Update to 2022-02-15 16:00

roles/kimai/tasks/archive_post.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Compress previous version
+  command: tar cf {{ kimai_root_dir }}/archives/{{ kimai_current_version }}.tar.zst ./ --use-compress-program=zstd
+  args:
+    chdir: "{{ kimai_root_dir }}/archives/{{ kimai_current_version }}"
+    warn: False
+  environment:
+    ZSTD_CLEVEL: 10
+  tags: kimai

roles/kimai/tasks/archive_pre.yml

@@ -0,0 +1,34 @@
+---
+
+- name: Create the archive dir
+  file: path={{ kimai_root_dir }}/archives/{{ kimai_current_version }} state=directory
+  tags: kimai
+
+- name: Archive current version
+  synchronize:
+    src: "{{ kimai_root_dir }}/app"
+    dest: "{{ kimai_root_dir }}/archives/{{ kimai_current_version }}/"
+    compress: False
+    delete: True
+  delegate_to: "{{ inventory_hostname }}"
+  tags: kimai
+
+- name: Install mariadb client
+  package:
+    name:
+      - mariadb
+  tags: kimai
+
+- name: Dump the database
+  mysql_db:
+    state: dump
+    name: "{{ kimai_db_name }}"
+    target: "{{ kimai_root_dir }}/archives/{{ kimai_current_version }}/{{ kimai_db_name }}.sql.xz"
+    login_host: "{{ kimai_db_server }}"
+    login_user: "{{ kimai_db_user }}"
+    login_password: "{{ kimai_db_pass }}"
+    quick: True
+    single_transaction: True
+  environment:
+    XZ_OPT: -T0
+  tags: kimai

roles/kimai/tasks/cleanup.yml

@@ -0,0 +1,9 @@
+---
+
+- name: Remove tmp and obsolete files
+  file: path={{ item }} state=absent
+  loop:
+    - "{{ kimai_root_dir }}/archives/{{ kimai_current_version }}"
+    - "{{ kimai_root_dir }}/tmp/kimai2-{{ kimai_version }}"
+    - "{{ kimai_root_dir }}/tmp/kimai2-{{ kimai_version }}.tar.gz"
+  tags: kimai

roles/kimai/tasks/conf.yml

@@ -0,0 +1,56 @@
+---
+
+- import_tasks: ../includes/webapps_webconf.yml
+  vars:
+    - app_id: kimai_{{ kimai_id }}
+    - php_version: "{{ kimai_php_version }}"
+    - php_fpm_pool: "{{ kimai_php_fpm_pool | default('') }}"
+  tags: kimai
+
+- name: Deploy kimai configuration
+  template: src={{ item.src }} dest={{ item.dest }} group={{ kimai_php_user }} mode=640
+  loop:
+    - src: env.j2
+      dest: "{{ kimai_root_dir }}/app/.env"
+    - src: local.yaml.j2
+      dest: "{{ kimai_root_dir }}/app/config/packages/local.yaml"
+  notify: clear kimai cache
+  tags: kimai
+
+- name: Deploy permission script
+  template: src=perms.sh.j2 dest={{ kimai_root_dir }}/perms.sh mode=755
+  register: kimai_perm_script
+  tags: kimai
+
+- name: Apply permissions
+  command: "{{ kimai_root_dir }}/perms.sh"
+  when: kimai_perm_script.changed or kimai_install_mode != 'none'
+  tags: kimai
+
+- when: kimai_install_mode == 'install'
+  block:
+
+    - name: Init the database
+      command: /bin/php{{ kimai_php_version }} {{ kimai_root_dir }}/app/bin/console kimai:install -n
+
+    - name: Create initial admin user
+      shell: echo {{ kimai_admin_pass | quote }} | /bin/php{{ kimai_php_version }} {{ kimai_root_dir }}/app/bin/console kimai:user:create username {{ kimai_admin_user | quote }} ROLE_SUPER_ADMIN
+
+  become_user: "{{ kimai_php_user }}"
+  tags: kimai
+
+- when: kimai_install_mode == 'upgrade'
+  block:
+
+    - name: Update the database
+      command: /bin/php{{ kimai_php_version }} {{ kimai_root_dir }}/app/bin/console kimai:update -n
+
+    - name: Clear kimai cache
+      command: /bin/php{{ kimai_php_version }} {{ kimai_root_dir }}/app/bin/console kimai:reload --env=prod
+
+  become_user: "{{ kimai_php_user }}"
+  tags: kimai
+
+- name: Setup logrotate
+  template: src=logrotate.conf.j2 dest=/etc/logrotate.d/kimai_{{ kimai_id | string }}
+  tags: kimai

roles/kimai/tasks/directories.yml

@@ -0,0 +1,21 @@
+---
+
+- name: Create directories
+  file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
+  loop:
+    - dir: "{{ kimai_root_dir }}"
+    - dir: "{{ kimai_root_dir }}/app"
+    - dir: "{{ kimai_root_dir }}/tmp"
+      owner: "{{ kimai_php_user }}"
+      mode: 700
+    - dir: "{{ kimai_root_dir }}/sessions"
+      owner: "{{ kimai_php_user }}"
+      mode: 700
+    - dir: "{{ kimai_root_dir }}/meta"
+      mode: 700
+    - dir: "{{ kimai_root_dir }}/backup"
+      mode: 700
+    - dir: "{{ kimai_root_dir }}/data"
+      owner: "{{ kimai_php_user }}"
+      mode: 700
+  tags: kimai

roles/kimai/tasks/facts.yml

@@ -0,0 +1,47 @@
+---
+
+# Load distribution specific variables
+- include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_distribution }}.yml"
+    - "{{ role_path }}/vars/{{ ansible_os_family }}.yml"
+  tags: kimai
+
+# Detect installed version (if any)
+- block:
+    - import_tasks: ../includes/webapps_set_install_mode.yml
+      vars:
+        - root_dir: "{{ kimai_root_dir }}"
+        - version: "{{ kimai_version }}"
+    - set_fact: kimai_install_mode={{ (install_mode == 'upgrade' and not kimai_manage_upgrade) | ternary('none',install_mode) }}
+    - set_fact: kimai_current_version={{ current_version | default('') }}
+  tags: kimai
+
+# Create a random pass for the DB if needed
+- block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: "{{ kimai_root_dir }}/meta/ansible_dbpass"
+    - set_fact: kimai_db_pass={{ rand_pass }}
+  when: kimai_db_pass is not defined
+  tags: kimai
+
+# Create a random app secret if needed
+- block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: "{{ kimai_root_dir }}/meta/ansible_secret_key"
+    - set_fact: kimai_secret_key={{ rand_pass }}
+  when: kimai_secret_key is not defined
+  tags: kimai
+
+# Create a random admin pass if needed
+- block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: "{{ kimai_root_dir }}/meta/ansible_admin_pass"
+    - set_fact: kimai_admin_pass={{ rand_pass }}
+  when: kimai_admin_pass is not defined
+  tags: kimai

roles/kimai/tasks/install.yml

@@ -0,0 +1,84 @@
+---
+
+- name: Install dependencies
+  package: name={{ kimai_packages }}
+  tags: kimai
+
+- when: kimai_install_mode != 'none'
+  block:
+    - name: Download kimai
+      get_url:
+        url: "{{ kimai_archive_url }}"
+        dest: "{{ kimai_root_dir }}/tmp"
+        checksum: sha256:{{ kimai_archive_sha256 }}
+      register: kimai_dl_archive
+      retries: 3
+      delay: 5
+      until: kimai_dl_archive is not failed
+
+    - name: Extract the archive
+      unarchive:
+        src: "{{ kimai_root_dir }}/tmp/kimai2-{{ kimai_version }}.tar.gz"
+        dest: "{{ kimai_root_dir }}/tmp"
+        remote_src: True
+
+    - name: Move kimai to its final dir
+      synchronize:
+        src: "{{ kimai_root_dir }}/tmp/kimai2-{{ kimai_version }}/"
+        dest: "{{ kimai_root_dir }}/app/"
+        delete: True
+        compress: False
+        rsync_opts:
+          - '--exclude=/var'
+      delegate_to: "{{ inventory_hostname }}"
+
+    - name: Populate data directories
+      synchronize:
+        src: "{{ kimai_root_dir }}/tmp/kimai2-{{ kimai_version }}/var/"
+        dest: "{{ kimai_root_dir }}/data/"
+        compress: False
+      delegate_to: "{{ inventory_hostname }}"
+
+    - name: Link data directories
+      file: src={{ kimai_root_dir }}/data dest={{ kimai_root_dir }}/app/var state=link
+
+    - name: Install PHP libs with composer
+      composer:
+        command: install
+        working_dir: "{{ kimai_root_dir }}/app"
+        executable: /bin/php{{ kimai_php_version }}
+
+    - name: Install LDAP auth support
+      composer:
+        command: require
+        arguments: laminas/laminas-ldap
+        working_dir: "{{ kimai_root_dir }}/app"
+
+  environment:
+    php: /bin/php{{ kimai_php_version }}
+  tags: kimai
+
+- import_tasks: ../includes/webapps_create_mysql_db.yml
+  vars:
+    - db_name: "{{ kimai_db_name }}"
+    - db_user: "{{ kimai_db_user }}"
+    - db_server: "{{ kimai_db_server }}"
+    - db_port: "{{ kimai_db_port }}"
+    - db_pass: "{{ kimai_db_pass }}"
+  tags: kimai
+
+- name: Set correct SELinux context
+  sefcontext:
+    target: "{{ kimai_root_dir }}(/.*)?"
+    setype: httpd_sys_content_t
+    state: present
+  when: ansible_selinux.status == 'enabled'
+  tags: kimai
+
+- name: Install pre/post backup hooks
+  template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/kimai_{{ kimai_id }} mode=700
+  loop:
+    - pre
+    - post
+  tags: kimai
+

roles/kimai/tasks/main.yml

@@ -0,0 +1,13 @@
+---
+
+- include: user.yml
+- include: directories.yml
+- include: facts.yml
+- include: archive_pre.yml
+  when: kimai_install_mode == 'upgrade'
+- include: install.yml
+- include: conf.yml
+- include: write_version.yml
+- include: archive_post.yml
+  when: kimai_install_mode == 'upgrade'
+- include: cleanup.yml

roles/kimai/tasks/user.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Create system user account
+  user:
+    name: "{{ kimai_php_user }}"
+    comment: "PHP FPM for kimai {{ kimai_id }}"
+    system: True
+    shell: /sbin/nologin
+    home: "{{ kimai_root_dir }}"
+  tags: kimai

roles/kimai/tasks/write_version.yml

@@ -0,0 +1,5 @@
+---
+
+- name: Write current version
+  copy: content={{ kimai_version }} dest={{ kimai_root_dir }}/meta/ansible_version
+  tags: kimai