Update to 2023-03-17 16:00

2025-07-27 00:05:44 +02:00 · 2023-03-17 16:00:08 +01:00
parent d96d45834b
commit b4b621e760
20 changed files with 362 additions and 0 deletions
--- a/roles/offen/templates/offen.conf.j2
+++ b/roles/offen/templates/offen.conf.j2
@@ -0,0 +1,14 @@
+OFFEN_SERVER_PORT={{ offen_port }}
+OFFEN_SERVER_REVERSEPROXY=true
+OFFEN_DATABASE_DIALECT=mysql
+OFFEN_DATABASE_CONNECTIONSTRING={{ offen_db_user }}:{{ offen_db_pass }}@tcp({{ offen_db_server }}:{{ offen_db_port }})/{{ offen_db_name }}?parseTime=true
+OFFEN_SMTP_HOST={{ offen_smtp_server }}
+OFFEN_SMTP_PORT={{ offen_smtp_port }}
+OFFEN_SMTP_SENDER={{ offen_smtp_from }}
+{% if offen_smtp_user is defined and offen_smtp_pass is defined %}
+OFFEN_SMTP_USER={{ offen_smtp_user }}
+OFFEN_SMTP_PASSWORD={{ offen_smtp_pass }}
+{% endif %}
+OFFEN_SECRET={{ offen_secret }}
+OFFEN_APP_LOCALE={{ offen_locale }}
+OFFEN_APP_RETENTION={{ offen_retention }}
--- a/roles/offen/templates/offen.service.j2
+++ b/roles/offen/templates/offen.service.j2
@@ -0,0 +1,38 @@
+[Unit]
+Description=Offen Fair Web Analytics
+After=network.target postgresql.service mariadb.service
+
+[Service]
+Type=simple
+EnvironmentFile={{ offen_root_dir }}/etc/offen.conf
+User={{ offen_user }}
+ExecStart={{ offen_root_dir }}/bin/offen
+RuntimeDirectory=offen
+Restart=always
+RestartSec=5
+Restart=always
+NoNewPrivileges=true
+PrivateDevices=true
+ProtectControlGroups=true
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectSystem=strict
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectClock=yes
+RestrictRealtime=true
+RestrictNamespaces=yes
+ReadWritePaths=/run
+PrivateTmp=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallFilter=~@privileged
+SystemCallFilter=~@resources
+SystemCallErrorNumber=EPERM
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+
+[Install]
+WantedBy=multi-user.target
+
--- a/roles/offen/templates/post-backup.j2
+++ b/roles/offen/templates/post-backup.j2
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+set -e
+
+rm -f {{ offen_root_dir }}/backup/*
--- a/roles/offen/templates/pre-backup.j2
+++ b/roles/offen/templates/pre-backup.j2
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -eo pipefail
+
+/usr/bin/mysqldump --user={{ offen_db_user | quote }} \
+                   --password={{ offen_db_pass | quote }} \
+                   --host={{ offen_db_server }} \
+                   --quick --single-transaction \
+                   --add-drop-table {{ offen_db_name }} | \
+               zstd -c > {{ offen_root_dir }}/backup/{{ offen_db_name }}.sql.zst
+