Update to 2021-12-01 19:13

roles/etherpad/defaults/main.yml

@@ -0,0 +1,47 @@
+---
+
+# You can install several instances of etherpad on the same server
+# They should each get their own ID and port
+etherpad_id: 1
+# Where etherpad will be installed
+etherpad_root_dir: /opt/etherpad_{{ etherpad_id }}
+# Unix account under which etherpad will run. The user will be created if it doesn't exist
+etherpad_user: etherpad_{{ etherpad_id }}
+# Version to deploy
+etherpad_version: 1.8.16
+# URL from where the archive will be downloaded
+etherpad_archive_url: https://github.com/ether/etherpad-lite/archive/{{ etherpad_version }}.tar.gz
+# Expected sha1 of the archive, to check the download were OK
+etherpad_archive_sha1: 048801cdcf597a1b3b14c7ef560daa839e836435
+# Port on which the service will listen
+etherpad_port: 9003
+# List of IP/CIDR for which the port will be opened (if iptables_manage == True)
+etherpad_src_ip: []
+
+# Etherpad uses a MySQL compatible database
+etherpad_db_name: etherpad_{{ etherpad_id }}
+etherpad_db_user: etherpad_{{ etherpad_id }}
+etherpad_db_port: 3306
+etherpad_db_server: "{{mysql_server | default('localhost') }}"
+# A random one is generated if not defined, and stored under {{ etherpad_root_dir }}/meta/ansible_dbpass
+# etherpad_db_pass: s3cr3t.
+
+# Page title
+etherpad_title: Etherpad
+# Default theme
+etherpad_theme: colibris
+
+# Admin password
+# A random one will be created if not defined, and stored under {{ etherpad_root_dir }}/meta/ansible_admin_pass
+# etherpad_admin_pass: p@ssw0rd
+# The API Key
+# A random one will be created if not defined, and stored under {{ etherpad_root_dir }}/meta/ansible_api_key
+# etherpad_api_key: 123456
+
+# List of plugins to install
+etherpad_plugins_base:
+  - adminpads
+  - delete_after_delay
+  - delete_empty_pads
+etherpad_plugins_extra: []
+etherpad_plugins: "{{ etherpad_plugins_base + etherpad_plugins_extra }}"

roles/etherpad/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+
+- name: restart etherpad
+  service: name=etherpad_{{ etherpad_id }} state=restarted
+  when: not etherpad_started.changed
+

roles/etherpad/meta/main.yml

@@ -0,0 +1,6 @@
+---
+
+dependencies:
+  - role: repo_nodejs
+  - role: mysql_server
+    when: etherpad_db_server in ['localhost','127.0.0.1']

roles/etherpad/tasks/archive_post.yml

@@ -0,0 +1,9 @@
+---
+
+- import_tasks: ../includes/webapps_compress_archive.yml
+  vars:
+    - root_dir: "{{ etherpad_root_dir }}"
+    - version: "{{ current_version }}"
+  when: install_mode == 'upgrade'
+  tags: etherpad
+

roles/etherpad/tasks/archive_pre.yml

@@ -0,0 +1,28 @@
+---
+
+- name: Create archive dir
+  file: path={{ etherpad_root_dir }}/archives/{{ etherpad_current_version }} state=directory mode=700
+  tags: etherpad
+
+- name: Archive previous version
+  synchronize:
+    src: "{{ etherpad_root_dir }}/{{ etherpad_web_dir.stat.exists | ternary('web','app') }}" # previous versions were installed in the web subdir, now in app)
+    dest: "{{ etherpad_root_dir }}/archives/{{ etherpad_current_version }}/"
+    compress: False
+    delete: True
+  delegate_to: "{{ inventory_hostname }}"
+  tags: etherpad
+
+- name: Dump the database
+  mysql_db:
+    state: dump
+    name: "{{ etherpad_db_name }}"
+    target: "{{ etherpad_root_dir }}/archives/{{ etherpad_current_version }}/{{ etherpad_db_name }}.sql.xz"
+    login_host: "{{ etherpad_db_server | default(mysql_server) }}"
+    login_user: "{{ etherpad_db_user }}"
+    login_password: "{{ etherpad_db_pass }}"
+    quick: True
+    single_transaction: True
+  environment:
+    XZ_OPT: -T0
+  tags: etherpad

roles/etherpad/tasks/cleanup.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Remove temp and obsolete files
+  file: path={{ etherpad_root_dir }}/{{ item }} state=absent
+  loop:
+    - tmp/etherpad-lite-{{ etherpad_version }}
+    - tmp/etherpad-lite-{{ etherpad_version }}.tar.gz
+    - web
+    - db_dumps
+  tags: etherpad

roles/etherpad/tasks/conf.yml

@@ -0,0 +1,15 @@
+---
+
+- name: Configure random keys
+  copy: content={{ item.value }} dest={{ etherpad_root_dir }}/app/{{ item.file }} owner={{ etherpad_user }} group={{ etherpad_user }} mode=600
+  loop:
+    - file: SESSIONKEY.txt
+      value: "{{ etherpad_session_key }}"
+    - file: APIKEY.txt
+      value: "{{ etherpad_api_key }}"
+  tags: etherpad
+
+- name: Deploy service configuration
+  template: src=settings.json.j2 dest={{ etherpad_root_dir }}/app/settings.json
+  notify: restart etherpad
+  tags: etherpad

roles/etherpad/tasks/directories.yml

@@ -0,0 +1,18 @@
+---
+
+- name: Create directories
+  file: path={{ etherpad_root_dir }}/{{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
+  loop:
+    - dir: meta
+      mode: 700
+    - dir: tmp
+      mode: 770
+      group: "{{ etherpad_user }}"
+    - dir: backup
+      mode: 700
+    - dir: archives
+      mode: 700
+    - dir: app
+      owner: "{{ etherpad_user }}"
+  tags: etherpad
+

roles/etherpad/tasks/facts.yml

@@ -0,0 +1,46 @@
+---
+
+- block:
+    - import_tasks: ../includes/webapps_set_install_mode.yml
+      vars:
+        root_dir: "{{ etherpad_root_dir }}"
+        version: "{{ etherpad_version }}"
+    - set_fact: etherpad_install_mode={{ install_mode }}
+    - set_fact: etherpad_current_version={{ current_version | default('') }}
+  tags: etherpad
+
+- when: etherpad_db_pass is not defined
+  block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: "{{etherpad_root_dir }}/meta/ansible_dbpass"
+    - set_fact: etherpad_db_pass={{ rand_pass }}
+  tags: etherpad
+
+- block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: "{{etherpad_root_dir }}/meta/ansible_session_key"
+    - set_fact: etherpad_session_key={{ rand_pass }}
+  tags: etherpad
+
+- when: etherpad_api_key is not defined
+  block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: "{{etherpad_root_dir }}/meta/ansible_api_key"
+    - set_fact: etherpad_api_key={{ rand_pass }}
+  tags: etherpad
+
+- when: etherpad_admin_pass is not defined
+  block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: "{{etherpad_root_dir }}/meta/ansible_admin_pass"
+    - set_fact: etherpad_admin_pass={{ rand_pass }}
+  tags: etherpad
+
+- name: Check if web dir exists
+  stat: path={{ etherpad_root_dir }}/web
+  register: etherpad_web_dir
+  tags: etherpad

roles/etherpad/tasks/install.yml

@@ -0,0 +1,78 @@
+---
+
+- name: Install dependencies
+  yum:
+    name:
+      - nodejs
+  notify: restart etherpad
+  tags: etherpad
+
+- when: etherpad_install_mode != 'none'
+  block:
+    - name: Download etherpad
+      get_url:
+        url: "{{ etherpad_archive_url }}"
+        dest: "{{ etherpad_root_dir }}/tmp"
+        checksum: "sha1:{{ etherpad_archive_sha1 }}"
+    
+    - name: Extract etherpad
+      unarchive:
+        src: "{{ etherpad_root_dir }}/tmp/etherpad-lite-{{ etherpad_version }}.tar.gz"
+        dest: "{{ etherpad_root_dir }}/tmp/"
+        remote_src: True
+    
+    - name: Move etherpad to its correct dir
+      synchronize:
+        src: "{{ etherpad_root_dir }}/tmp/etherpad-lite-{{ etherpad_version }}/"
+        dest: "{{ etherpad_root_dir }}/app/"
+        recursive: True
+        delete: True
+        compress: False
+      delegate_to: "{{ inventory_hostname }}"
+      become_user: "{{ etherpad_user }}"
+
+  tags: etherpad
+
+- name: Install node modules
+  npm:
+    path: "{{ etherpad_root_dir }}/app/src"
+    state: "{{ (etherpad_install_mode == 'none') | ternary('present','latest') }}"
+  become_user: "{{ etherpad_user }}"
+  notify: restart etherpad
+  tags: etherpad
+
+- name: Install plugins
+  npm:
+    name: ep_{{ item }}
+    path: "{{ etherpad_root_dir }}/app/src"
+    state: "{{ (etherpad_install_mode == 'none') | ternary('present','latest') }}"
+  loop: "{{ etherpad_plugins }}"
+  become_user: "{{ etherpad_user }}"
+  notify: restart etherpad
+  tags: etherpad
+
+- import_tasks: ../includes/webapps_create_mysql_db.yml
+  vars:
+    - db_name: "{{ etherpad_db_name }}"
+    - db_user: "{{ etherpad_db_user }}"
+    - db_server: "{{ etherpad_db_server }}"
+    - db_pass: "{{ etherpad_db_pass }}"
+  tags: etherpad
+
+- name: Deploy systemd unit
+  template: src=etherpad.service.j2 dest=/etc/systemd/system/etherpad_{{ etherpad_id }}.service
+  register: etherpad_unit
+  notify: restart etherpad
+  tags: etherpad
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when: etherpad_unit.changed
+  tags: etherpad
+
+- name: Deploy pre/post backup scripts
+  template: src={{ item }}_backup.sh.j2 dest=/etc/backup/{{ item }}.d/etherpad_{{ etherpad_id }}.sh mode=750
+  loop:
+    - pre
+    - post
+  tags: etherpad

roles/etherpad/tasks/iptables.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Handle Etherpad port
+  iptables_raw:
+    name: etherpad_{{ etherpad_id }}_port
+    state: "{{ (etherpad_src_ip | length > 0) | ternary('present','absent') }}"
+    rules: "-A INPUT -m state --state NEW -p tcp --dport {{ etherpad_port }} -s {{ etherpad_src_ip | join(',') }} -j ACCEPT"
+  when: iptables_manage | default(True)
+  tags: etherpad
+

roles/etherpad/tasks/main.yml

@@ -0,0 +1,17 @@
+---
+
+- include: user.yml
+- include: directories.yml
+- include: facts.yml
+- include: archive_pre.yml
+  when: etherpad_install_mode == 'upgrade'
+- include: install.yml
+- include: conf.yml
+- include: iptables.yml
+  when: iptables_manage | default(True)
+- include: service.yml
+- include: write_version.yml
+- include: archive_post.yml
+  when: etherpad_install_mode == 'upgrade'
+- include: cleanup.yml
+

roles/etherpad/tasks/service.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Start and enable the service
+  service: name=etherpad_{{ etherpad_id }} state=started enabled=True
+  register: etherpad_started
+  tags: etherpad
+

roles/etherpad/tasks/user.yml

@@ -0,0 +1,7 @@
+---
+
+- import_tasks: ../includes/create_system_user.yml
+  vars:
+    user: "{{ etherpad_user }}"
+    home: "{{ etherpad_root_dir }}"
+  tags: etherpad

roles/etherpad/tasks/write_version.yml

@@ -0,0 +1,8 @@
+---
+
+- import_tasks: ../includes/webapps_post.yml
+  vars:
+    - root_dir: "{{ etherpad_root_dir }}"
+    - version: "{{ etherpad_version }}"
+  tags: etherpad
+

roles/etherpad/templates/etherpad.service.j2

@@ -0,0 +1,24 @@
+[Unit]
+Description=Etherpad ({{ etherpad_id }} Instance)
+After=syslog.target network.target
+
+[Service]
+Type=simple
+User={{ etherpad_user }}
+Group={{ etherpad_user }}
+WorkingDirectory={{ etherpad_root_dir }}/app
+ExecStart=/usr/bin/node ./src/node/server.js
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+MemoryLimit=1024M
+SyslogIdentifier=etherpad-{{ etherpad_id }}
+Restart=always
+Environment=NODE_ENV=production
+StartLimitInterval=0
+RestartSec=20
+
+[Install]
+WantedBy=multi-user.target

roles/etherpad/templates/perms.sh.j2

@@ -0,0 +1,7 @@
+#!/bin/bash -e
+
+restorecon -R {{ etherpad_root_dir }}
+chown -R {{ etherpad_user }}:{{ etherpad_user }} {{ etherpad_root_dir }}/app
+find {{ etherpad_root_dir }}/app -type f -exec chmod 644 "{}" \;
+find {{ etherpad_root_dir }}/app -type d -exec chmod 755 "{}" \;
+chmod 600 {{ etherpad_root_dir }}/app/{settings.json,SESSIONKEY.txt,APIKEY.txt}

roles/etherpad/templates/post_backup.sh.j2

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+rm -f {{ etherpad_root_dir }}/backup/*

roles/etherpad/templates/pre_backup.sh.j2

@@ -0,0 +1,12 @@
+#!/bin/sh
+
+set -eo pipefail
+
+/usr/bin/mysqldump \
+{% if etherpad_db_server not in ['localhost', '127.0.0.1'] %}
+  --user={{ etherpad_db_user }} \
+  --password={{ etherpad_db_pass | quote }} \
+  --host={{ etherpad_db_server }} \
+{% endif %}
+  --quick --single-transaction \
+  --add-drop-table {{ etherpad_db_name }} | zstd -c > {{ etherpad_root_dir }}/backup/{{ etherpad_db_name }}.sql.zst

roles/etherpad/templates/settings.json.j2

@@ -0,0 +1,32 @@
+{
+  "title" : "{{ etherpad_title }}",
+  "skinName" : "{{ etherpad_theme }}",
+  "port" : {{ etherpad_port }},
+  "showSettingsInAdminPage" : false,
+  "dbType" : "mysql",
+  "dbSettings" : {
+    "user" : "{{ etherpad_db_user }}",
+    "host" : "{{ etherpad_db_server }}",
+    "port" : {{ etherpad_db_port }},
+    "password" : "{{ etherpad_db_pass }}",
+    "database" : "{{ etherpad_db_name }}",
+    "charset" : "utf8mb4"
+  },
+  "defaultPadText" : "",
+  "socketTransportProtocols" : ["websocket", "xhr-polling", "jsonp-polling", "htmlfile"],
+  "allowUnknownFileEnds" : false,
+  "trustProxy" : true,
+  "users": {
+    "admin": {
+      "password" : "{{ etherpad_admin_pass }}",
+      "is_admin" : true
+    }
+  },
+  "ep_delete_after_delay": {
+    "delay" : 2592000,
+    "loop" : true,
+    "loopDelay" : 3600,
+    "deleteAtStart" : true,
+    "text" : ""
+  }
+}