Update to 2020-11-12 09:00

master
Daniel Berteaud 4 years ago
parent 1a7a45a131
commit 07dba3a12a
  1. 4
      roles/dolibarr/meta/main.yml
  2. 6
      roles/dolibarr/tasks/cleanup.yml
  3. 11
      roles/dolibarr/tasks/install.yml
  4. 2
      roles/dolibarr/tasks/main.yml
  5. 3
      roles/dolibarr/templates/post-backup.j2
  6. 7
      roles/dolibarr/templates/pre-backup.j2
  7. 2
      roles/funkwhale/meta/main.yml
  8. 5
      roles/funkwhale/tasks/conf.yml
  9. 19
      roles/funkwhale/tasks/facts.yml
  10. 28
      roles/funkwhale/tasks/install.yml
  11. 1
      roles/funkwhale/templates/env.j2
  12. 2
      roles/funkwhale/templates/httpd.conf.j2
  13. 8
      roles/funkwhale/templates/pre-backup.sh.j2
  14. 17
      roles/funkwhale/vars/CentOS-7.yml
  15. 16
      roles/funkwhale/vars/CentOS-8.yml
  16. 3
      roles/gitea/meta/main.yml
  17. 8
      roles/gitea/tasks/cleanup.yml
  18. 6
      roles/gitea/tasks/conf.yml
  19. 2
      roles/gitea/tasks/directories.yml
  20. 8
      roles/gitea/tasks/facts.yml
  21. 5
      roles/gitea/tasks/install.yml
  22. 2
      roles/gitea/tasks/main.yml
  23. 3
      roles/gitea/templates/app.ini.j2
  24. 2
      roles/gitea/templates/gitea.service.j2
  25. 2
      roles/gitea/templates/post_backup.sh.j2
  26. 6
      roles/gitea/templates/pre_backup.sh.j2
  27. 6
      roles/gitea/vars/CentOS-7.yml
  28. 6
      roles/gitea/vars/CentOS-8.yml
  29. 4
      roles/matomo/defaults/main.yml
  30. 8
      roles/matomo/tasks/cleanup.yml
  31. 2
      roles/matomo/tasks/directories.yml
  32. 18
      roles/matomo/tasks/install.yml
  33. 2
      roles/matomo/tasks/main.yml
  34. 2
      roles/matomo/templates/post-backup.j2
  35. 8
      roles/matomo/templates/pre-backup.j2
  36. 16
      roles/matrix_synapse/tasks/facts.yml
  37. 45
      roles/matrix_synapse/tasks/install.yml
  38. 2
      roles/matrix_synapse/templates/matrix-synapse.service.j2
  39. 29
      roles/matrix_synapse/vars/CentOS-7.yml
  40. 28
      roles/matrix_synapse/vars/CentOS-8.yml
  41. 1
      roles/mongodb_server/meta/main.yml
  42. 23
      roles/mongodb_server/tasks/main.yml
  43. 6
      roles/mongodb_server/vars/CentOS-7.yml
  44. 6
      roles/mongodb_server/vars/CentOS-8.yml

@ -0,0 +1,4 @@
---
dependencies:
- role: httpd_php

@ -1,9 +1,11 @@
--- ---
- name: Remove temp files - name: Remove temp and obsolete files
file: path={{ item }} state=absent file: path={{ item }} state=absent
with_items: loop:
- "{{ dolibarr_root_dir }}/tmp/dolibarr-{{ dolibarr_version }}.tgz" - "{{ dolibarr_root_dir }}/tmp/dolibarr-{{ dolibarr_version }}.tgz"
- "{{ dolibarr_root_dir }}/tmp/dolibarr-{{ dolibarr_version }}" - "{{ dolibarr_root_dir }}/tmp/dolibarr-{{ dolibarr_version }}"
- /etc/backup/pre.d/dolibarr_{{ dolibarr_id }}_dump_db
- /etc/backup/post.d/dolibarr_{{ dolibarr_id }}_rm_dump
tags: dolibarr tags: dolibarr

@ -4,7 +4,6 @@
yum: yum:
name: name:
- tar - tar
- MySQL-python
- mariadb - mariadb
- acl - acl
tags: dolibarr tags: dolibarr
@ -104,12 +103,10 @@
tags: dolibarr tags: dolibarr
- name: Deploy backup scripts - name: Deploy backup scripts
template: src={{ item.script }}.j2 dest=/etc/backup/{{ item.type }}.d/dolibarr_{{ dolibarr_id }}_{{ item.script }} mode=750 template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/dolibarr_{{ dolibarr_id }} mode=750
with_items: loop:
- script: dump_db - pre
type: pre - post
- script: rm_dump
type: post
tags: dolibarr tags: dolibarr
- name: Setup cron job to sync users and groups from LDAP - name: Setup cron job to sync users and groups from LDAP

@ -1,8 +1,8 @@
--- ---
- include: facts.yml
- include: user.yml - include: user.yml
- include: directories.yml - include: directories.yml
- include: facts.yml
- include: archive_pre.yml - include: archive_pre.yml
when: dolibarr_install_mode == 'upgrade' when: dolibarr_install_mode == 'upgrade'
- include: install.yml - include: install.yml

@ -0,0 +1,3 @@
#!/bin/sh
rm -f {{ dolibarr_root_dir }}/db_dumps/*

@ -0,0 +1,7 @@
#!/bin/sh
/usr/bin/mysqldump --user={{ dolibarr_db_user }} \
--password={{ dolibarr_db_pass | quote }} \
--host={{ dolibarr_db_server }} \
--quick --single-transaction \
--add-drop-table {{ dolibarr_db_name }} | lz4 -c > {{ dolibarr_root_dir }}/db_dumps/{{ dolibarr_db_name }}.sql.lz4

@ -1,7 +1,7 @@
--- ---
allow_duplicates: true allow_duplicates: true
dependencies: dependencies:
- role: repo_nux_dextop # for ffmpeg - role: repo_remi # for ffmpeg
- role: httpd_common - role: httpd_common
- role: redis_server - role: redis_server
when: funkwhale_redis_url | urlsplit('hostname') == 'localhost' or funkwhale_redis_url | urlsplit('hostname') == '127.0.0.1' when: funkwhale_redis_url | urlsplit('hostname') == 'localhost' or funkwhale_redis_url | urlsplit('hostname') == '127.0.0.1'

@ -1,10 +1,5 @@
--- ---
- name: Deploy funkwhale configuration
template: src=env.j2 dest={{ funkwhale_root_dir }}/config/.env group={{ funkwhale_user }}
notify: restart funkwhale
tags: funkwhale
- name: Deploy permissions script - name: Deploy permissions script
template: src=perms.sh.j2 dest={{ funkwhale_root_dir }}/perms.sh mode=755 template: src=perms.sh.j2 dest={{ funkwhale_root_dir }}/perms.sh mode=755
register: funkwhale_perms register: funkwhale_perms

@ -1,5 +1,12 @@
--- ---
- include_vars: "{{ item }}"
with_first_found:
- vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml
- vars/{{ ansible_distribution }}.yml
- vars/{{ ansible_os_family }}.yml
tags: funkwhale
- fail: msg="pg_admin_pass must be set" - fail: msg="pg_admin_pass must be set"
when: pg_admin_pass is not defined when: pg_admin_pass is not defined
tags: funkwhale tags: funkwhale
@ -9,28 +16,26 @@
- root_dir: "{{ funkwhale_root_dir }}" - root_dir: "{{ funkwhale_root_dir }}"
- version: "{{ funkwhale_version }}" - version: "{{ funkwhale_version }}"
tags: funkwhale tags: funkwhale
- block:
- set_fact: funkwhale_install_mode={{ (install_mode == 'upgrade' and not funkwhale_manage_upgrade) | ternary('none',install_mode) }} - set_fact: funkwhale_install_mode={{ (install_mode == 'upgrade' and not funkwhale_manage_upgrade) | ternary('none',install_mode) }}
tags: funkwhale
- set_fact: funkwhale_current_version={{ current_version | default('') }} - set_fact: funkwhale_current_version={{ current_version | default('') }}
tags: funkwhale tags: funkwhale
# Create a random pass for the DB if needed # Create a random pass for the DB if needed
- when: funkwhale_db_pass is not defined
block:
- import_tasks: ../includes/get_rand_pass.yml - import_tasks: ../includes/get_rand_pass.yml
vars: vars:
- pass_file: "{{ funkwhale_root_dir }}/meta/ansible_dbpass" - pass_file: "{{ funkwhale_root_dir }}/meta/ansible_dbpass"
when: funkwhale_db_pass is not defined
tags: funkwhale
- set_fact: funkwhale_db_pass={{ rand_pass }} - set_fact: funkwhale_db_pass={{ rand_pass }}
when: funkwhale_db_pass is not defined
tags: funkwhale tags: funkwhale
# Create a random django secret key # Create a random django secret key
- when: funkwhale_secret_key is not defined
block:
- import_tasks: ../includes/get_rand_pass.yml - import_tasks: ../includes/get_rand_pass.yml
vars: vars:
- pass_file: "{{ funkwhale_root_dir }}/meta/ansible_django_key" - pass_file: "{{ funkwhale_root_dir }}/meta/ansible_django_key"
when: funkwhale_secret_key is not defined
tags: funkwhale
- set_fact: funkwhale_secret_key={{ rand_pass }} - set_fact: funkwhale_secret_key={{ rand_pass }}
when: funkwhale_secret_key is not defined
tags: funkwhale tags: funkwhale

@ -1,21 +1,12 @@
--- ---
- name: Install packages - name: Install packages
yum: yum: name={{ funkwhale_packages }}
name: tags: funkwhale
- gcc
- git - name: Check if mod_xsendfile is available
- postgresql13 stat: path=/usr/lib64/httpd/modules/mod_xsendfile.so
- postgresql-devel register: funkwhale_xsendfile
- openldap-devel
- cyrus-sasl-devel
- libjpeg-turbo-devel
- python-psycopg2
- python-setuptools
- python3-virtualenv
- python3-pip
- ffmpeg
- mod_xsendfile
tags: funkwhale tags: funkwhale
- name: Download funkwhale frontend and api - name: Download funkwhale frontend and api
@ -121,11 +112,18 @@
notify: restart funkwhale notify: restart funkwhale
tags: funkwhale tags: funkwhale
- name: Deploy funkwhale configuration
template: src=env.j2 dest={{ funkwhale_root_dir }}/config/.env group={{ funkwhale_user }}
notify: restart funkwhale
tags: funkwhale
- name: Migrate database - name: Migrate database
django_manage: django_manage:
command: migrate command: migrate
app_path: "{{ funkwhale_root_dir }}/api" app_path: "{{ funkwhale_root_dir }}/api"
virtualenv: "{{ funkwhale_root_dir }}/venv" virtualenv: "{{ funkwhale_root_dir }}/venv"
environment:
- FUNKWHALE_URL: "{{ funkwhale_public_url }}"
when: funkwhale_install_mode != 'none' when: funkwhale_install_mode != 'none'
notify: restart funkwhale notify: restart funkwhale
tags: funkwhale tags: funkwhale

@ -31,3 +31,4 @@ FUNKWHALE_FRONTEND_PATH={{ funkwhale_root_dir }}/front/dist
NGINX_MAX_BODY_SIZE=100M NGINX_MAX_BODY_SIZE=100M
MUSIC_USE_DENORMALIZATION=True MUSIC_USE_DENORMALIZATION=True
FUNKWHALE_SPA_HTML_ROOT={{ funkwhale_root_dir }}/front/dist/ FUNKWHALE_SPA_HTML_ROOT={{ funkwhale_root_dir }}/front/dist/
FUNKWHALE_URL={{ funkwhale_public_url }}

@ -69,7 +69,9 @@
Require all granted Require all granted
</Directory> </Directory>
{% if funkwhale_xsendfile.stat.exists %}
LoadModule xsendfile_module modules/mod_xsendfile.so LoadModule xsendfile_module modules/mod_xsendfile.so
{% endif %}
<IfModule mod_xsendfile.c> <IfModule mod_xsendfile.c>
XSendFile On XSendFile On
XSendFilePath {{ funkwhale_root_dir }}/data/media XSendFilePath {{ funkwhale_root_dir }}/data/media

@ -2,7 +2,7 @@
PGPASSWORD='{{ funkwhale_db_pass }}' /usr/pgsql-13/bin/pg_dump \ PGPASSWORD='{{ funkwhale_db_pass }}' /usr/pgsql-13/bin/pg_dump \
--clean \ --clean \
--username={{ funkwhale_db_user }} \ --username={{ funkwhale_db_user | quote }} \
--host={{ funkwhale_db_server }} \ --host={{ funkwhale_db_server | quote }} \
{{ funkwhale_db_name }} | \ {{ funkwhale_db_name | quote }} | \
zstd -c > {{ funkwhale_root_dir }}/backup/{{ funkwhale_db_name }}.sql.zst zstd -c > {{ funkwhale_root_dir }}/backup/{{ funkwhale_db_name | quote }}.sql.zst

@ -0,0 +1,17 @@
---
funkwhale_packages:
- gcc
- git
- postgresql13
- postgresql-devel
- openldap-devel
- cyrus-sasl-devel
- libjpeg-turbo-devel
- python-psycopg2
- python-setuptools
- python3-virtualenv
- python3-pip
- ffmpeg
- mod_xsendfile

@ -0,0 +1,16 @@
---
funkwhale_packages:
- gcc
- git
- postgresql13
- postgresql-devel
- openldap-devel
- cyrus-sasl-devel
- libjpeg-turbo-devel
- python3-psycopg2
- python3-setuptools
- python3-virtualenv
- python3-pip
- ffmpeg
#- mod_xsendfile

@ -1,3 +1,6 @@
--- ---
dependencies: dependencies:
- role: repo_scl - role: repo_scl
when:
- ansible_os_family == 'RedHat'
- ansible_distribution_major_version is version('8', '<')

@ -0,0 +1,8 @@
---
- name: Remove tmp and obsolete files
file: path={{ item }} state=absent
loop:
- /etc/profile.d/git.sh
- "{{ gitea_root_dir }}/db_dumps"
tags: gitea

@ -8,6 +8,7 @@
- INTERNAL_TOKEN - INTERNAL_TOKEN
- LFS_JWT_SECRET - LFS_JWT_SECRET
- SECRET_KEY - SECRET_KEY
- JWT_SECRET
tags: gitea tags: gitea
- name: Read random tokens - name: Read random tokens
@ -16,14 +17,11 @@
- INTERNAL_TOKEN - INTERNAL_TOKEN
- LFS_JWT_SECRET - LFS_JWT_SECRET
- SECRET_KEY - SECRET_KEY
- JWT_SECRET
changed_when: False changed_when: False
register: gitea_tokens register: gitea_tokens
tags: gitea tags: gitea
- name: Set sclo-git212 as default git command
template: src=git.sh.j2 dest=/etc/profile.d/git.sh mode=755
tags: gitea
- name: Deploy gitea configuration - name: Deploy gitea configuration
template: src=app.ini.j2 dest={{ gitea_root_dir }}/etc/app.ini owner=root group=gitea mode=0660 template: src=app.ini.j2 dest={{ gitea_root_dir }}/etc/app.ini owner=root group=gitea mode=0660
notify: restart gitea notify: restart gitea

@ -21,7 +21,7 @@
owner: root owner: root
group: root group: root
mode: 700 mode: 700
- dir: db_dumps - dir: backup
owner: root owner: root
group: root group: root
mode: 700 mode: 700

@ -1,4 +1,12 @@
--- ---
- include_vars: "{{ item }}"
with_first_found:
- vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml
- vars/{{ ansible_distribution }}.yml
- vars/{{ ansible_os_family }}.yml
tags: gitea
- import_tasks: ../includes/webapps_set_install_mode.yml - import_tasks: ../includes/webapps_set_install_mode.yml
vars: vars:
- root_dir: "{{ gitea_root_dir }}" - root_dir: "{{ gitea_root_dir }}"

@ -1,9 +1,6 @@
--- ---
- name: Install packages - name: Install packages
yum: yum: name={{ gitea_packages }}
name:
- sclo-git212-git
- git-lfs
tags: gitea tags: gitea
- name: Download gitea binary - name: Download gitea binary

@ -13,4 +13,4 @@
- include: archive_post.yml - include: archive_post.yml
when: gitea_install_mode == 'upgrade' when: gitea_install_mode == 'upgrade'
- include: write_version.yml - include: write_version.yml
- include: cleanup.yml

@ -25,6 +25,9 @@ OFFLINE_MODE = true
STATIC_ROOT_PATH = {{ gitea_root_dir }} STATIC_ROOT_PATH = {{ gitea_root_dir }}
LANDING_PAGE = explore LANDING_PAGE = explore
[oauth2]
JWT_SECRET = {{ gitea_tokens.results | selectattr('item','equalto','JWT_SECRET') | map(attribute='stdout') | first | string }}
[ssh.minimum_key_sizes] [ssh.minimum_key_sizes]
DSA = -1 DSA = -1

@ -8,7 +8,7 @@ Type=simple
User=gitea User=gitea
Group=gitea Group=gitea
WorkingDirectory={{ gitea_root_dir }} WorkingDirectory={{ gitea_root_dir }}
ExecStart=/bin/scl enable sclo-git212 -- {{ gitea_root_dir}}/bin/gitea web -c /opt/gitea/etc/app.ini ExecStart={{ gitea_scl_cmd }}{{ gitea_root_dir }}/bin/gitea web -c /opt/gitea/etc/app.ini
Environment=USER=gitea HOME={{ gitea_root_dir }} GITEA_WORK_DIR={{ gitea_root_dir }} Environment=USER=gitea HOME={{ gitea_root_dir }} GITEA_WORK_DIR={{ gitea_root_dir }}
PrivateTmp=yes PrivateTmp=yes
PrivateDevices=yes PrivateDevices=yes

@ -1,3 +1,3 @@
#!/bin/bash -e #!/bin/bash -e
rm -f {{ gitea_root_dir }}/db_dumps/* rm -f {{ gitea_root_dir }}/backup/*

@ -1,8 +1,8 @@
#!/bin/bash -e #!/bin/bash -e
/usr/bin/mysqldump --user='{{ gitea_db_user }}' \ /usr/bin/mysqldump --user={{ gitea_db_user | quote }} \
--password='{{ gitea_db_pass }}' \ --password={{ gitea_db_pass | quote }} \
--host={{ gitea_db_server }} \ --host={{ gitea_db_server }} \
--quick --single-transaction \ --quick --single-transaction \
--add-drop-table {{ gitea_db_name }} | \ --add-drop-table {{ gitea_db_name }} | \
lz4 -c > {{ gitea_root_dir }}/db_dumps/{{ gitea_db_name }}.sql.lz4 zstd -c > {{ gitea_root_dir }}/backup/{{ gitea_db_name }}.sql.zst

@ -0,0 +1,6 @@
---
gitea_packages:
- sclo-git212-git
- git-lfs
gitea_scl_cmd: '/bin/scl enable sclo-git212 -- '

@ -0,0 +1,6 @@
---
gitea_packages:
- git
- git-lfs
gitea_scl_cmd: ''

@ -15,8 +15,8 @@ matomo_db_name: matomo_{{ matomo_id }}
matomo_db_user: matomo_{{ matomo_id }} matomo_db_user: matomo_{{ matomo_id }}
# matomo_db_pass: # matomo_db_pass:
# Must be defined # Public matomo URL
# matomo_public_url: https://matomo.example.com matomo_public_url: https://matomo.{{ inventory_hostname }}
# If defined, restrict access to those hosts # If defined, restrict access to those hosts
# matomo_src_ip: # matomo_src_ip:

@ -19,3 +19,11 @@
file: path={{ matomo_root_dir }}/tmp/{{ item }}-{{ matomo_plugins[item].version }}.zip state=absent file: path={{ matomo_root_dir }}/tmp/{{ item }}-{{ matomo_plugins[item].version }}.zip state=absent
with_items: "{{ matomo_plugins.keys() | list }}" with_items: "{{ matomo_plugins.keys() | list }}"
tags: matomo tags: matomo
- name: Remove obsolete files
file: path={{ item }} state=absent
loop:
- /etc/backup/pre.d/matomo_{{ matomo_id }}_pre-backup
- /etc/backup/post.d/matomo_{{ matomo_id }}_post-backup
- "{{ matomo_root_dir }}/db_dumps"
tags: matomo

@ -15,6 +15,6 @@
- path: "{{ matomo_root_dir }}/web" - path: "{{ matomo_root_dir }}/web"
- path: "{{ matomo_root_dir }}/meta" - path: "{{ matomo_root_dir }}/meta"
mode: 700 mode: 700
- path: "{{ matomo_root_dir }}/db_dumps" - path: "{{ matomo_root_dir }}/backup"
mode: 700 mode: 700
tags: matomo tags: matomo

@ -4,11 +4,10 @@
yum: yum:
name: name:
- unzip - unzip
- MySQL-python
- mariadb - mariadb
- acl - acl
- "{{ (matomo_php_version == '54') | ternary('php-pecl-geoip','php' + matomo_php_version | string + '-php-pecl-geoip') }}" - php{{ matomo_php_version }}-php-pecl-geoip
tags: [package,matomo] tags: matomo
- name: Download Matomo - name: Download Matomo
get_url: get_url:
@ -36,11 +35,13 @@
when: when:
- matomo_install_mode == 'none' - matomo_install_mode == 'none'
- not matomo_core_plugins_list.stat.exists - not matomo_core_plugins_list.stat.exists
changed_when: False
tags: matomo tags: matomo
- name: Build a list of core plugins, which should never be removed - name: Build a list of core plugins, which should never be removed
shell: find {{ matomo_root_dir }}/tmp/matomo/plugins/ -mindepth 1 -maxdepth 1 -type d -exec basename "{}" \; > {{ matomo_root_dir }}/meta/core_plugins.txt shell: find {{ matomo_root_dir }}/tmp/matomo/plugins/ -mindepth 1 -maxdepth 1 -type d -exec basename "{}" \; > {{ matomo_root_dir }}/meta/core_plugins.txt
when: matomo_install_mode != "none" when: matomo_install_mode != "none"
changed_when: False
tags: matomo tags: matomo
- name: Remove known non core plugins from the list - name: Remove known non core plugins from the list
@ -58,6 +59,7 @@
shell: find {{ matomo_root_dir }}/archives/{{ matomo_current_version }}/web/plugins/ -mindepth 1 -maxdepth 1 -type d -exec basename "{}" \; shell: find {{ matomo_root_dir }}/archives/{{ matomo_current_version }}/web/plugins/ -mindepth 1 -maxdepth 1 -type d -exec basename "{}" \;
register: matomo_previous_plugins register: matomo_previous_plugins
when: matomo_install_mode == "upgrade" when: matomo_install_mode == "upgrade"
changed_when: False
tags: matomo tags: matomo
- name: Move matomo to the web directory - name: Move matomo to the web directory
@ -157,12 +159,10 @@
tags: matomo tags: matomo
- name: Deploy backup scripts - name: Deploy backup scripts
template: src={{ item.script }}.j2 dest=/etc/backup/{{ item.type }}.d/matomo_{{ matomo_id }}_{{ item.script }} mode=750 template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/matomo_{{ matomo_id }} mode=750
with_items: loop:
- script: pre-backup - pre
type: pre - post
- script: post-backup
type: post
tags: matomo tags: matomo
- name: Setup cron task - name: Setup cron task

@ -1,8 +1,8 @@
--- ---
- include: facts.yml
- include: user.yml - include: user.yml
- include: directories.yml - include: directories.yml
- include: facts.yml
- include: archive_pre.yml - include: archive_pre.yml
when: matomo_install_mode == 'upgrade' when: matomo_install_mode == 'upgrade'
- include: install.yml - include: install.yml

@ -1,3 +1,3 @@
#!/bin/sh #!/bin/sh
rm -f {{ matomo_root_dir }}/db_dump/* rm -f {{ matomo_root_dir }}/backup/*

@ -1,7 +1,7 @@
#!/bin/sh #!/bin/sh
/usr/bin/mysqldump --user={{ matomo_db_user }} \ /usr/bin/mysqldump --user={{ matomo_db_user | quote }} \
--password={{ matomo_db_pass }} \ --password={{ matomo_db_pass | quote }} \
--host={{ matomo_db_server }} \ --host={{ matomo_db_server | quote }} \
--quick --single-transaction \ --quick --single-transaction \
--add-drop-table {{ matomo_db_name }} | lz4 -c > {{ matomo_root_dir }}/db_dumps/{{ matomo_db_name }}.sql.lz4 --add-drop-table {{ matomo_db_name | quote }} | zstd -c > {{ matomo_root_dir }}/backup/{{ matomo_db_name }}.sql.zst

@ -1,25 +1,31 @@
--- ---
- include_vars: "{{ item }}"
with_first_found:
- vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml
- vars/{{ ansible_distribution }}.yml
- vars/{{ ansible_os_family }}.yml
tags: matrix
- when: synapse_pg_db_pass is not defined
block:
- import_tasks: ../includes/get_rand_pass.yml - import_tasks: ../includes/get_rand_pass.yml
vars: vars:
- pass_file: "{{ synapse_root_dir }}/meta/ansible_dbpass" - pass_file: "{{ synapse_root_dir }}/meta/ansible_dbpass"
when: synapse_pg_db_pass is not defined
tags: matrix
- set_fact: synapse_pg_db_pass={{ rand_pass }} - set_fact: synapse_pg_db_pass={{ rand_pass }}
when: synapse_pg_db_pass is not defined
tags: matrix tags: matrix
- block:
- import_tasks: ../includes/get_rand_pass.yml - import_tasks: ../includes/get_rand_pass.yml
vars: vars:
- pass_file: "{{ synapse_root_dir }}/meta/ansible_macaroon_key" - pass_file: "{{ synapse_root_dir }}/meta/ansible_macaroon_key"
tags: matrix
- set_fact: synapse_macaroon_key={{ rand_pass }} - set_fact: synapse_macaroon_key={{ rand_pass }}
tags: matrix tags: matrix
- block:
- import_tasks: ../includes/get_rand_pass.yml - import_tasks: ../includes/get_rand_pass.yml
vars: vars:
- pass_file: "{{ synapse_root_dir }}/meta/ansible_form_secret" - pass_file: "{{ synapse_root_dir }}/meta/ansible_form_secret"
tags: matrix
- set_fact: synapse_form_secret={{ rand_pass }} - set_fact: synapse_form_secret={{ rand_pass }}
tags: matrix tags: matrix

@ -1,32 +1,20 @@
--- ---
- name: Install system dependencies - name: Install system dependencies
yum: yum: name={{ synapse_packages }}
name: tags: matrix
- libtiff-devel
- libjpeg-devel - name: Check if pg_config is available
- libzip-devel stat: path=/bin/pg_config
- freetype-devel register: synapse_pg_config
- lcms2-devel tags: matrix
- libwebp-devel
- tcl-devel - name: Setup pg_config
- tk-devel alternatives:
- libffi-devel name: psql-pg_config
- openssl-devel link: /bin/pg_config
- libxslt-devel path: /usr/pgsql-13/bin/pg_config
- gcc when: not synapse_pg_config.stat.exists
- gcc-c++
- libtool
- autoconf
- automake
- postgresql13
- postgresql-devel
- libpqxx-devel
- jemalloc
- python3-virtualenv
- python3-pip
- python-psycopg2
- python-setuptools
tags: matrix tags: matrix
- name: Wipe pip cache - name: Wipe pip cache
@ -51,6 +39,7 @@
- mock - mock
- six - six
- authlib - authlib
- twisted
notify: restart synapse notify: restart synapse
tags: matrix tags: matrix
@ -112,3 +101,7 @@
- post - post
tags: matrix tags: matrix
- name: Reset SELinux contexts
command: restorecon -R {{ synapse_root_dir }}
when: ansible_selinux.status == 'enabled'
tags: matrix

@ -5,7 +5,7 @@ Description=Synapse Matrix homeserver
Type=simple Type=simple
User={{ synapse_user }} User={{ synapse_user }}
Group={{ synapse_user }} Group={{ synapse_user }}
Environment=LD_PRELOAD=/usr/lib64/libjemalloc.so.1 Environment=LD_PRELOAD={{ synapse_jemalloc }}
{% if system_proxy is defined and system_proxy != '' %} {% if system_proxy is defined and system_proxy != '' %}
{% for env in ['http_proxy', 'https_proxy', 'HTTP_PROXY', 'HTTPS_PROXY'] %} {% for env in ['http_proxy', 'https_proxy', 'HTTP_PROXY', 'HTTPS_PROXY'] %}
Environment={{ env }}={{ system_proxy | urlsplit('hostname') }}:{{ system_proxy | urlsplit('port') }} Environment={{ env }}={{ system_proxy | urlsplit('hostname') }}:{{ system_proxy | urlsplit('port') }}

@ -0,0 +1,29 @@
---
synapse_packages:
- libtiff-devel
- libjpeg-devel
- libzip-devel
- freetype-devel
- lcms2-devel
- libwebp-devel
- tcl-devel
- tk-devel
- libffi-devel
- openssl-devel
- libxslt-devel
- gcc
- gcc-c++
- libtool
- autoconf
- automake
- postgresql13
- postgresql-devel
- libpqxx-devel
- jemalloc
- python3-virtualenv
- python3-pip
- python-psycopg2
- python-setuptools
synapse_jemalloc: /usr/lib64/libjemalloc.so.1

@ -0,0 +1,28 @@
---
synapse_packages:
- libtiff-devel
- libjpeg-devel
- libzip-devel
- freetype-devel
- lcms2-devel
- libwebp-devel
- tcl-devel
- tk-devel
- libffi-devel
- openssl-devel
- libxslt-devel
- gcc
- gcc-c++
- libtool
- autoconf
- automake
- postgresql13
- postgresql-devel
- jemalloc
- python3-virtualenv
- python3-pip
- python3-psycopg2
- python3-setuptools
synapse_jemalloc: /usr/lib64/libjemalloc.so.2

@ -1,4 +1,5 @@
--- ---
dependencies: dependencies:
- role: mkdir
- role: repo_mongodb - role: repo_mongodb

@ -1,5 +1,12 @@
--- ---
- include_vars: "{{ item }}"
with_first_found:
- vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml
- vars/{{ ansible_distribution }}.yml
- vars/{{ ansible_os_family }}.yml
tags: mongo
- name: Remove versions from the base repo - name: Remove versions from the base repo
yum: yum:
name: name:
@ -9,18 +16,14 @@
tags: mongo tags: mongo
- name: Install MongoDB server and tools - name: Install MongoDB server and tools
yum: yum: name={{ mongo_packages }}
name:
- mongodb-org-server
- mongodb-org
- python-pymongo
tags: mongo tags: mongo
- name: Create data dir - name: Create data dir
file: path={{ mongo_db_path }} state=directory file: path={{ mongo_db_path }} state=directory
tags: mongo tags: mongo
# DO it in two times so parent dir don't have restrictive permissions # Do it in two times so parent dir don't have restrictive permissions
- name: Set permissions on data dir - name: Set permissions on data dir
file: path={{ mongo_db_path }} state=directory owner=mongod group=mongod mode=700 file: path={{ mongo_db_path }} state=directory owner=mongod group=mongod mode=700
tags: mongo tags: mongo
@ -39,13 +42,6 @@
changed_when: False changed_when: False
tags: mongo tags: mongo
- name: Create pre and post backup hook dir
file: path=/etc/backup/{{ item }}.d state=directory
loop:
- pre
- post
tags: mongo
- name: Deploy pre/post backup scripts - name: Deploy pre/post backup scripts
template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/mongo mode=750 template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/mongo mode=750
loop: loop:
@ -68,7 +64,6 @@
[Service] [Service]
Type=simple Type=simple
PrivateTmp=yes PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full ProtectSystem=full
ProtectHome=yes ProtectHome=yes
NoNewPrivileges=yes NoNewPrivileges=yes

@ -0,0 +1,6 @@
---
mongo_packages:
- mongodb-org-server
- mongodb-org
- python-pymongo

@ -0,0 +1,6 @@
---
mongo_packages:
- mongodb-org-server
- mongodb-org
- python3-pymongo
Loading…
Cancel
Save