Update to 2021-12-01 19:13

roles/ethercalc/defaults/main.yml

@@ -0,0 +1,32 @@
+---
+
+# A unique ID is needed for each ethercalc instance
+# You can deploy several instances on the same machine
+ethercalc_id: 1
+
+# Path where ethercalc will be installed
+# You also need to choose e different root_dir for each instance
+ethercalc_root_dir: /opt/ethercalc_{{ ethercalc_id }}
+
+# User account/group under which the daemon will run. Will be created if needed
+ethercalc_user: ethercalc_{{ ethercalc_id }}
+ethercalc_group: "{{ ethercalc_user }}"
+
+# Port on which ethercalc should bind
+ethercalc_port: 8000
+
+# Optionally restrict source IP which will be allowed to connect
+# Undefined or an empty list means no access.
+ethercalc_src_ip:
+  - 0.0.0.0/0
+
+# This is the time for which inactive calc will be kept
+ethercalc_expire: 15552000
+
+# URI of the git repository
+ethercalc_git_uri: https://github.com/audreyt/ethercalc.git
+
+# Version to deploy
+ethercalc_version: HEAD
+
+...

roles/ethercalc/handlers/main.yml

@@ -0,0 +1,4 @@
+---
+- include: ../common/handlers/main.yml
+- name: restart ethercalc
+  service: name=ethercalc_{{ ethercalc_id }} state=restarted enabled=yes

roles/ethercalc/meta/main.yml

@@ -0,0 +1,4 @@
+---
+allow_duplicates: true
+...
+

roles/ethercalc/tasks/main.yml

@@ -0,0 +1,69 @@
+---
+
+- name: Install dependencies
+  yum:
+    name:
+      - nodejs
+      - npm
+      - git
+      - gcc-c++
+      - make
+  tags: ethercalc
+
+- name: Create user account
+  user: name={{ ethercalc_user }} home={{ ethercalc_root_dir }} shell=/bin/bash state=present
+  tags: ethercalc
+
+- name: Clone / Update Ethercalc repository
+  git:
+    repo: "{{ ethercalc_git_uri }}"
+    dest: "{{ ethercalc_root_dir }}/app"
+    version: "{{ ethercalc_version}}"
+  become_user: "{{ ethercalc_user }}"
+  register: ethercalc_git
+  notify: restart ethercalc
+  become: "{{ ethercalc_user }}"
+  tags: ethercalc
+
+- name: Install Ethercalc
+  command: npm i
+  args:
+    chdir: "{{ ethercalc_root_dir }}/app"
+  when: ethercalc_git.changed
+  tags: ethercalc
+
+- name: Install systemd unit
+  template: src=ethercalc.service.j2 dest=/etc/systemd/system/ethercalc_{{ ethercalc_id }}.service
+  notify: restart ethercalc
+  register: ethercalc_unit
+  tags: ethercalc
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when: ethercalc_unit.changed
+  tags: ethercalc
+
+- name: Handle Ethercalc port
+  iptables_raw:
+    name: ethercalc_{{ ethercalc_id }}_port
+    state: "{{ (ethercalc_src_ip is defined and ethercalc_src_ip | length > 0) | ternary('present','absent') }}"
+    rules: "-A INPUT -m state --state NEW -p tcp --dport {{ ethercalc_port }} -s {{ ethercalc_src_ip | join(',') }} -j ACCEPT"
+  when: iptables_manage | default(True)
+  tags: ethercalc,firewall
+
+- import_tasks: ../includes/get_rand_pass.yml
+  vars:
+    - pass_file: "{{ ethercalc_root_dir }}/key.txt"
+  tags: ethercalc
+- set_fact: ethercalc_key={{ rand_pass }}
+  tags: ethercalc
+
+- name: Create the env file for systemd
+  template: src=env.j2 dest={{ ethercalc_root_dir }}/env owner={{ ethercalc_user }} mode=640
+  tags: ethercalc
+
+- name: Start and enable the service
+  service: name=ethercalc_{{ ethercalc_id }} state=started enabled=True
+  tags: ethercalc
+
+...

roles/ethercalc/templates/env.j2

@@ -0,0 +1,2 @@
+KEY={{ ethercalc_key }}
+NODE_ENV=production

roles/ethercalc/templates/ethercalc.service.j2

@@ -0,0 +1,21 @@
+[Unit]
+Description=Ethercalc ({{ ethercalc_id }} Instance)
+After=syslog.target network.target redis.service
+
+[Service]
+Type=simple
+User={{ ethercalc_user }}
+Group={{ ethercalc_group }}
+ExecStart={{ ethercalc_root_dir }}/app/bin/ethercalc --host 0.0.0.0 --port {{ ethercalc_port }} --expire {{ ethercalc_expire }} --key=${KEY}
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+MemoryLimit=512M
+SyslogIdentifier=ethercalc-{{ ethercalc_id }}
+Restart=on-failure
+EnvironmentFile={{ ethercalc_root_dir }}/env
+
+[Install]
+WantedBy=multi-user.target