Update to 2021-12-31 14:05

roles/wbo/defaults/main.yml

@@ -0,0 +1,13 @@
+---
+
+# Several WBO instances can be installed on the same server
+# but should have a uniq ID and bind port
+wbo_id: 1
+wbo_port: 8095
+# List of IP/CIDR having access to WBO port (if iptables_manage == True)
+wbo_src_ip: []
+# Root dir where WBO will be installed
+wbo_root_dir: /opt/wbo_{{ wbo_id }}
+# URL of the git repo
+wbo_git_url: https://github.com/lovasoa/whitebophir.git
+

roles/wbo/handlers/main.yml

@@ -0,0 +1,4 @@
+---
+
+- name: restart wbo
+  service: name=wbo-{{ wbo_id }} state=restarted

roles/wbo/meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: repo_nodejs

roles/wbo/tasks/directory.yml

@@ -0,0 +1,8 @@
+---
+
+- name: Create needed directories
+  file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | dedfault(omit) }}
+  loop:
+    - dir: "{{ wbo_root_dir }}"
+      owner: wbo_{{ wbo_id }}
+  tags: wbo

roles/wbo/tasks/install.yml

@@ -0,0 +1,40 @@
+---
+
+- name: Install dependencies
+  yum:
+    name:
+      - nodejs
+      - git
+  tags: wbo
+
+- name: Clone wbo repo
+  git:
+    repo: "{{ wbo_git_url }}"
+    dest: "{{ wbo_root_dir }}/app"
+    force: True
+  notify: restart wbo
+  become_user: wbo_{{ wbo_id }}
+  register: wbo_git
+  tags: wbo
+
+- name: Install wbo
+  npm:
+    path: "{{ wbo_root_dir }}/app"
+  become_user: wbo_{{ wbo_id }}
+  when: wbo_git.changed
+  tags: wbo
+
+- name: Set permissions on server data dir
+  file: path={{ wbo_root_dir }}/app/server-data owner=wbo_{{ wbo_id }} mode=700
+  tags: wbo
+
+- name: Deploy systemd unit
+  template: src=wbo.service.j2 dest=/etc/systemd/system/wbo-{{ wbo_id }}.service
+  register: wbo_unit
+  tags: wbo
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when: wbo_unit.changed
+  tags: wbo
+

roles/wbo/tasks/iptables.yml

@@ -0,0 +1,8 @@
+---
+
+- name: Handle wbo port
+  iptables_raw:
+    name: wbo_port_{{ wbo_id }}
+    state: "{{ (wbo_src_ip | length > 0) | ternary('present','absent') }}"
+    rules: "-A INPUT -m state --state NEW -p tcp --dport {{ wbo_port }} -s {{ wbo_src_ip | join(',') }} -j ACCEPT"
+  tags: wbo

roles/wbo/tasks/main.yml

@@ -0,0 +1,8 @@
+---
+
+- include: user.yml
+- include: install.yml
+- include: iptables.yml
+  when: iptables_manage | default(True)
+- include: services.yml
+

roles/wbo/tasks/services.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Start and enable wbo daemon
+  service: name=wbo-{{ wbo_id }} state=started enabled=True
+  tags: wbo
+

roles/wbo/tasks/user.yml

@@ -0,0 +1,8 @@
+---
+
+- import_tasks: ../includes/create_system_user.yml
+  vars:
+    - user: wbo_{{ wbo_id }}
+    - home: "{{ wbo_root_dir }}"
+    - comment: "Online collaborative Whiteboard {{ wbo_id }}"
+  tags: wbo

roles/wbo/templates/wbo.service.j2

@@ -0,0 +1,21 @@
+[Unit]
+Description=Online collaborative Whiteboard (Instance {{ wbo_id }})
+After=syslog.target network.target
+
+[Service]
+Type=simple
+User=wbo_{{ wbo_id }}
+Group=wbo_{{ wbo_id }}
+Environment=PORT={{ wbo_port }}
+Environment=NODE_ENV='production'
+ExecStart=/bin/node {{ wbo_root_dir }}/app/server/server.js
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+MemoryLimit=512M
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target