Update to 2021-12-01 19:13

roles/documize/tasks/archive_post.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Compress previous version
+  command: tar cf {{ documize_root_dir }}/archives/{{ documize_current_version }}.tar.zst --use-compress-program=zstd ./
+  args:
+    chdir: "{{ documize_root_dir }}/archives/{{ documize_current_version }}"
+    warn: False
+  environment:
+    ZSTD_CLEVEL: 10
+  tags: documize

roles/documize/tasks/archive_pre.yml

@@ -0,0 +1,41 @@
+---
+
+- name: Create the archive dir
+  file: path={{ documize_root_dir }}/archives/{{ documize_current_version }} state=directory
+  tags: documize
+
+- name: Backup previous version
+  copy: src={{ documize_root_dir }}/bin/documize dest={{ documize_root_dir }}/archives/{{ documize_current_version }}/ remote_src=True
+  tags: documize
+
+- name: Backup the database
+  command: >
+    /usr/pgsql-14/bin/pg_dump
+    --clean
+    --create
+    --host={{ documize_db_server }}
+    --port={{ documize_db_port }}
+    --username={{ documize_db_user }}
+    {{ documize_db_name }}
+    --file={{ documize_root_dir }}/archives/{{ documize_current_version }}/{{ documize_db_name }}.sql
+  environment:
+    - PGPASSWORD: "{{ documize_db_pass }}"
+  when: documize_db_engine == 'postgres'
+  tags: documize
+
+- name: Archive the database
+  mysql_db:
+    state: dump
+    name: "{{ documize_db_name }}"
+    target: "{{ documize_root_dir }}/archives/{{ documize_current_version }}/{{ documize_db_name }}.sql.xz"
+    login_host: "{{ documize_db_server | default(mysql_server) }}"
+    login_user: sqladmin
+    login_password: "{{ mysql_admin_pass }}"
+    quick: True
+    single_transaction: True
+  environment:
+    XZ_OPT: -T0
+  when: documize_db_engine == 'mysql'
+  tags: documize
+
+

roles/documize/tasks/cleanup.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Remove tmp and obsolete files
+  file: path={{ item }} state=absent
+  loop:
+    - "{{ documize_root_dir }}/archives/{{ documize_current_version }}"
+  tags: documize

roles/documize/tasks/conf.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Deploy documize configuration
+  template: src=documize.conf.j2 dest={{ documize_root_dir }}/etc/documize.conf group={{ documize_user }} mode=640
+  notify: restart documize
+  tags: documize

roles/documize/tasks/directories.yml

@@ -0,0 +1,20 @@
+---
+
+- name: Create needed directories
+  file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
+  loop:
+    - dir: "{{ documize_root_dir }}"
+    - dir: "{{ documize_root_dir }}/tmp"
+      group: "{{ documize_user }}"
+      mode: 770
+    - dir: "{{ documize_root_dir }}/bin"
+    - dir: "{{ documize_root_dir }}/etc"
+      group: "{{ documize_user }}"
+      mode: 750
+    - dir: "{{ documize_root_dir }}/meta"
+      mode: 700
+    - dir: "{{ documize_root_dir }}/backup"
+      mode: 700
+    - dir: "{{ documize_root_dir }}/archives"
+      mode: 700
+  tags: documize

roles/documize/tasks/facts.yml

@@ -0,0 +1,33 @@
+---
+
+# Detect installed version (if any)
+- block:
+    - import_tasks: ../includes/webapps_set_install_mode.yml
+      vars:
+        - root_dir: "{{ documize_root_dir }}"
+        - version: "{{ documize_version }}"
+    - set_fact: documize_install_mode={{ (install_mode == 'upgrade' and not documize_manage_upgrade) | ternary('none',install_mode) }}
+    - set_fact: documize_current_version={{ current_version | default('') }}
+  tags: documize
+
+# Create a random pass for the DB if needed
+- block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: "{{ documize_root_dir }}/meta/ansible_db_pass"
+        - complex: False
+    - set_fact: documize_db_pass={{ rand_pass }}
+  when: documize_db_pass is not defined
+  tags: documize
+
+# Create a random salt if needed
+- block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: "{{ documize_root_dir }}/meta/ansible_salt"
+        - complex: False
+        - pass_size: 17
+    - set_fact: documize_salt={{ rand_pass }}
+  when: documize_salt is not defined
+  tags: documize
+

roles/documize/tasks/install.yml

@@ -0,0 +1,72 @@
+---
+
+- name: Install needed tools
+  package:
+    name:
+      - tar
+      - zstd
+      - postgresql14
+  tags: documize
+
+- name: Download documize
+  get_url:
+    url: "{{ documize_bin_url }}"
+    dest: "{{ documize_root_dir }}/bin/documize"
+    checksum: sha1:{{ documize_bin_sha1 }}
+    mode: 755
+  when: documize_install_mode != 'none'
+  notify: restart documize
+  tags: documize
+
+- name: Install systemd unit
+  template: src=documize.service.j2 dest=/etc/systemd/system/documize.service
+  notify: restart documize
+  register: documize_unit
+  tags: documize
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when: documize_unit.changed
+  tags: documize
+
+- when: documize_db_engine == 'postgres'
+  block:
+    - name: Create the PostgreSQL role
+      postgresql_user:
+        db: postgres
+        name: "{{ miniflux_db_user }}"
+        password: "{{ miniflux_db_pass }}"
+        login_host: "{{ miniflux_db_server }}"
+        login_user: sqladmin
+        login_password: "{{ pg_admin_pass }}"
+    
+    - name: Create the PostgreSQL database
+      postgresql_db:
+        name: "{{ miniflux_db_name }}"
+        encoding: UTF-8
+        lc_collate: C
+        lc_ctype: C
+        template: template0
+        owner: "{{ miniflux_db_user }}"
+        login_host: "{{ miniflux_db_server }}"
+        login_user: sqladmin
+        login_password: "{{ pg_admin_pass }}"
+
+  tags: miniflux
+
+  # Create MySQL database
+- when: documize_db_engine == 'mysql'
+  import_tasks: ../includes/webapps_create_mysql_db.yml
+  vars:
+    - db_name: "{{ documize_db_name }}"
+    - db_user: "{{ documize_db_user }}"
+    - db_server: "{{ documize_db_server }}"
+    - db_pass: "{{ documize_db_pass }}"
+  tags: documize
+
+- name: Deploy backup hooks
+  template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/documize mode=700
+  loop:
+    - pre
+    - post
+  tags: documize

roles/documize/tasks/iptables.yml

@@ -0,0 +1,8 @@
+---
+
+- name:  Handle documize port in the firewall
+  iptables_raw:
+    name: documize_port
+    state: "{{ (documize_src_ip | length > 0) | ternary('present','absent') }}"
+    rules: "-A INPUT -m state --state NEW -p tcp --dport {{ documize_port }} -s {{ documize_src_ip | join(',') }} -j ACCEPT"
+  tags: firewall,documize

roles/documize/tasks/main.yml

@@ -0,0 +1,16 @@
+---
+
+- include: user.yml
+- include: directories.yml
+- include: facts.yml
+- include: archive_pre.yml
+  when: documize_install_mode == 'upgrade'
+- include: install.yml
+- include: conf.yml
+- include: iptables.yml
+  when: iptables_manage | default(True)
+- include: services.yml
+- include: write_version.yml
+- include: archive_post.yml
+  when: documize_install_mode == 'upgrade'
+- include: cleanup.yml

roles/documize/tasks/services.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Start and enable the service
+  service: name=documize state=started enabled=True
+  register: documize_started
+  tags: documize
+

roles/documize/tasks/user.yml

@@ -0,0 +1,5 @@
+---
+
+- name: Create user account
+  user: name={{ documize_user }} system=True shell=/sbin/nologin home={{ documize_root_dir }}
+  tags: documize

roles/documize/tasks/write_version.yml

@@ -0,0 +1,5 @@
+---
+
+- name: Write installed version
+  copy: content={{ documize_version }} dest={{ documize_root_dir }}/meta/ansible_version
+  tags: documize