERVER_PORT']) ? $_SERVER['SERVER_PORT'] : 80;
$iPort = 443;
```
You can revert this change once the installation is done. For the installation, you need to use a MySQL account with the SUPER privilege (which is not the case of the default user created).
## Upgrade
For upgrades, there are several manual steps to be done. First, you need to grant write access to the config file
```
chmod 660 /opt/itop_1/web/conf/production/itop-config.php
```
Then go to /setup and follow the steps. Note : the upgrade needs a user with the SUPER privilege on MySQL. This is not the case of the default user created by this role for security reason. So you should use your SQL admin for the upgrade process. Once the upgrade is done, you can restrict again permissions. note during the upgrade, you'll have to fixe the URL if you're running behind a rev proxy, because iTop will force the port to be 80 !
```
chmod 660 /opt/itop_1/web/conf/production/itop-config.php
```
And edit /opt/itop_1/web/conf/env-production/itop-config.php to set back the itop_1 user and password (as it'll have the sqladmin user here)

37
roles/unmaintained/itop/defaults/main.yml Normal file
View File

@@ -0,0 +1,37 @@
---
itop_id: 1
itop_manage_upgrade: True
itop_version: 2.7.5-1
itop_build: 7770
itop_archive_url: https://sourceforge.net/projects/itop/files/itop/{{ itop_version }}/iTop-{{ itop_version }}-{{ itop_build }}.zip
itop_archive_sha1: edff7fb8d5a79ed31a8065f4b7350d4ae4686af1
itop_php_cas_version: 1.4.0
itop_php_cas_archive_url: https://github.com/apereo/phpCAS/releases/download/{{ itop_php_cas_version }}/CAS-{{ itop_php_cas_version }}.tgz
itop_php_cas_archive_sha1: 9052431246c95c17b4d67775af7b5b2fb482be44
itop_root_dir: /opt/itop_{{ itop_id }}
itop_php_user: php-itop_{{ itop_id }}
itop_php_version: 74
# If you prefer using a custom PHP FPM pool, set it's name.
# You might need to adjust itop_php_user
# itop_php_fpm_pool: custom_itop
itop_db_server: "{{ mysql_server | default('localhost') }}"
# itop_db_port: 3306
itop_db_name: itop_{{ itop_id }}
itop_db_user: itop_{{ itop_id }}
# If not defined, a random pass will be generated and stored in the meta directory (under itop_root_dir)
# itop_db_pass: itop
# itop_alias: itop
# itop_src_ip: []
# - 192.168.7.0/24
# - 10.2.0.0/24
# Cron task needs a user and a pass, so it won't be enabled until you set it
# itop_cron_user: cron
# itop_cron_pass: secret

9
roles/unmaintained/itop/meta/main.yml Normal file
View File

@@ -0,0 +1,9 @@
---
allow_duplicates: True
dependencies:
- role: mkdir
- role: httpd_php
- role: mysql_server
when: itop_db_server in [ 'localhost', '127.0.0.1' ]

9
roles/unmaintained/itop/tasks/archive_post.yml Normal file
View File

@@ -0,0 +1,9 @@
---
- import_tasks: ../includes/webapps_compress_archive.yml
vars:
- root_dir: "{{ itop_root_dir }}"
- version: "{{ itop_current_version }}"
when: itop_install_mode == 'upgrade'
tags: itop

10
roles/unmaintained/itop/tasks/archive_pre.yml Normal file
View File

@@ -0,0 +1,10 @@
---
- import_tasks: ../includes/webapps_archive.yml
vars:
- root_dir: "{{ itop_root_dir }}"
- version: "{{ itop_current_version }}"
- db_name: "{{ itop_db_name }}"
- db_server: "{{ itop_db_server }}"
tags: itop

13
roles/unmaintained/itop/tasks/cleanup.yml Normal file
View File

@@ -0,0 +1,13 @@
---
- name: Remove temp and obsolete files
file: path={{ item }} state=absent
loop:
- "{{ itop_root_dir }}/tmp/iTop-{{ itop_version }}-{{ itop_build }}.zip"
- "{{ itop_root_dir }}/tmp/web"
- "{{ itop_root_dir }}/tmp/INSTALL"
- "{{ itop_root_dir }}/tmp/README"
- "{{ itop_root_dir }}/tmp/LICENSE"
- "{{ itop_root_dir }}/tmp/CAS-{{ itop_php_cas_version }}"
- "{{ itop_root_dir }}/tmp/CAS-{{ itop_php_cas_version }}.tgz"
tags: itop

12
roles/unmaintained/itop/tasks/conf.yml Normal file
View File

@@ -0,0 +1,12 @@
---
- import_tasks: ../includes/webapps_webconf.yml
vars:
- app_id: itop_{{ itop_id }}
- php_version: "{{ itop_php_version }}"
- php_fpm_pool: "{{ itop_php_fpm_pool | default('') }}"
tags: itop
- name: Deploy cron param file
template: src=cron.param.j2 dest={{ itop_root_dir }}/etc/cron.params group={{ itop_php_user }} mode=640
tags: itop

29
roles/unmaintained/itop/tasks/directories.yml Normal file
View File

@@ -0,0 +1,29 @@
---
- name: Create directory structure
file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
with_items:
- dir: "{{ itop_root_dir }}"
- dir: "{{ itop_root_dir }}/archives"
mode: 700
- dir: "{{ itop_root_dir }}/tmp"
owner: "{{ itop_php_user }}"
mode: 700
- dir: "{{ itop_root_dir }}/sessions"
owner: "{{ itop_php_user }}"
mode: 700
- dir: "{{ itop_root_dir }}/meta"
mode: 700
- dir: "{{ itop_root_dir }}/backup"
mode: 700
- dir: "{{ itop_root_dir }}/etc"
group: "{{ itop_php_user }}"
mode: 750
- dir: "{{ itop_root_dir }}/web/data"
- dir: "{{ itop_root_dir }}/web/conf"
- dir: "{{ itop_root_dir }}/web/env-production"
- dir: "{{ itop_root_dir }}/web/env-production-build"
- dir: "{{ itop_root_dir }}/web/log"
- dir: "{{ itop_root_dir }}/web/extensions"
tags: itop

19
roles/unmaintained/itop/tasks/facts.yml Normal file
View File

@@ -0,0 +1,19 @@
---
- block:
- import_tasks: ../includes/webapps_set_install_mode.yml
vars:
- root_dir: "{{ itop_root_dir }}"
- version: "{{ itop_version }}"
- set_fact: itop_install_mode={{ (install_mode == 'upgrade' and not itop_manage_upgrade) | ternary('none',install_mode) }}
- set_fact: itop_current_version={{ current_version | default('') }}
tags: itop
- when: itop_db_pass is not defined
block:
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ itop_root_dir }}/meta/ansible_dbpass"
- set_fact: itop_db_pass={{ rand_pass }}
tags: itop

5
roles/unmaintained/itop/tasks/filebeat.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- name: Deploy filebeat configuration
template: src=filebeat.yml.j2 dest=/etc/filebeat/ansible_inputs.d/itop_{{ itop_id }}.yml
tags: itop,log

122
roles/unmaintained/itop/tasks/install.yml Normal file
View File

@@ -0,0 +1,122 @@
---
- name: Install needed tools
yum:
name:
- tar
- mariadb
- acl
- graphviz
tags: itop
- when: itop_install_mode != 'none'
block:
- name: Download iTop
get_url:
url: "{{ itop_archive_url }}"
dest: "{{ itop_root_dir }}/tmp/"
checksum: "sha1:{{ itop_archive_sha1 }}"
- name: Extract iTop archive
unarchive:
src: "{{ itop_root_dir }}/tmp/iTop-{{ itop_version }}-{{ itop_build }}.zip"
dest: "{{ itop_root_dir }}/tmp"
remote_src: yes
- name: Remove previous install
file: path={{ itop_root_dir }}/web/{{ item }} state=absent
loop:
- addons
- datamodels
- images
- lib
- manifest.xml
- portal
- application
- core
- dictionnaries
- env-test
- index.php
- navigator
- setup
- webservices
- approot.inc.php
- css
- js
- pages
- synchro
- sources
- documentation
- name: Install new version of iTop
synchronize:
src: "{{ itop_root_dir }}/tmp/web/"
dest: "{{ itop_root_dir }}/web/"
recursive: True
delegate_to: "{{ inventory_hostname }}"
- name: Download php CAS lib
get_url:
url: "{{ itop_php_cas_archive_url }}"
checksum: sha1:{{ itop_php_cas_archive_sha1 }}
dest: "{{ itop_root_dir }}/tmp"
- name: Extract php CAS lib
unarchive:
src: "{{ itop_root_dir }}/tmp/CAS-{{ itop_php_cas_version }}.tgz"
dest: "{{ itop_root_dir }}/tmp"
remote_src: True
- name: Install php CAS lib
synchronize:
src: "{{ itop_root_dir }}/tmp/CAS-{{ itop_php_cas_version }}/{{ item }}"
dest: "{{ itop_root_dir }}/web/lib/"
recursive: True
delegate_to: "{{ inventory_hostname }}"
loop:
- CAS.php
- CAS
tags: itop
- name: Ensure env-production directories exist
file: path={{ itop_root_dir }}/web/{{ item }} state=directory
loop:
- env-production
- env-production-build
tags: itop
- import_tasks: ../includes/webapps_create_mysql_db.yml
vars:
- db_name: "{{ itop_db_name }}"
- db_user: "{{ itop_db_user }}"
- db_server: "{{ itop_db_server }}"
- db_pass: "{{ itop_db_pass }}"
tags: itop
- name: Install backup hooks
template: src={{ item }}-backup.sh.j2 dest=/etc/backup/{{ item }}.d/itop_{{ itop_id }} mode=700
loop:
- pre
- post
tags: itop
- name: Install systemd units
template: src=itop.{{ item }}.j2 dest=/etc/systemd/system/itop_{{ itop_id }}.{{ item }}
loop:
- service
- timer
register: itop_units
tags: itop
- name: Reload systemd
systemd: daemon_reload=True
when: itop_units.results | selectattr('changed','equalto',True) | list | length > 0
tags: itop
- name: Enable iTop timer
systemd:
name: itop_{{ itop_id }}.timer
state: "{{ (itop_cron_user is defined and itop_cron_pass is defined) | ternary('started','stopped') }}"
enabled: "{{ (itop_cron_user is defined and itop_cron_pass is defined) | ternary(True,False) }}"
tags: itop

32
roles/unmaintained/itop/tasks/main.yml Normal file
View File

@@ -0,0 +1,32 @@
---
- include_tasks: user.yml
tags: always
- include_tasks: directories.yml
tags: always
- include_tasks: facts.yml
tags: always
- include_tasks: archive_pre.yml
when: itop_install_mode | dfefault('none') == 'upgrade'
tags: always
- include_tasks: install.yml
tags: always
- include_tasks: conf.yml
tags: always
- include_tasks: archive_post.yml
when: itop_install_mode | default('none') == 'upgrade'
tags: always
- include_tasks: write_version.yml
tags: always
- include_tasks: cleanup.yml
tags: always
- include_tasks: filebeat.yml
tags: always

8
roles/unmaintained/itop/tasks/user.yml Normal file
View File

@@ -0,0 +1,8 @@
---
- import_tasks: ../includes/create_system_user.yml
vars:
- user: "{{ itop_php_user }}"
- comment: "PHP FPM for itop {{ itop_id }}"
tags: itop

8
roles/unmaintained/itop/tasks/write_version.yml Normal file
View File

@@ -0,0 +1,8 @@
---
- import_tasks: ../includes/webapps_post.yml
vars:
- root_dir: "{{ itop_root_dir }}"
- version: "{{ itop_version }}"
tags: itop

7
roles/unmaintained/itop/templates/cron.param.j2 Normal file
View File

@@ -0,0 +1,7 @@
{% if itop_cron_user is defined and itop_cron_pass is defined %}
auth_user = {{ itop_cron_user }}
auth_pwd = {{ itop_cron_pass }}
{% endif %}
size_min = 20 # in MB
time_limit = 40 # in minutes

6
roles/unmaintained/itop/templates/filebeat.yml.j2 Normal file
View File

@@ -0,0 +1,6 @@
---
- type: log
enabled: True
paths:
- {{ itop_root_dir }}/web/log/setup.log

26
roles/unmaintained/itop/templates/httpd.conf.j2 Normal file
View File

@@ -0,0 +1,26 @@
{% if itop_alias is defined %}
Alias /{{ itop_alias }} {{ itop_root_dir }}/web/
{% else %}
# No alias defined, create a vhost to access it
{% endif %}
RewriteEngine On
# Upgrading DB schema can be very long, so makes sure httpd will wait for a response long enough
ProxyTimeout 1800
<Directory {{ itop_root_dir }}/web/>
AllowOverride All
Options FollowSymLinks
{% if itop_src_ip is defined %}
Require ip {{ itop_src_ip | join(' ') }}
{% else %}
Require all granted
{% endif %}
<FilesMatch \.php$>
SetHandler "proxy:unix:/run/php-fpm/{{ itop_php_fpm_pool | default('itop_' + itop_id | string) }}.sock|fcgi://localhost"
</FilesMatch>
</Directory>
{% for dir in ['log','env-production','env-production-build','data','conf'] %}
<Directory {{ itop_root_dir }}/web/{{ dir }}>
Require all denied
</Directory>
{% endfor %}

15
roles/unmaintained/itop/templates/itop.service.j2 Normal file
View File

@@ -0,0 +1,15 @@
[Unit]
Description=iTop {{ itop_id }} background tasks
[Service]
Type=oneshot
ExecStart=/bin/php{{ itop_php_version }} \
-d memory_limit=512M \
-d session.save_path={{ itop_root_dir }}/sessions \
{{ itop_root_dir }}/web/webservices/cron.php \
--param_file={{ itop_root_dir }}/etc/cron.params \
--verbose=1
User={{ itop_php_user }}
Group={{ itop_php_user }}

8
roles/unmaintained/itop/templates/itop.timer.j2 Normal file
View File

@@ -0,0 +1,8 @@
[Unit]
Description=iTop {{ itop_id }} background tasks
[Timer]
OnCalendar=*:0/5
[Install]
WantedBy=timers.target

20
roles/unmaintained/itop/templates/perms.sh.j2 Normal file
View File

@@ -0,0 +1,20 @@
#!/bin/sh
restorecon -R {{ itop_root_dir }}
chown -R root:root {{ itop_root_dir }}/web/
find {{ itop_root_dir }}/web/ -type d -exec chmod 755 "{}" \;
find {{ itop_root_dir }}/web/ -type f -exec chmod 644 "{}" \;
{% for dir in ['data', 'conf', 'log', 'env-production', 'env-production-build', 'extensions'] %}
chmod 700 {{ itop_root_dir }}/web/{{ dir }}
setfacl -k -b -R {{ itop_root_dir }}/web/{{ dir }}
chown -R {{ itop_php_user }}:{{ itop_php_user }} {{ itop_root_dir }}/web/{{ dir }}
{% if dir == 'conf' %}
find {{ itop_root_dir }}/web/{{ dir }} -type d -exec chmod 750 "{}" \;
find {{ itop_root_dir }}/web/{{ dir }} -type f -exec chown root:{{ itop_php_user }} "{}" \; -exec chmod 640 "{}" \;
{% else %}
find {{ itop_root_dir }}/web/{{ dir }} -type d -exec chmod 750 "{}" \;
find {{ itop_root_dir }}/web/{{ dir }} -type f -exec chmod 640 "{}" \;
setfacl -R -m u:{{ httpd_user | default('apache') }}:rX,d:u:{{ httpd_user | default('apache') }}:rX {{ itop_root_dir }}/web/{{ dir }}
{% endif %}
{% endfor %}
find {{ itop_root_dir }}/web/ -type f -name .htaccess -exec chown root:root "{}" \; -exec chmod 644 "{}" \;

39
roles/unmaintained/itop/templates/php.conf.j2 Normal file
View File

@@ -0,0 +1,39 @@
; {{ ansible_managed }}
[itop_{{ itop_id }}]
listen.owner = root
listen.group = {{ httpd_user | default('apache') }}
listen.mode = 0660
listen = /run/php-fpm/itop_{{ itop_id }}.sock
user = {{ itop_php_user }}
group = {{ itop_php_user }}
catch_workers_output = yes
pm = dynamic
pm.max_children = 15
pm.start_servers = 3
pm.min_spare_servers = 3
pm.max_spare_servers = 6
pm.max_requests = 5000
request_terminate_timeout = 60m
php_flag[display_errors] = off
php_admin_flag[log_errors] = on
php_admin_value[error_log] = syslog
php_admin_value[memory_limit] = 512M
php_admin_value[session.save_path] = {{ itop_root_dir }}/sessions
php_admin_value[upload_tmp_dir] = {{ itop_root_dir }}/tmp
php_admin_value[sys_temp_dir] = {{ itop_root_dir }}/tmp
php_admin_value[post_max_size] = 21M
php_admin_value[upload_max_filesize] = 20M
php_admin_value[disable_functions] = system, show_source, symlink, dl, shell_exec, passthru, phpinfo, escapeshellcmd
php_admin_value[open_basedir] = {{ itop_root_dir }}:/etc/pki/tls/cert.pem:/usr/bin/dot
; DB schema upgrade can be very long
php_admin_value[max_execution_time] = 1800
php_admin_value[max_input_time] = 120
php_admin_flag[allow_url_include] = off
php_admin_flag[allow_url_fopen] = on
php_admin_flag[file_uploads] = on
php_admin_flag[session.cookie_httponly] = on

3
roles/unmaintained/itop/templates/post-backup.sh.j2 Normal file
View File

@@ -0,0 +1,3 @@
#!/bin/bash -e
rm -f {{ itop_root_dir }}/backup/*

15
roles/unmaintained/itop/templates/pre-backup.sh.j2 Normal file
View File

@@ -0,0 +1,15 @@
#!/bin/sh
set -eo pipefail
/usr/bin/mysqldump \
{% if itop_db_server not in ['127.0.0.1','localhost'] %}
--user={{ itop_db_user }} \
--password={{ itop_db_pass | quote }} \
--host={{ itop_db_server }} \
{% if itop_db_port is defined %}
--port={{ itop_db_port }} \
{% endif %}
{% endif %}
--quick --single-transaction \
--add-drop-table {{ itop_db_name }} | zstd -c > {{ itop_root_dir }}/backup/{{ itop_db_name }}.sql.zst

79
roles/unmaintained/matomo/defaults/main.yml Normal file
View File

@@ -0,0 +1,79 @@
---
matomo_id: 1
matomo_root_dir: /opt/matomo_{{ matomo_id }}
matomo_version: 3.14.1
matomo_archive_url: https://builds.matomo.org/matomo-{{ matomo_version }}.tar.gz
matomo_archive_sha1: d27769ce98d8a8101309cf3e4a0e982df39cf37a
matomo_php_user: php-matomo_{{ matomo_id }}
matomo_manage_upgrade: True
matomo_php_version: 74
# matomo_php_fpm_pool: matomo
matomo_db_server: "{{ mysql_server | default('localhost') }}"
matomo_db_port: 3306
matomo_db_name: matomo_{{ matomo_id }}
matomo_db_user: matomo_{{ matomo_id }}
# matomo_db_pass:
# Public matomo URL
matomo_public_url: https://matomo.{{ inventory_hostname }}
# If defined, restrict access to those hosts
# matomo_src_ip:
# - 192.168.7.0/24
# If defined, will add an alias in apache conf. Else, a vhost will have to be created
# matomo_alias: matomo
# Auth settings
# This is the default settings
matomo_ldap_base:
enabled: "{{ (ldap_auth | default(False) or ad_auth | default(False)) | ternary(True,False) }}"
use_ldap_for_authentication: 1
use_webserver_auth: 1
hostname: "{{ ad_auth | default(False) | ternary('ldaps://' + ad_realm | default(samba_realm) | default(ansible_domain) | lower, ldap_uri | default('ldap://ldap' ~ ansible_domain) | regex_replace('^ldap://(.*)','ldaps://\\1')) }}"
port: ""
ldap_user_filter: "{{ ad_auth | default(False) | ternary('(&(objectCategory=person)(objectClass=user)(primaryGroupId=513))',ldap_user_object_class | default('(objectClass=inetOrgPerson)')) }}"
base_dn: "{{ ad_auth | default(False) | ternary((ad_ldap_user_search_base is defined) | ternary(ad_ldap_user_search_base,'DC=' + ad_realm | default(samba_realm) | default(ansible_domain) | regex_replace('\\.',',DC=')), ldap_user_base | default('ou=Users') + ',' + ldap_base | default(ansible_domain | regex_replace('\\.',',dc='))) }}"
ldap_user_id_field: "{{ ad_auth | default(False) | ternary('sAMAccountName', 'uid') }}"
ldap_alias_field: cn
ldap_last_name_field: sn
ldap_first_name_field: givenName
ldap_mail_field: mail
servers[]: ldap
admin_user: ""
admin_pass: ""
# And this the ones which should be overriden host_vars)
matomo_ldap: {}
# And this is the combination of both, which will be used in the role
matomo_ldap_all: "{{ matomo_ldap_base | combine(matomo_ldap) }}}"
# List of plugins which can be installed by ansible
matomo_plugins:
LoginHttpAuth:
version: 3.0.1
sha1: 5d56fb010372fa593b050796eeff7fa37f031f60
LoginLdap:
version: 4.0.8
sha1: 9f698725b8c3ff07f9feed9bfbb9b4f3f2defea6
ArchiveSite:
version: 0.1.1
sha1: f1578a585df347a5e6c4ded34db9d816ef36e8ed
CustomAlerts:
version: 3.0.6
sha1: 6e7b7cc0e290c73b2b54ae067de6761b62fb56d9
CustomDimensions:
version: 3.1.10
sha1: 6dc679652e6d5f4a1808ecd3a095de77a7fc14f4
SecurityInfo:
version: 3.0.7
sha1: 2f3bc984e979d8a977b2c580d41985455dc24128
matomo_base_plugins_to_install:
- LoginLdap
- SecurityInfo
matomo_extra_plugins_to_install: []
matomo_plugins_to_install: "{{ matomo_base_plugins_to_install + matomo_extra_plugins_to_install }}"
# Should we remove unmanaged plugins, those installed manually, not using ansible
matomo_remove_unmanaged_plugins: True

352
roles/unmaintained/matomo/files/matomo.sql Normal file
View File

File diff suppressed because one or more lines are too long

4
roles/unmaintained/matomo/handlers/main.yml Normal file
View File

@@ -0,0 +1,4 @@
---
- include: ../httpd_common/handlers/main.yml
- include: ../httpd_php/handlers/main.yml
...

4
roles/unmaintained/matomo/meta/main.yml Normal file
View File

@@ -0,0 +1,4 @@
---
dependencies:
- role: mkdir
- role: httpd_php

7
roles/unmaintained/matomo/tasks/archive_post.yml Normal file
View File

@@ -0,0 +1,7 @@
---
- import_tasks: ../includes/webapps_compress_archive.yml
vars:
- root_dir: "{{ matomo_root_dir }}"
- version: "{{ matomo_current_version }}"
tags: matomo

8
roles/unmaintained/matomo/tasks/archive_pre.yml Normal file
View File

@@ -0,0 +1,8 @@
---
- import_tasks: ../includes/webapps_archive.yml
vars:
- root_dir: "{{ matomo_root_dir }}"
- version: "{{ matomo_current_version }}"
- db_name: "{{ matomo_db_name }}"
tags: matomo

29
roles/unmaintained/matomo/tasks/cleanup.yml Normal file
View File

@@ -0,0 +1,29 @@
---
- name: Remove uneeded files
file: path={{ matomo_root_dir }}/{{ item }} state=absent
with_items:
- web/vendor/maxmind-db/reader/autoload.php
tags: matomo
- name: Remove temp files
file: path={{ matomo_root_dir }}/tmp/{{ item }} state=absent
with_items:
- matomo
- "How to install Matomo.html"
- matomo-{{ matomo_version }}.tar.gz
- matomo.sql
tags: matomo
- name: Remove plugins archives
file: path={{ matomo_root_dir }}/tmp/{{ item }}-{{ matomo_plugins[item].version }}.zip state=absent
with_items: "{{ matomo_plugins.keys() | list }}"
tags: matomo
- name: Remove obsolete files
file: path={{ item }} state=absent
loop:
- /etc/backup/pre.d/matomo_{{ matomo_id }}_pre-backup
- /etc/backup/post.d/matomo_{{ matomo_id }}_post-backup
- "{{ matomo_root_dir }}/db_dumps"
tags: matomo

140
roles/unmaintained/matomo/tasks/conf.yml Normal file
View File

@@ -0,0 +1,140 @@
---
- name: Restore configuration
copy: src={{ matomo_root_dir }}/archives/{{ matomo_current_version }}/web/config/config.ini.php dest={{ matomo_root_dir }}/web/config/config.ini.php remote_src=True
when: matomo_install_mode == "upgrade"
tags: matomo
- name: Configure Matomo
ini_file:
path: "{{ matomo_root_dir }}/web/config/config.ini.php"
option: "{{ item.option }}"
section: "{{ item.section }}"
value: "{{ item.value }}"
mode: 0660
group: "{{ matomo_php_user }}"
with_items:
- option: host
section: database
value: '"{{ matomo_db_server }}"'
- option: username
section: database
value: '"{{ matomo_db_user }}"'
- option: password
section: database
value: '"{{ matomo_db_pass }}"'
- option: dbname
section: database
value: '"{{ matomo_db_name }}"'
- option: assume_secure_protocol
section: General
value: 1
- option: salt
section: General
value: '"{{ matomo_salt }}"'
- option: enable_load_data_infile
section: General
value: 0
- option: tmp_path
section: General
value: "/../tmp"
- option: enable_auto_update
section: General
value: 0
- option: piwik_professional_support_ads_enabled
section: General
value: 0
- option: enable_fingerprinting_across_websites
section: Tracker
value: 1
- option: transport
section: mail
value: '"smtp"'
- option: host
section: mail
value: '"localhost"'
tags: matomo
- name: Configure system proxy
ini_file:
path: "{{ matomo_root_dir }}/web/config/config.ini.php"
option: "{{ item.option }}"
section: "{{ item.section }}"
value: "{{ item.value }}"
with_items:
- option: host
section: proxy
value: "{{ system_proxy | urlsplit('hostname') }}"
- option: port
section: proxy
value: "{{ system_proxy | urlsplit('port') | default('8080') }}"
when: system_proxy is defined
tags: matomo
- name: Configure reverse proxy
ini_file:
path: "{{ matomo_root_dir }}/web/config/config.ini.php"
option: "{{ item.option }}"
section: "{{ item.section }}"
value: "{{ item.value }}"
with_items:
- option: "proxy_client_headers[]"
section: General
value: '"HTTP_X_FORWARDED_FOR"'
- option: "proxy_host_headers[]"
section: General
value: '"HTTP_X_FORWARDED_HOST"'
when: httpd_src_ip is defined and httpd_src_ip | length > 0 and '0.0.0.0/0' not in httpd_src_ip
tags: matomo
- name: Configure LDAP Authentication
ini_file:
path: "{{ matomo_root_dir }}/web/config/config.ini.php"
option: "{{ item }}"
section: LoginLdap
value: "{{ (matomo_ldap_all[item] is number) | ternary(matomo_ldap_all[item],'\"' + matomo_ldap_all[item] | string + '\"') }}"
state: "{{ matomo_ldap_all.enabled | ternary('present','absent') }}"
with_items: "{{ matomo_ldap_all.keys() | list | difference(['enabled','hostname','admin_user','admin_pass','base_dn','port']) }}"
tags: matomo
- name: Configure LDAP Servers
ini_file:
path: "{{ matomo_root_dir }}/web/config/config.ini.php"
option: "{{ item }}"
section: LoginLdap_ldap
value: "{{ (matomo_ldap_all[item] is number) | ternary(matomo_ldap_all[item],'\"' + matomo_ldap_all[item] | string + '\"') }}"
state: "{{ (matomo_ldap_all.enabled and matomo_ldap_all[item] is defined) | ternary('present','absent') }}"
with_items: [hostname,port,base_dn,admin_user,admin_pass]
tags: matomo
- name: Clear cache
command: php{{ (matomo_php_version == '54') | ternary('',matomo_php_version) }} {{ matomo_root_dir }}/web/console cache:clear
changed_when: False
when: matomo_install_mode == 'upgrade'
tags: matomo
- name: Enable plugins
command: php{{ (matomo_php_version == '54') | ternary('',matomo_php_version) }} {{ matomo_root_dir }}/web/console plugin:activate {{ item }}
with_items: "{{ matomo_plugins_to_install }}"
changed_when: False
tags: matomo
- name: Update Matomo database
command: /bin/php{{ (matomo_php_version == '54') | ternary('',matomo_php_version) }} {{ matomo_root_dir }}/web/console --no-interaction core:update --yes
when: matomo_install_mode != 'none'
tags: matomo
- name: Sync LDAP users
command: php{{ (matomo_php_version == '54') | ternary('',matomo_php_version) }} {{ matomo_root_dir }}/web/console loginldap:synchronize-users
when:
- matomo_ldap_all.enabled
- '"LoginLdap" in matomo_plugins_to_install'
changed_when: False
tags: matomo
- import_tasks: ../includes/webapps_webconf.yml
vars:
- app_id: matomo_{{ glpi_id }}
- php_version: "{{ matomo_php_version }}"
- php_fpm_pool: "{{ matomo_php_fpm_pool | default('') }}"
tags: matomo

20
roles/unmaintained/matomo/tasks/directories.yml Normal file
View File

@@ -0,0 +1,20 @@
---
- name: Create directories
file: path={{ item.path }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
with_items:
- path: "{{ matomo_root_dir }}/sessions"
group: "{{ matomo_php_user }}"
mode: 770
- path: "{{ matomo_root_dir }}/tmp"
group: "{{ matomo_php_user }}"
mode: 770
- path: "{{ matomo_root_dir }}/cache"
group: "{{ matomo_php_user }}"
mode: 770
- path: "{{ matomo_root_dir }}/web"
- path: "{{ matomo_root_dir }}/meta"
mode: 700
- path: "{{ matomo_root_dir }}/backup"
mode: 700
tags: matomo

31
roles/unmaintained/matomo/tasks/facts.yml Normal file
View File

@@ -0,0 +1,31 @@
---
- import_tasks: ../includes/webapps_set_install_mode.yml
vars:
- root_dir: "{{ matomo_root_dir }}"
- version: "{{ matomo_version }}"
tags: matomo
- set_fact: matomo_install_mode={{ (install_mode == 'upgrade' and not matomo_manage_upgrade) | ternary('none',install_mode) }}
tags: matomo
- set_fact: matomo_current_version={{ current_version | default('') }}
tags: matomo
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ matomo_root_dir }}/meta/salt.txt"
tags: matomo
- set_fact: matomo_salt={{ rand_pass }}
tags: matomo
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{matomo_root_dir }}/meta/ansible_dbpass"
when: matomo_db_pass is not defined
tags: matomo
- set_fact: matomo_db_pass={{ rand_pass }}
when: matomo_db_pass is not defined
tags: matomo
- name: Combine default and custom LDAP settings
set_fact: matomo_ldap_all={{ matomo_ldap_base | combine(matomo_ldap) }}
tags: matomo

181
roles/unmaintained/matomo/tasks/install.yml Normal file
View File

@@ -0,0 +1,181 @@
---
- name: Install needed tools
yum:
name:
- unzip
- mariadb
- acl
- php{{ matomo_php_version }}-php-pecl-geoip
tags: matomo
- name: Download Matomo
get_url:
url: "{{ matomo_archive_url }}"
dest: "{{ matomo_root_dir }}/tmp/"
checksum: "sha1:{{ matomo_archive_sha1 }}"
when: matomo_install_mode != 'none'
tags: matomo
- name: Extract matomo archive
unarchive:
src: "{{ matomo_root_dir }}/tmp/matomo-{{ matomo_version }}.tar.gz"
dest: "{{ matomo_root_dir }}/tmp"
remote_src: yes
when: matomo_install_mode != 'none'
tags: matomo
- name: Check if we have the list of core plugins
stat: path={{ matomo_root_dir }}/meta/core_plugins.txt
register: matomo_core_plugins_list
tags: matomo
- name: Build a list of core plugins, which should never be removed
shell: find {{ matomo_root_dir }}/web/plugins/ -mindepth 1 -maxdepth 1 -type d -exec basename "{}" \; > {{ matomo_root_dir }}/meta/core_plugins.txt
when:
- matomo_install_mode == 'none'
- not matomo_core_plugins_list.stat.exists
changed_when: False
tags: matomo
- name: Build a list of core plugins, which should never be removed
shell: find {{ matomo_root_dir }}/tmp/matomo/plugins/ -mindepth 1 -maxdepth 1 -type d -exec basename "{}" \; > {{ matomo_root_dir }}/meta/core_plugins.txt
when: matomo_install_mode != "none"
changed_when: False
tags: matomo
- name: Remove known non core plugins from the list
lineinfile: path={{ matomo_root_dir }}/meta/core_plugins.txt regexp='^{{ item }}$' state=absent
with_items: "{{ matomo_plugins.keys() | list }}"
tags: matomo
- name: Read core plugins list
command: cat {{ matomo_root_dir }}/meta/core_plugins.txt
register: matomo_core_plugins
changed_when: False
tags: matomo
- name: List previously installed plugins
shell: find {{ matomo_root_dir }}/archives/{{ matomo_current_version }}/web/plugins/ -mindepth 1 -maxdepth 1 -type d -exec basename "{}" \;
register: matomo_previous_plugins
when: matomo_install_mode == "upgrade"
changed_when: False
tags: matomo
- name: Move matomo to the web directory
synchronize:
src: "{{ matomo_root_dir }}/tmp/matomo/"
dest: "{{ matomo_root_dir }}/web/"
recursive: True
delete: True
rsync_opts:
- '--exclude=config/config.ini.php'
delegate_to: "{{ inventory_hostname }}"
when: matomo_install_mode != "none"
tags: matomo
- name: Restore previous unmanaged plugins
synchronize:
src: "{{ matomo_root_dir }}/archives/{{ matomo_current_version }}/web/plugins/{{ item }}"
dest: "{{ matomo_root_dir }}/web/plugins/"
delegate_to: "{{ inventory_hostname }}"
recursive: True
with_items: "{{ matomo_previous_plugins.stdout_lines }}"
when:
- matomo_install_mode == 'upgrade'
- not matomo_remove_unmanaged_plugins
tags: matomo
- name: List installed plugins
shell: find {{ matomo_root_dir }}/web/plugins/ -mindepth 1 -maxdepth 1 -type d -exec basename "{}" \;
register: matomo_current_plugins
changed_when: False
tags: matomo
- name: Disable unmanaged plugins
command: php{{ (matomo_php_version == '54') | ternary('',matomo_php_version) }} {{ matomo_root_dir }}/web/console plugin:deactivate {{ item }}
with_items: "{{ matomo_current_plugins.stdout_lines }}"
when:
- item not in matomo_plugins_to_install
- item not in matomo_core_plugins.stdout
- matomo_remove_unmanaged_plugins
tags: matomo
- name: Remove unmanaged plugins
file: path={{ matomo_root_dir }}/web/plugins/{{ item }} state=absent
with_items: "{{ matomo_current_plugins.stdout_lines }}"
when:
- item not in matomo_plugins_to_install
- item not in matomo_core_plugins.stdout
- matomo_remove_unmanaged_plugins
tags: matomo
- import_tasks: ../includes/webapps_create_mysql_db.yml
vars:
- db_name: "{{ matomo_db_name }}"
- db_user: "{{ matomo_db_user }}"
- db_server: "{{ matomo_db_server }}"
- db_pass: "{{ matomo_db_pass }}"
tags: matomo
- set_fact: matomo_db_created={{ db_created }}
tags: matomo
- name: Copy the DB structure
copy: src=matomo.sql dest={{ matomo_root_dir }}/tmp/matomo.sql
when: matomo_install_mode == 'install'
tags: matomo
- name: Init the database
mysql_db:
state: import
login_host: "{{ matomo_db_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
name: "{{ matomo_db_name }}"
target: "{{ matomo_root_dir }}/tmp/matomo.sql"
when:
- matomo_install_mode == 'install'
- matomo_db_created.changed
tags: matomo
- name: Build a list of installed plugins
shell: find {{ matomo_root_dir }}/web/plugins -maxdepth 1 -mindepth 1 -type d -exec basename "{}" \;
register: matomo_installed_plugins
changed_when: False
tags: matomo
- name: Download plugins
get_url:
url: http://plugins.matomo.org/api/2.0/plugins/{{ item }}/download/{{ matomo_plugins[item].version }}
dest: "{{ matomo_root_dir }}/tmp"
checksum: "sha1:{{ matomo_plugins[item].sha1 }}"
when: item not in matomo_installed_plugins.stdout_lines
with_items: "{{ matomo_plugins_to_install }}"
tags: matomo
- name: Extract plugins
unarchive:
src: "{{ matomo_root_dir }}/tmp/{{ item }}-{{ matomo_plugins[item].version }}.zip"
dest: "{{ matomo_root_dir }}/web/plugins/"
remote_src: yes
when: item not in matomo_installed_plugins.stdout_lines
with_items: "{{ matomo_plugins_to_install }}"
tags: matomo
- name: Deploy backup scripts
template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/matomo_{{ matomo_id }} mode=750
loop:
- pre
- post
tags: matomo
- name: Setup cron task
cron:
name: matomo_{{ matomo_id }}
special_time: hourly
user: "{{ matomo_php_user }}"
job: "/bin/php{{ (matomo_php_version == '54') | ternary('',matomo_php_version) }} {{ matomo_root_dir }}/web/console core:archive --url={{ matomo_public_url }} 2>&1 | /bin/systemd-cat -t matomo_{{ matomo_id }}"
cron_file: matomo_{{ matomo_id }}
tags: matomo

31
roles/unmaintained/matomo/tasks/main.yml Normal file
View File

@@ -0,0 +1,31 @@
---
- include_tasks: user.yml
tags: always
- include_tasks: directories.yml
tags: always
- include_tasks: facts.yml
tags: always
- include_tasks: archive_pre.yml
when: matomo_install_mode | default('none') == 'upgrade'
tags: always
- include_tasks: install.yml
tags: always
- include_tasks: conf.yml
tags: always
- include_tasks: archive_post.yml
when: matomo_install_mode | default('none') == 'upgrade'
tags: always
- include_tasks: write_version.yml
tags: always
- include_tasks: cleanup.yml
tags: always

7
roles/unmaintained/matomo/tasks/user.yml Normal file
View File

@@ -0,0 +1,7 @@
---
- import_tasks: ../includes/create_system_user.yml
vars:
- user: "{{ matomo_php_user }}"
- comment: "PHP FPM for matomo {{ matomo_id }}"
tags: matomo

7
roles/unmaintained/matomo/tasks/write_version.yml Normal file
View File

@@ -0,0 +1,7 @@
---
- import_tasks: ../includes/webapps_post.yml
vars:
- root_dir: "{{ matomo_root_dir }}"
- version: "{{ matomo_version }}"
tags: matomo

24
roles/unmaintained/matomo/templates/config.ini.php.j2 Normal file
View File

@@ -0,0 +1,24 @@
[database]
host = "{{ matomo_db_server }}"
username = "{{ matomo_db_user }}"
password = "{{ matomo_db_pass }}"
dbname = "{{ matomo_db_name }}"
port = {{ matomo_db_port }}
[General]
assume_secure_protocol = 1
{% if httpd_src_ip is defined and httpd_src_ip | length > 0 and '0.0.0.0/0' not in httpd_src_ip %}
proxy_client_headers[] = "HTTP_X_FORWARDED_FOR"
proxy_host_headers[] = "HTTP_X_FORWARDED_HOST"
{% endif %}
salt = "{{ matomo_salt }}"
force_ssl = 0
assume_secure_protocol = 1
[Tracker]
enable_fingerprinting_across_websites = 1
[mail]
transport = "smtp"
host = "localhost"

32
roles/unmaintained/matomo/templates/httpd.conf.j2 Normal file
View File

@@ -0,0 +1,32 @@
{% if matomo_alias is defined %}
Alias /{{ matomo_alias }} {{ matomo_root_dir }}/web
{% else %}
# No alias defined, create a vhost to access it
{% endif %}
<Directory {{ matomo_root_dir }}/web>
AllowOverride All
Options FollowSymLinks
{% if matomo_src_ip is defined %}
Require ip {{ matomo_src_ip | join(' ') }}
{% else %}
Require all granted
{% endif %}
<FilesMatch \.php$>
SetHandler "proxy:unix:/run/php-fpm/{{ matomo_php_fpm_pool | default('matomo_' + matomo_id | string) }}.sock|fcgi://localhost"
</FilesMatch>
<FilesMatch "^(\.ansible_version|\.git.*|(README|LICENSE|AUTHORS|CHANGELOG|CONTRIBUTING|LEGALNOTICE|PRIVACY|SECURITY)(\.md)?|.*\.co?nf|\.htaccess|composer\.(json|lock))">
Require all denied
</FilesMatch>
</Directory>
<Directory {{ matomo_root_dir }}/web/config>
Require all denied
</Directory>
<Directory {{ matomo_root_dir }}/web/inc>
Require all denied
</Directory>
<Directory {{ matomo_root_dir }}/web/config>
Require all denied
</Directory>

21
roles/unmaintained/matomo/templates/perms.sh.j2 Normal file
View File

@@ -0,0 +1,21 @@
#!/bin/sh
restorecon -R {{ matomo_root_dir }}
chown root:root {{ matomo_root_dir }}
chmod 700 {{ matomo_root_dir }}
setfacl -k -b {{ matomo_root_dir }}
setfacl -m u:{{ matomo_php_user | default('apache') }}:rx,u:{{ httpd_user | default('apache') }}:rx {{ matomo_root_dir }}
chown -R root:root {{ matomo_root_dir }}/web
chown -R {{ matomo_php_user | default('apache') }} {{ matomo_root_dir }}/web/plugins
chown {{ matomo_php_user | default('apache') }} {{ matomo_root_dir }}/web/matomo.js
find {{ matomo_root_dir }}/web -type f -exec chmod 644 "{}" \;
find {{ matomo_root_dir }}/web -type d -exec chmod 755 "{}" \;
chown -R :{{ matomo_php_user }} {{ matomo_root_dir }}/web/{config,tmp,misc}/
find {{ matomo_root_dir }}/web/{config,tmp,misc} -type f -exec chmod 660 "{}" \;
find {{ matomo_root_dir }}/web/{config,tmp,misc} -type d -exec chmod 770 "{}" \;
chown -R {{ matomo_php_user }} {{ matomo_root_dir }}/tmp/*
find {{ matomo_root_dir }}/tmp/ -type f -exec chmod 660 "{}" \;
find {{ matomo_root_dir }}/tmp/ -type d -exec chmod 770 "{}" \;
chown :{{ matomo_php_user }} {{ matomo_root_dir }}/web/piwik.js
chmod 664 {{ matomo_root_dir }}/web/piwik.js

37
roles/unmaintained/matomo/templates/php.conf.j2 Normal file
View File

@@ -0,0 +1,37 @@
; {{ ansible_managed }}
[matomo_{{ matomo_id }}]
listen.owner = root
listen.group = {{ httpd_user | default('apache') }}
listen.mode = 0660
listen = /run/php-fpm/matomo_{{ matomo_id }}.sock
user = {{ matomo_php_user }}
group = {{ matomo_php_user }}
catch_workers_output = yes
pm = dynamic
pm.max_children = 15
pm.start_servers = 3
pm.min_spare_servers = 3
pm.max_spare_servers = 6
pm.max_requests = 5000
request_terminate_timeout = 60m
php_flag[display_errors] = off
php_admin_flag[log_errors] = on
php_admin_value[error_log] = syslog
php_admin_value[memory_limit] = 256M
php_admin_value[session.save_path] = {{ matomo_root_dir }}/sessions
php_admin_value[upload_tmp_dir] = {{ matomo_root_dir }}/tmp
php_admin_value[sys_temp_dir] = {{ matomo_root_dir }}/tmp
php_admin_value[post_max_size] = 2M
php_admin_value[upload_max_filesize] = 2M
php_admin_value[disable_functions] = system, show_source, symlink, exec, dl, passthru, phpinfo, escapeshellarg, escapeshellcmd
php_admin_value[open_basedir] = {{ matomo_root_dir }}
php_admin_value[max_execution_time] = 300
php_admin_value[max_input_time] = 60
php_admin_flag[allow_url_include] = off
php_admin_flag[allow_url_fopen] = on
php_admin_flag[file_uploads] = off
php_admin_flag[session.cookie_httponly] = on

3
roles/unmaintained/matomo/templates/post-backup.j2 Normal file
View File

@@ -0,0 +1,3 @@
#!/bin/sh
rm -f {{ matomo_root_dir }}/backup/*

9
roles/unmaintained/matomo/templates/pre-backup.j2 Normal file
View File

@@ -0,0 +1,9 @@
#!/bin/sh
set -eo pipefail
/usr/bin/mysqldump --user={{ matomo_db_user | quote }} \
--password={{ matomo_db_pass | quote }} \
--host={{ matomo_db_server | quote }} \
--quick --single-transaction \
--add-drop-table {{ matomo_db_name | quote }} | zstd -c > {{ matomo_root_dir }}/backup/{{ matomo_db_name }}.sql.zst

31
roles/unmaintained/matrix_riot/defaults/main.yml Normal file
View File

@@ -0,0 +1,31 @@
---
# Only change several instances are deployed on the same server
# in which case you must also set a different riot_root_dir
riot_id: riot
# Version to deploy, and expected sha1
riot_version: 1.7.14
# sha1sum of the tar.gz
riot_archive_sha1: 1f2d304bfa27ae3a67f21e5d1b527a71811623ff
# Where to install riot
riot_root_dir: /opt/matrix/riot
# Default servers
# riot_default_home_server: https://matrix.org
riot_default_identity_server: https://vector.im
# Should ansible manage upgrades or only initial install
riot_manage_upgrade: True
# Should a alilas be created, eg riot to access it on /riot
# riot_web_alias: riot
# Optional list of allowed IP address. If undefined, everyone can access it
# riot_allowed_ip:
# - 12.13.14.15
# - 16.17.18.19
# Jitsi server to use
# riot_jitsi_server: jitsi.example.net

3
roles/unmaintained/matrix_riot/handlers/main.yml Normal file
View File

@@ -0,0 +1,3 @@
---
- include: ../httpd_common/handlers/main.yml
...

3
roles/unmaintained/matrix_riot/meta/main.yml Normal file
View File

@@ -0,0 +1,3 @@
---
dependencies:
- role: httpd_common

9
roles/unmaintained/matrix_riot/tasks/archive_post.yml Normal file
View File

@@ -0,0 +1,9 @@
---
- import_tasks: ../includes/webapps_compress_archive.yml
vars:
- root_dir: "{{ riot_root_dir }}"
- version: "{{ riot_current_version }}"
when: riot_install_mode == 'upgrade'
tags: matrix

7
roles/unmaintained/matrix_riot/tasks/archive_pre.yml Normal file
View File

@@ -0,0 +1,7 @@
---
- import_tasks: ../includes/webapps_archive.yml
vars:
- root_dir: "{{ riot_root_dir }}"
- version: "{{ riot_current_version }}"
tags: matrix

8
roles/unmaintained/matrix_riot/tasks/cleanup.yml Normal file
View File

@@ -0,0 +1,8 @@
---
- name: Remove temp files
file: path={{ riot_root_dir }}/tmp/{{ item }} state=absent
with_items:
- riot-v{{ riot_version }}.tar.gz
- riot-v{{ riot_version }}
tags: matrix

15
roles/unmaintained/matrix_riot/tasks/conf.yml Normal file
View File

@@ -0,0 +1,15 @@
---
- name: Remove sample config file
file: path={{ riot_root_dir }}/web/config.sample.json state=absent
tags: matrix
- name: Deploy configuration
template: src=config.json.j2 dest={{ riot_root_dir }}/web/config.json
tags: matrix
- name: Deploy httpd configuration
template: src=httpd.conf.j2 dest=/etc/httpd/ansible_conf.d/10-riot_{{ riot_id }}.conf
notify: reload httpd
tags: matrix

11
roles/unmaintained/matrix_riot/tasks/directories.yml Normal file
View File

@@ -0,0 +1,11 @@
---
- name: Create directory structure
file: path={{ riot_root_dir }}/{{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
with_items:
- dir: tmp
- dir: archives
mode: 700
- dir: meta
mode: 700
tags: matrix

12
roles/unmaintained/matrix_riot/tasks/facts.yml Normal file
View File

@@ -0,0 +1,12 @@
---
- import_tasks: ../includes/webapps_set_install_mode.yml
vars:
- root_dir: "{{ riot_root_dir }}"
- version: "{{ riot_version }}"
tags: matrix
- set_fact: riot_install_mode={{ (install_mode == 'upgrade' and not riot_manage_upgrade) | ternary('none',install_mode) }}
tags: matrix
- set_fact: riot_current_version={{ current_version | default('') }}
tags: matrix

28
roles/unmaintained/matrix_riot/tasks/install.yml Normal file
View File

@@ -0,0 +1,28 @@
---
- name: Download Riot
get_url:
url: "https://github.com/vector-im/riot-web/releases/download/v{{ riot_version }}/riot-v{{ riot_version }}.tar.gz"
dest: "{{ riot_root_dir }}/tmp/"
checksum: "sha1:{{ riot_archive_sha1 }}"
when: riot_install_mode != 'none'
tags: matrix
- name: Extract riot archive
unarchive:
src: "{{ riot_root_dir }}/tmp/riot-v{{ riot_version }}.tar.gz"
dest: "{{ riot_root_dir }}/tmp/"
remote_src: True
when: riot_install_mode != 'none'
tags: matrix
- name: Move the content of riot to the correct top directory
synchronize:
src: "{{ riot_root_dir }}/tmp/riot-v{{ riot_version }}/"
dest: "{{ riot_root_dir }}/web/"
recursive: True
delete: True
delegate_to: "{{ inventory_hostname }}"
when: riot_install_mode != 'none'
tags: matrix

13
roles/unmaintained/matrix_riot/tasks/main.yml Normal file
View File

@@ -0,0 +1,13 @@
---
- include: facts.yml
- include: directories.yml
- include: archive_pre.yml
when: riot_install_mode == 'upgrade'
- include: install.yml
- include: conf.yml
- include: archive_post.yml
when: riot_install_mode == 'upgrade'
- include: write_version.yml
- include: cleanup.yml

7
roles/unmaintained/matrix_riot/tasks/write_version.yml Normal file
View File

@@ -0,0 +1,7 @@
---
- import_tasks: ../includes/webapps_post.yml
vars:
- root_dir: "{{ riot_root_dir }}"
- version: "{{ riot_version }}"
tags: matrix

30
roles/unmaintained/matrix_riot/templates/config.json.j2 Normal file
View File

@@ -0,0 +1,30 @@
{
"default_hs_url": "{{ riot_default_home_server | default('https://' + synapse_server_name) | default('https://matrix.org') }}",
"default_is_url": "{{ riot_default_identity_server }}",
"brand": "Riot",
"integrations_ui_url": "https://scalar.vector.im/",
"integrations_rest_url": "https://scalar.vector.im/api",
"integrations_widgets_urls": [
"https://scalar.vector.im/_matrix/integrations/v1",
"https://scalar.vector.im/api",
"https://scalar-staging.vector.im/_matrix/integrations/v1",
"https://scalar-staging.vector.im/api",
"https://scalar-staging.riot.im/scalar/api"
],
"bug_report_endpoint_url": "https://riot.im/bugreports/submit",
"enableLabs": true,
"roomDirectory": {
"servers": [
"matrix.org"
]
},
"welcomeUserId": "@riot-bot:matrix.org",
"piwik": {
},
{% if riot_jitsi_server is defined %}
"jitsi": {
"preferredDomain": "{{ riot_jitsi_server }}"
},
{% endif %}
"happyJson": true
}

14
roles/unmaintained/matrix_riot/templates/httpd.conf.j2 Normal file
View File

@@ -0,0 +1,14 @@
{% if riot_web_alias is defined %}
Alias /{{ riot_web_alias }} {{ riot_root_dir }}/web
{% else %}
# No alias defined, create a vhost to access it
{% endif %}
<Directory {{ riot_root_dir }}/web>
AllowOverride None
Options None
{% if riot_allowed_ip is defined %}
Require ip {{ riot_allowed_ip | join(' ') }}
{% else %}
Require all granted
{% endif %}
</Directory>

5
roles/unmaintained/matrix_riot/templates/perms.sh.j2 Normal file
View File

@@ -0,0 +1,5 @@
#!/bin/sh
chown -R root:root {{ riot_root_dir }}
find {{ riot_root_dir }}/web -type f -exec chmod 644 "{}" \;
find {{ riot_root_dir }}/web -type d -exec chmod 755 "{}" \;