Update to 2021-12-01 19:13

roles/sftpgo/tasks/archive_post.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Compress previous version
+  command: tar cf {{ sftpgo_root_dir }}/archives/{{ sftpgo_current_version }}.tar.zst --use-compress-program=zstd ./
+  args:
+    chdir: "{{ sftpgo_root_dir }}/archives/{{ sftpgo_current_version }}"
+    warn: False
+  environment:
+    ZSTD_CLEVEL: 10
+  tags: sftpgo

roles/sftpgo/tasks/archive_pre.yml

@@ -0,0 +1,23 @@
+---
+
+- name: Create the archive dir
+  file: path={{ sftpgo_root_dir }}/archives/{{ sftpgo_current_version }} state=directory
+  tags: sftpgo
+
+- name: Backup previous version
+  copy: src={{ sftpgo_root_dir }}/app dest={{ sftpgo_root_dir }}/archives/{{ sftpgo_current_version }}/ remote_src=True
+  tags: sftpgo
+
+- name: Archive the database
+  mysql_db:
+    state: dump
+    name: "{{ sftpgo_db_name }}"
+    target: "{{ sftpgo_root_dir }}/archives/{{ sftpgo_current_version }}/{{ sftpgo_db_name }}.sql.xz"
+    login_host: "{{ sftpgo_db_server }}"
+    login_user: sqladmin
+    login_password: "{{ mysql_admin_pass }}"
+    quick: True
+    single_transaction: True
+  environment:
+    XZ_OPT: -T0
+  tags: sftpgo

roles/sftpgo/tasks/cleanup.yml

@@ -0,0 +1,9 @@
+---
+
+- name: Remove tmp and obsolete files
+  file: path={{ item }} state=absent
+  loop:
+    - "{{ sftpgo_root_dir }}/archives/{{ sftpgo_current_version }}"
+    - "{{ sftpgo_root_dir }}/tmp/sftpgo_v{{ sftpgo_version }}_linux_x86_64.tar.xz"
+    - "{{ sftpgo_root_dir }}/tmp/{{ sftpgo_version }}"
+  tags: sftpgo

roles/sftpgo/tasks/conf.yml

@@ -0,0 +1,12 @@
+---
+
+- name: Deploy sftpgo config
+  template: src=sftpgo.yml.j2 dest={{ sftpgo_root_dir }}/etc/sftpgo.yml group={{ sftpgo_user }} mode=640
+  notify: restart sftpgo
+  tags: sftpgo
+
+- name: Init or upgrade the database
+  command: "{{ sftpgo_root_dir }}/app/sftpgo --config-file {{ sftpgo_root_dir }}/etc/sftpgo.yml initprovider"
+  become_user: "{{ sftpgo_user }}"
+  when: sftpgo_install_mode != 'none'
+  tags: sftpgo

roles/sftpgo/tasks/directories.yml

@@ -0,0 +1,29 @@
+---
+
+- name: Create directories
+  file: path={{ sftpgo_root_dir }}/{{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
+  loop:
+    - dir: /
+      owner: "{{ sftpgo_user }}"
+      mode: 700
+    - dir: meta
+      mode: 700
+    - dir: archives
+      omde: 700
+    - dir: tmp
+      owner: "{{ sftpgo_user }}"
+      mode: 700
+    - dir: etc
+      owner: "{{ sftpgo_user }}"
+      mode: 700
+    - dir: bin
+    - dir: data
+      owner: "{{ sftpgo_user }}"
+      mode: 700
+    - dir: data/home
+      owner: "{{ sftpgo_user }}"
+      mode: 700
+    - dir: backup
+      owner: "{{ sftpgo_user }}"
+      mode: 700
+  tags: sftpgo

roles/sftpgo/tasks/facts.yml

@@ -0,0 +1,28 @@
+---
+
+- include_vars: "{{ item }}"
+  with_first_found:
+    - vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml
+    - vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml
+    - vars/{{ ansible_distribution }}.yml
+    - vars/{{ ansible_os_family }}.yml
+  tags: sftpgo
+    
+- name: Detect installed version
+  block:
+    - import_tasks: ../includes/webapps_set_install_mode.yml
+      vars:
+        - root_dir: "{{ sftpgo_root_dir }}"
+        - version: "{{ sftpgo_version }}"
+    - set_fact: sftpgo_install_mode={{ (install_mode == 'upgrade' and not sftpgo_manage_upgrade) | ternary('none',install_mode) }}
+    - set_fact: sftpgo_current_version={{ current_version | default('') }}
+  tags: sftpgo
+    
+- when: sftpgo_db_pass is not defined
+  name: Generate a random pass for the database
+  block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: "{{ sftpgo_root_dir }}/meta/ansible_dbpass"
+    - set_fact: sftpgo_db_pass={{ rand_pass }}
+  tags: sftpgo

roles/sftpgo/tasks/install.yml

@@ -0,0 +1,72 @@
+---
+
+- name: Install dependencies
+  package:
+    name: "{{ sftpgo_packages }}"
+  tags: sftpgo
+
+- name: Stop the service during upgrades
+  service: name=sftpgo state=stopped
+  when: sftpgo_install_mode == 'upgrade'
+  tags: sftpgo
+
+- when: sftpgo_install_mode != 'none'
+  block:
+
+    - name: Download sftpgo
+      get_url:
+        url: "{{ sftpgo_archive_url }}"
+        dest: "{{ sftpgo_root_dir }}/tmp/"
+        checksum: sha1:{{ sftpgo_archive_sha1 }}
+
+    - name: Create tmp dir
+      file: path={{ sftpgo_root_dir }}/tmp/{{ sftpgo_version }} state=directory
+
+    - name: Extract sftpgo archive
+      unarchive:
+        src: "{{ sftpgo_root_dir }}/tmp/sftpgo_v{{ sftpgo_version }}_linux_x86_64.tar.xz"
+        dest: "{{ sftpgo_root_dir }}/tmp/{{ sftpgo_version }}"
+        remote_src: True
+
+    - name: Install or update the app
+      synchronize:
+        src: "{{ sftpgo_root_dir }}/tmp/{{ sftpgo_version }}/{{ item }}"
+        dest: "{{ sftpgo_root_dir }}/app/"
+        compress: False
+        delete: True
+      loop:
+        - sftpgo
+        - templates
+        - static
+      delegate_to: "{{ inventory_hostname }}"
+      notify: restart sftpgo
+
+  tags: sftpgo
+
+- name: Install systemd unit
+  template: src=sftpgo.service.j2 dest=/etc/systemd/system/sftpgo.service
+  notify: restart sftpgo
+  register: sftpgo_unit
+  tags: sftpgo
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when: sftpgo_unit.changed
+  tags: sftpgo
+
+  # Create MySQL database
+- import_tasks: ../includes/webapps_create_mysql_db.yml
+  vars:
+    - db_name: "{{ sftpgo_db_name }}"
+    - db_user: "{{ sftpgo_db_user }}"
+    - db_server: "{{ sftpgo_db_server }}"
+    - db_port: "{{ sftpgo_db_port }}"
+    - db_pass: "{{ sftpgo_db_pass }}"
+  tags: sftpgo
+
+- name: Install backups hooks
+  template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/sftpgo mode=700
+  loop:
+    - pre
+    - post
+  tags: sftpgo

roles/sftpgo/tasks/iptables.yml

@@ -0,0 +1,21 @@
+---
+
+- name:  Handle sftpgo ports in the firewall
+  iptables_raw:
+    name: "{{ item.name }}"
+    state: "{{ (item.src_ip | length > 0) | ternary('present','absent') }}"
+    rules: "-A INPUT -m state --state NEW -p tcp {{ item.port is string | ternary('--dport ' ~ item.port, '-m multiport --dports ' ~ item.port | join(',')) }} -s {{ item.src_ip | join(',') }} -j ACCEPT"
+  with_items:
+    - port: "{{ sftpgo_conf.sftpd.bindings.port }}"
+      name: sftpgo_sftp_port
+      src_ip: "{{ sftpgo_sftp_src_ip }}"
+    - port: "{{ [sftpgo_conf.ftpd.bindings.port,sftpgo_conf.ftpd.passive_port_range.start ~ ':' ~ sftpgo_conf.ftpd.passive_port_range.end] }}"
+      name: sftpgo_ftp_port
+      src_ip: "{{ sftpgo_ftp_src_ip }}"
+    - port: "{{ sftpgo_conf.webdavd.bindings.port }}"
+      name: sftpgo_webdav_port
+      src_ip: "{{ sftpgo_webdav_src_ip }}"
+    - port: "{{ sftpgo_conf.httpd.bindings.port }}"
+      name: sftpgo_http_port
+      src_ip: "{{ sftpgo_http_src_ip }}"
+  tags: firewall,sftpgo

roles/sftpgo/tasks/main.yml

@@ -0,0 +1,18 @@
+---
+
+- include: user.yml
+- include: directories.yml
+- include: facts.yml
+- include: archive_pre.yml
+  when: sftpgo_install_mode == 'upgrade'
+- include: install.yml
+- include: selinux.yml
+  when: ansible_selinux.status == 'enabled'
+- include: conf.yml
+- include: iptables.yml
+  when: iptables_manage | default(True)
+- include: services.yml
+- include: write_version.yml
+- include: archive_post.yml
+  when: sftpgo_install_mode == 'upgrade'
+- include: cleanup.yml

roles/sftpgo/tasks/selinux.yml

@@ -0,0 +1,15 @@
+---
+
+- name: Set correct SELinux context
+  sefcontext:
+    target: "{{ sftpgo_root_dir }}/app/sftpgo"
+    setype: bin_t
+    state: present
+  register: sftpgo_selinux_context
+  tags: sftpgo
+
+- name: Restore correct SELinux context
+  command: restorecon {{ sftpgo_root_dir }}/app/sftpgo
+  when: sftpgo_selinux_context.changed
+  tags: sftpgo
+

roles/sftpgo/tasks/services.yml

@@ -0,0 +1,5 @@
+---
+
+- name: Start and enable the service
+  service: name=sftpgo state=started enabled=True
+  tags: sftpgo

roles/sftpgo/tasks/user.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Create sftpgo user
+  user:
+    name: "{{ sftpgo_user }}"
+    comment: SFTPGO User account
+    home: "{{ sftpgo_root_dir }}"
+    system: True
+    shell: /sbin/nologin
+  tags: sftpgo

roles/sftpgo/tasks/write_version.yml

@@ -0,0 +1,5 @@
+---
+
+- name: Write installed version
+  copy: content={{ sftpgo_version }} dest={{ sftpgo_root_dir }}/meta/ansible_version
+  tags: sftpgo