Update to 2021-12-01 19:13

roles/n8n/defaults/main.yml

@@ -0,0 +1,66 @@
+---
+
+# Version to deploy
+n8n_version: 0.145.0
+# Root directory where n8n will be installed
+n8n_root_dir: /opt/n8n
+# User account under which n8n will run
+n8n_user: n8n
+# Should ansible manage upgrades ? If False, only the initial install will be handled
+n8n_manage_upgrade: True
+
+# Port on which n8n will bind to expose its web interface
+n8n_port: 8021
+# List of IP / CIDR allowed to access n8n_port
+n8n_src_ip: []
+
+n8n_db_server: "{{ mysql_server | default('localhost') }}"
+n8n_db_port: 3306
+n8n_db_name: n8n
+n8n_db_user: n8n
+# If not defined, a random one will be created and stored in the {{ n8n_root_dir }}/meta/ansible_dbpass
+#n8n_db_pass: S3cR3t.
+
+# Config dfirectives, will be translated to json in {{ n8n_root_dir }}/etc/n8n.json
+n8n_config_base:
+  database:
+    type: mysqldb
+    mysqldb:
+      database: "{{ n8n_db_name }}"
+      host: "{{ n8n_db_server }}"
+      port: "{{ n8n_db_port }}"
+      user: "{{ n8n_db_user }}"
+      password: "{{ n8n_db_pass }}"
+  generic:
+    timezone: "{{ system_tz | default('Europe/Paris') }}"
+  port: "{{ n8n_port }}"
+# This lets you override just part of the defaults
+n8n_config_extra: {}
+n8n_config: "{{ n8n_config_base | combine(n8n_config_extra,recursive=True) }}"
+
+# An optional list of extra module to install
+n8n_extra_node_modules: []
+
+  # The URL which will be used to reach n8n.
+# You'll likely have to change it, especially if n8n runs behind a reverse proxy
+n8n_public_url: http://{{ inventory_hostname }}:{{ n8n_port }}/
+
+# A secret key used to encrypt data in the DB. A random one is created is not defined here
+# n8n_secret_key: p@ssW0rd
+
+# If enabled, the systemd unit will have ProtectSystem=yes
+# This is recommended most of the time, but there are cases where you might want n8n to
+# be able to write under /usr
+n8n_protect_system: True
+
+# How long to keep workflow execution logs in the DB before pruning them.
+# The value is in hours. Default is 90 days
+n8n_data_max_age: 2160
+
+# Memory limit for the service, in MB
+n8n_mem_limit: 2048
+
+# Extra env var to pass to the service
+# n8n_env_var:
+#   NODE_FUNCTION_ALLOW_BUILTIN: request-promise-native
+n8n_env_var: {}

roles/n8n/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+
+- name: restart n8n
+  service: name=n8n state=restarted
+  when: not n8n_started.changed

roles/n8n/meta/main.yml

@@ -0,0 +1,6 @@
+---
+
+dependencies:
+  - role: repo_nodejs
+  - role: mysql_server
+    when: n8n_db_server in ['localhost','127.0.0.1']

roles/n8n/tasks/archive_post.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Compress previous version
+  command: tar cf {{ n8n_root_dir }}/archives/{{ n8n_current_version }}.tar.zst --use-compress-program=zstd ./
+  environment:
+    ZST_CLEVEL: 10
+  args:
+    chdir: "{{ n8n_root_dir }}/archives/{{ n8n_current_version }}"
+    warn: False
+  tags: n8n

roles/n8n/tasks/archive_pre.yml

@@ -0,0 +1,37 @@
+---
+
+- name: Create the archive dir
+  file:
+    path: "{{ n8n_root_dir }}/archives/{{ n8n_current_version }}"
+    state: directory
+  tags: n8n
+
+- name: Archive previous version
+  synchronize:
+    src: "{{ n8n_root_dir }}/{{ item }}"
+    dest: "{{ n8n_root_dir }}/archives/{{ n8n_current_version }}"
+    recursive: True
+    delete: True
+    compress: False
+  loop:
+    - app
+    - etc
+    - data
+  delegate_to: "{{ inventory_hostname }}"
+  tags: n8n
+
+- name: Dump the database
+  mysql_db:
+    state: dump
+    name: "{{ n8n_db_name }}"
+    target: "{{ n8n_root_dir }}/archives/{{ n8n_current_version }}/{{ n8n_db_name }}.sql.xz"
+    login_host: "{{ n8n_db_server }}"
+    login_port: "{{ n8n_db_port }}"
+    login_user: "{{ n8n_db_user }}"
+    login_password: "{{ n8n_db_pass }}"
+    quick: True
+    single_transaction: True
+  environment:
+    XZ_OPT: -T0
+  tags: n8n
+

roles/n8n/tasks/cleanup.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Remove tmp and unused files
+  file: path={{ item }} state=absent
+  loop:
+    - "{{ n8n_root_dir }}/archives/{{ n8n_current_version }}"
+  tags: n8n

roles/n8n/tasks/conf.yml

@@ -0,0 +1,9 @@
+---
+
+- name: Deploy n8n config
+  template: src={{ item }}.j2 dest={{ n8n_root_dir }}/etc/{{ item }} group={{ n8n_user }} mode=640
+  loop:
+    - n8n.json
+    - env
+  notify: restart n8n
+  tags: n8n

roles/n8n/tasks/directories.yml

@@ -0,0 +1,29 @@
+---
+
+- name: Create needed directories
+  file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
+  loop:
+    - dir: "{{ n8n_root_dir }}"
+      mode: 700
+    - dir: "{{ n8n_root_dir }}/app"
+      group: "{{ n8n_user }}"
+      mode: 775
+    - dir: "{{ n8n_root_dir }}/data"
+      owner: "{{ n8n_user }}"
+      mode: 700
+    - dir: "{{ n8n_root_dir }}/.n8n/custom"
+      owner: "{{ n8n_user }}"
+      mode: 700
+    - dir: "{{ n8n_root_dir }}/etc"
+      group: "{{ n8n_user }}"
+      mode: 750
+    - dir: "{{ n8n_root_dir }}/tmp"
+      owner: "{{ n8n_user }}"
+      mode: 700
+    - dir: "{{ n8n_root_dir }}/meta"
+      mode: 700
+    - dir: "{{ n8n_root_dir }}/backup"
+      mode: 700
+    - dir: "{{ n8n_root_dir }}/archives"
+      mode: 700
+  tags: n8n

roles/n8n/tasks/facts.yml

@@ -0,0 +1,29 @@
+---
+
+# Detect installed version (if any)
+- block:
+    - import_tasks: ../includes/webapps_set_install_mode.yml
+      vars:
+        - root_dir: "{{ n8n_root_dir }}"
+        - version: "{{ n8n_version }}"
+    - set_fact: n8n_install_mode={{ (install_mode == 'upgrade' and not n8n_manage_upgrade) | ternary('none',install_mode) }}
+    - set_fact: n8n_current_version={{ current_version | default('') }}
+  tags: n8n
+
+# Create a random pass for the DB if needed
+- block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: "{{ n8n_root_dir }}/meta/ansible_dbpass"
+    - set_fact: n8n_db_pass={{ rand_pass }}
+  when: n8n_db_pass is not defined
+  tags: n8n
+
+# Random encryption key
+- block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: "{{ n8n_root_dir }}/meta/ansible_secret_key"
+    - set_fact: n8n_secret_key={{ rand_pass }}
+  when: n8n_secret_key is not defined
+  tags: n8n

roles/n8n/tasks/install.yml

@@ -0,0 +1,65 @@
+---
+
+- name: Install nodejs and dependencies
+  yum:
+    name:
+      - nodejs
+      - gcc
+      - gcc-c++
+      - make
+      - sqlite-devel
+      - python3
+  tags: n8n
+
+- name: Wipe node_module on upgrade
+  file: path={{ n8n_root_dir }}/app/node_modules state=absent
+  when: n8n_install_mode == 'upgrade'
+  tags: n8n
+
+- name: Install n8n
+  npm:
+    name: n8n
+    path: "{{ n8n_root_dir }}/app"
+    version: "{{ n8n_version }}"
+  environment:
+    - npm_config_python: /bin/python3 # This is needed for sqlite3 build
+  become_user: "{{ n8n_user }}"
+  notify: restart n8n
+  tags: n8n
+
+- name: Install extra NodeJS modules
+  npm:
+    name: "{{ item }}"
+    path: "{{ n8n_root_dir }}/app"
+  become_user: "{{ n8n_user }}"
+  notify: restart n8n
+  when: n8n_extra_node_modules | length > 0
+  loop: "{{ n8n_extra_node_modules }}"
+  tags: n8n
+
+# Create the database
+- import_tasks: ../includes/webapps_create_mysql_db.yml
+  vars:
+    - db_name: "{{ n8n_db_name }}"
+    - db_user: "{{ n8n_db_user }}"
+    - db_server: "{{ n8n_db_server }}"
+    - db_pass: "{{ n8n_db_pass }}"
+  tags: n8n
+
+- name: Deploy systemd unit
+  template: src=n8n.service.j2 dest=/etc/systemd/system/n8n.service
+  register: n8n_unit
+  notify: restart n8n
+  tags: n8n
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when: n8n_unit.changed
+  tags: n8n
+
+- name: Install pre/post backup hooks
+  template: src={{ item }}-backup.sh.j2 dest=/etc/backup/{{ item }}.d/n8n mode=700
+  loop:
+    - pre
+    - post
+  tags: n8n

roles/n8n/tasks/iptables.yml

@@ -0,0 +1,8 @@
+---
+
+- name:  Handle n8n port in the firewall
+  iptables_raw:
+    name: n8n_port
+    state: "{{ (n8n_src_ip | length > 0) | ternary('present','absent') }}"
+    rules: "-A INPUT -m state --state NEW -p tcp --dport {{ n8n_port }} -s {{ n8n_src_ip | join(',') }} -j ACCEPT"
+  tags: firewall,n8n

roles/n8n/tasks/main.yml

@@ -0,0 +1,15 @@
+---
+
+- include: user.yml
+- include: directories.yml
+- include: facts.yml
+- include: archive_pre.yml
+  when: n8n_install_mode == 'upgrade'
+- include: install.yml
+- include: conf.yml
+- include: iptables.yml
+- include: services.yml
+- include: write_version.yml
+- include: archive_post.yml
+  when: n8n_install_mode == 'upgrade'
+- include: cleanup.yml

roles/n8n/tasks/services.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Start and enable n8n daemon
+  service: name=n8n state=started enabled=True
+  register: n8n_started
+  tags: n8n

roles/n8n/tasks/user.yml

@@ -0,0 +1,5 @@
+---
+
+- name: Create n8n user account
+  user: name={{ n8n_user }} home={{ n8n_root_dir }} system=True
+  tags: n8n

roles/n8n/tasks/write_version.yml

@@ -0,0 +1,5 @@
+---
+
+- name: Write installed version
+  copy: content={{ n8n_version }} dest={{ n8n_root_dir }}/meta/ansible_version
+  tags: n8n

roles/n8n/templates/env.j2

@@ -0,0 +1,11 @@
+N8N_CONFIG_FILES={{ n8n_root_dir }}/etc/n8n.json
+N8N_USER_FOLDER={{ n8n_root_dir }}/data
+WEBHOOK_TUNNEL_URL={{ n8n_public_url }}
+VUE_APP_URL_BASE_API={{ n8n_public_url }}
+N8N_ENCRYPTION_KEY={{ n8n_secret_key | quote }}
+EXECUTIONS_DATA_PRUNE=true
+EXECUTIONS_DATA_MAX_AGE={{ n8n_data_max_age }}
+N8N_CUSTOM_EXTENSIONS={{ n8n_root_dir }}/.n8n/custom
+{% for env in n8n_env_var.keys() | list %}
+{{ env }}={{ n8n_env_var[env] }}
+{% endfor %}

roles/n8n/templates/n8n.json.j2

@@ -0,0 +1 @@
+{{ n8n_config | to_nice_json(indent=4) }}

roles/n8n/templates/n8n.service.j2

@@ -0,0 +1,24 @@
+[Unit]
+Description=n8n workflow automation daemon
+After=syslog.target network.target mariadb.service
+
+[Service]
+Type=simple
+User={{ n8n_user }}
+Group={{ n8n_user }}
+EnvironmentFile={{ n8n_root_dir }}/etc/env
+ExecStart={{ n8n_root_dir }}/app/node_modules/n8n/bin/n8n
+PrivateTmp=yes
+{% if n8n_protect_system %}
+ProtectSystem=full
+NoNewPrivileges=yes
+ProtectHome=yes
+{% endif %}
+MemoryLimit={{ n8n_mem_limit }}M
+Environment=NODE_OPTIONS="--max-old-space-size={{ n8n_mem_limit }}"
+Restart=on-failure
+StartLimitInterval=0
+RestartSec=30
+
+[Install]
+WantedBy=multi-user.target

roles/n8n/templates/post-backup.sh.j2

@@ -0,0 +1,3 @@
+#!/bin/bash -e
+
+rm -f {{ n8n_root_dir }}/backup/*.sql.zst

roles/n8n/templates/pre-backup.sh.j2

@@ -0,0 +1,13 @@
+#!/bin/sh
+
+set -eo pipefail
+
+/usr/bin/mysqldump \
+{% if n8n_db_server not in ['localhost','127.0.0.1'] %}
+  --user={{ n8n_db_user | quote }} \
+  --password={{ n8n_db_pass | quote }} \
+  --host={{ n8n_db_server | quote }} \
+  --port={{ n8n_db_port | quote }} \
+{% endif %}
+  --quick --single-transaction \
+  --add-drop-table {{ n8n_db_name | quote }} | zstd -c > {{ n8n_root_dir }}/backup/{{ n8n_db_name }}.sql.zst